emulator/usbpt/usbip-service/sepolicy/usbip_service.te - device/generic/car - Git at Google

 type usbip_service, domain;
 type sysfs_usbip, sysfs_type, fs_type;
 type usbip_service_exec, exec_type, system_file_type, file_type;

 net_domain(usbip_service);

 allow usbip_service netd:tcp_socket { read write };

 allow kernel su:tcp_socket { read write };
 allow kernel shell:tcp_socket { read write };

 allow init sysfs_usbip:file setattr;

 allow shell sysfs_usbip:dir { r_dir_perms };
 allow shell sysfs_usbip:file { rw_file_perms };
 allow shell usbip_service_exec:file { execute execute_no_trans getattr map open read };
	type usbip_service, domain;
	type sysfs_usbip, sysfs_type, fs_type;
	type usbip_service_exec, exec_type, system_file_type, file_type;

	net_domain(usbip_service);

	allow usbip_service netd:tcp_socket { read write };

	allow kernel su:tcp_socket { read write };
	allow kernel shell:tcp_socket { read write };

	allow init sysfs_usbip:file setattr;

	allow shell sysfs_usbip:dir { r_dir_perms };
	allow shell sysfs_usbip:file { rw_file_perms };
	allow shell usbip_service_exec:file { execute execute_no_trans getattr map open read };