1# Creating files on sysfs is impossible so this isn't a threat 2# Sometimes we have to write to non-existent files to avoid conditional 3# init behavior. See b/35303861 for an example. 4dontaudit vendor_init sysfs:dir write; 5 6# TODO(b/140259336) We want to remove vendor_init in the long term but allow for now 7allow vendor_init system_data_root_file:dir rw_dir_perms; 8 9# Let vendor_init set service.adb.tcp.port. 10set_prop(vendor_init, adbd_config_prop) 11 12# Let vendor_init react to AVF device config changes 13get_prop(vendor_init, device_config_virtualization_framework_native_prop) 14 15# chown/chmod on devices, e.g. /dev/ttyHS0 16allow vendor_init { 17 dev_type 18 -keychord_device 19 -kvm_device 20 -port_device 21 -lowpan_device 22 -hw_random_device 23}:chr_file setattr; 24