data/configs/lxc-waydroid

   1 #include <tunables/global>
   2
   3 profile lxc-waydroid flags=(mediate_deleted,attach_disconnected) {
   4   #include <abstractions/base>
   5   /** ix,
   6   /system/bin/app_process Pix -> lxc-waydroid//&android_app,
   7   /system/bin/app_process32 Pix -> lxc-waydroid//&android_app,
   8   /system/bin/app_process64 Pix -> lxc-waydroid//&android_app,
   9   /system/bin/adbd Pix -> lxc-waydroid//&adbd,
  10   /dev** rw,
  11   network,
  12   unix,
  13   owner /proc** rw,
  14   / r,
  15   /** r,
  16   /acct** rwkl,
  17   /acct rwkl,
  18   /storage** rwkl,
  19   /data** rwkl,
  20   /proc** rw,
  21   /sys** rw,
  22   /dev** rw,
  23   /tmp** rw,
  24   /var** rw,
  25   /run** rw,
  26   /mnt** rw,
  27   /apex** rw,
  28   /sbin** rw,
  29   /system** k,
  30   mount,
  31   umount,
  32
  33   capability sys_nice,
  34   capability wake_alarm,
  35   capability setpcap,
  36   capability setgid,
  37   capability setuid,
  38   capability sys_ptrace,
  39   capability sys_admin,
  40   capability wake_alarm,
  41   capability block_suspend,
  42   capability sys_time,
  43   capability net_admin,
  44   capability net_raw,
  45   capability net_bind_service,
  46   capability kill,
  47   capability dac_override,
  48   capability dac_read_search,
  49   capability fsetid,
  50   capability mknod,
  51   capability syslog,
  52   capability chown,
  53   capability sys_resource,
  54   capability fowner,
  55   capability sys_module,
  56   capability ipc_lock,
  57   capability sys_chroot,
  58
  59   ptrace (read,readby,trace,tracedby) peer=lxc-waydroid,
  60   ptrace (read,readby,trace,tracedby) peer=android_app//&lxc-waydroid,
  61   ptrace (read,readby,trace,tracedby) peer=adbd//&lxc-waydroid,
  62
  63   signal (send,receive) peer=lxc-waydroid,
  64   signal (send,receive) peer=android_app//&lxc-waydroid,
  65   signal (send) peer=adbd//&lxc-waydroid,
  66   signal (receive),
  67
  68 }
  69