From bf8a37b8eb00568d677c789f3857681ef41e4a92 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Fri, 20 Jun 2014 18:11:11 -0700
Subject: [PATCH] Create vdc domain

The init.rc one-shot services "defaultcrypto" and "encrypt" call
out to the /system/bin/vdc command line to ask vold to perform
encryption operations. Create a new domain for these one-shot
services. Allow the vdc domain to talk to vold.

Change-Id: I73dc2ee4cc265bc16056b27307c254254940fd9f
---
 file_contexts |  1 +
 vdc.te        | 10 ++++++++++
 2 files changed, 11 insertions(+)
 create mode 100644 vdc.te

diff --git a/file_contexts b/file_contexts
index dd09c1f6f..85a1b04e0 100644
--- a/file_contexts
+++ b/file_contexts
@@ -158,6 +158,7 @@
 /system/bin/logd        u:object_r:logd_exec:s0
 /system/bin/uncrypt     u:object_r:uncrypt_exec:s0
 /system/bin/logwrapper  u:object_r:system_file:s0
+/system/bin/vdc         u:object_r:vdc_exec:s0
 #############################
 # Vendor files
 #
diff --git a/vdc.te b/vdc.te
new file mode 100644
index 000000000..a5ca2f29c
--- /dev/null
+++ b/vdc.te
@@ -0,0 +1,10 @@
+# vdc spawned from init for the following services:
+#  defaultcrypto
+#  encrypt
+
+type vdc, domain;
+type vdc_exec, exec_type, file_type;
+
+init_daemon_domain(vdc)
+
+unix_socket_connect(vdc, vold, vold)
-- 
GitLab