1# vdc is a helper program for making Binder calls to vold. It is spawned from 2# init for various reasons, such as initializing file-based encryption and 3# metadata encryption, and managing userdata checkpointing. 4# 5# We also transition into this domain from dumpstate, when 6# collecting bug reports. 7 8type vdc, domain; 9type vdc_exec, system_file_type, exec_type, file_type; 10 11# vdc can be invoked with logwrapper, so let it write to pty 12allow vdc devpts:chr_file rw_file_perms; 13 14# vdc writes directly to kmsg during the boot process 15allow vdc kmsg_device:chr_file { getattr w_file_perms }; 16 17# vdc talks to vold over Binder 18binder_use(vdc) 19binder_call(vdc, vold) 20allow vdc vold_service:service_manager find; 21