1# Creating files on sysfs is impossible so this isn't a threat 2# Sometimes we have to write to non-existent files to avoid conditional 3# init behavior. See b/35303861 for an example. 4dontaudit vendor_init sysfs:dir write; 5 6# TODO(b/140259336) We want to remove vendor_init in the long term but allow for now 7allow vendor_init system_data_root_file:dir rw_dir_perms; 8 9# Let vendor_init set service.adb.tcp.port. 10set_prop(vendor_init, adbd_config_prop) 11 12# Let vendor_init react to AVF device config changes 13get_prop(vendor_init, device_config_virtualization_framework_native_prop) 14 15# Let vendor_init use apex.<name>.ready to start services from vendor APEX 16get_prop(vendor_init, apex_ready_prop) 17 18# chown/chmod on devices, e.g. /dev/ttyHS0 19allow vendor_init { 20 dev_type 21 -keychord_device 22 -vm_manager_device_type 23 -port_device 24 -lowpan_device 25 -hw_random_device 26}:chr_file setattr; 27