# adbd seclabel is specified in init.rc since
# it lives in the rootfs and has no unique file type.
type adbd, domain;
unconfined_domain(adbd)
domain_auto_trans(adbd, shell_exec, shell)
# this is an entrypoint
allow adbd rootfs:file entrypoint;

# Read /data/misc/adb/adb_keys.
allow adbd adb_keys_file:dir search;
allow adbd adb_keys_file:file r_file_perms;

# Allow access in case /data/misc/adb still has the old type.
allow adbd system_data_file:dir search;
allow adbd system_data_file:file r_file_perms;

# ndk-gdb invokes adb forward to forward the gdbserver socket.
allow adbd app_data_file:dir search;
allow adbd app_data_file:sock_file write;
allow adbd appdomain:unix_stream_socket connectto;

# ndk-gdb invokes adb pull of app_process, linker, and libc.so.
allow adbd zygote_exec:file r_file_perms;
allow adbd system_file:file r_file_perms;