1 type vendor_shell, domain; 2 type vendor_shell_exec, exec_type, vendor_file_type, file_type; 3 4 allow vendor_shell vendor_shell_exec:file rx_file_perms; 5 allow vendor_shell vendor_toolbox_exec:file rx_file_perms; 6 7 # Use fd from shell when vendor_shell is started from shell 8 allow vendor_shell shell:fd use; 9 10 # adbd: allow `adb shell /vendor/bin/sh` and `adb shell` then `/vendor/bin/sh` 11 allow vendor_shell adbd:fd use; 12 allow vendor_shell adbd:process sigchld; 13 allow vendor_shell adbd:unix_stream_socket { getattr ioctl read write }; 14 15 allow vendor_shell devpts:chr_file rw_file_perms; 16 allow vendor_shell tty_device:chr_file rw_file_perms; 17 allow vendor_shell console_device:chr_file rw_file_perms; 18 allow vendor_shell input_device:dir r_dir_perms; 19 allow vendor_shell input_device:chr_file rw_file_perms; 20
