| type port-bridge, domain; |
| type port-bridge_exec, exec_type, file_type; |
| init_daemon_domain(port-bridge) |
| |
| userdebug_or_eng(` |
| domain_auto_trans(shell, port-bridge_exec, netmgrd) |
| domain_auto_trans(adbd, port-bridge_exec, netmgrd) |
| ') |
| |
| # Allow operations on different types of sockets |
| allow port-bridge port-bridge:netlink_kobject_uevent_socket { create bind read }; |
| |
| # Allow process capabilities |
| allow port-bridge port-bridge:capability dac_override; |
| |
| allow port-bridge { |
| # Allow operations on mhi transport |
| mhi_device |
| # Allow operations on gadget serial device |
| gadget_serial_device |
| # Allow operations on ATCoP g-link transport |
| at_device |
| }:chr_file rw_file_perms; |
| |
| # Allow write permissions for log file |
| allow port-bridge port_bridge_data_file:file create_file_perms; |
| allow port-bridge port_bridge_data_file:dir w_dir_perms; |