shared/sepolicy/vsoc_guest_region_e2e_test.te - device/google/cuttlefish - Git at Google

 type vsoc_guest_region_e2e_test, domain;
 type vsoc_guest_region_e2e_test_exec, exec_type, vendor_file_type, file_type;

 init_daemon_domain(vsoc_guest_region_e2e_test)

 # Access region test devices
 allow vsoc_guest_region_e2e_test region_e2e_test_device:chr_file rw_file_perms;
 allow vsoc_guest_region_e2e_test vendor_data_file:file { create_file_perms };
 allow vsoc_guest_region_e2e_test vendor_data_file:dir { create_file_perms create_dir_perms };

 # gtest checks access() on /data/local/tmp. However, vendor processes are
 # neverallow'ed /data access outside of /data/vendor.
 dontaudit vsoc_guest_region_e2e_test self:capability dac_override;
	type vsoc_guest_region_e2e_test, domain;
	type vsoc_guest_region_e2e_test_exec, exec_type, vendor_file_type, file_type;

	init_daemon_domain(vsoc_guest_region_e2e_test)

	# Access region test devices
	allow vsoc_guest_region_e2e_test region_e2e_test_device:chr_file rw_file_perms;
	allow vsoc_guest_region_e2e_test vendor_data_file:file { create_file_perms };
	allow vsoc_guest_region_e2e_test vendor_data_file:dir { create_file_perms create_dir_perms };

	# gtest checks access() on /data/local/tmp. However, vendor processes are
	# neverallow'ed /data access outside of /data/vendor.
	dontaudit vsoc_guest_region_e2e_test self:capability dac_override;