1 type usbforward, domain; 2 type usbforward_exec, exec_type, vendor_file_type, file_type; 3 4 init_daemon_domain(usbforward) 5 6 # Virtual serial device I/O 7 allow usbforward virtual_serial_device:chr_file rw_file_perms; 8 9 # USB I/O 10 allow usbforward usb_device:dir r_dir_perms; 11 allow usbforward usb_device:chr_file rw_file_perms; 12 13 # Read /sys/devices/platform/dummy_hcd.0/usb1/1-1/speed. Although this file is labelled 14 # It is acceptable to give usbforward this wide access because usbforward is not a stock Android 15 # domain and it does not run Android apps. Thus, the laxer access restrictions of this domain 16 # do not impact how compatible the resulting Android emulator appears to system services and apps. 17 allow usbforward sysfs:file r_file_perms; 18 19 # Do not audit attempts to read /dev directory. This access does not appear to be necessary. 20 dontaudit usbforward device:dir r_dir_perms; 21 22 allow usbforward self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; 23