data/configs/adbd

   1 #include <tunables/global>
   2
   3 profile adbd flags=(attach_disconnected,mediate_deleted,complain) {
   4   #include <abstractions/base>
   5   /** ix,
   6   /dev** rw,
   7   network,
   8   unix,
   9   owner /proc** rw,
  10   / r,
  11   /** r,
  12   /storage** rwkl,
  13   /data** rwkl,
  14   /proc** rw,
  15   /sys** rw,
  16   /dev** rw,
  17   /tmp** rw,
  18   /var** rw,
  19   /run** rw,
  20   /mnt** rw,
  21   /apex** rw,
  22   mount,
  23   umount,
  24
  25   capability sys_nice,
  26   capability wake_alarm,
  27   capability setpcap,
  28   capability setgid,
  29   capability setuid,
  30   capability sys_ptrace,
  31   capability sys_admin,
  32   capability wake_alarm,
  33   capability block_suspend,
  34   capability sys_time,
  35   capability net_admin,
  36   capability net_raw,
  37   capability net_bind_service,
  38   capability kill,
  39   capability dac_override,
  40   capability dac_read_search,
  41   capability fsetid,
  42   capability mknod,
  43   capability syslog,
  44   capability chown,
  45   capability sys_resource,
  46   capability fowner,
  47
  48   ptrace (read,readby,trace,tracedby) peer=lxc-waydroid,
  49   ptrace (read,readby,trace,tracedby) peer=android_app//&lxc-waydroid,
  50   ptrace (read,readby,trace,tracedby) peer=adbd//&lxc-waydroid,
  51
  52   signal (send,receive) peer=lxc-waydroid,
  53   signal (send,receive) peer=android_app//&lxc-waydroid,
  54   signal (send) peer=adbd//&lxc-waydroid,
  55   signal (receive),
  56
  57 }
  58