# aconfigd -- manager for aconfig flags
type aconfigd, domain, coredomain, mlstrustedsubject;
type aconfigd_exec, exec_type, file_type, system_file_type;

init_daemon_domain(aconfigd)

allow aconfigd metadata_file:dir search;

allow aconfigd {
    aconfig_storage_metadata_file
    aconfig_storage_flags_metadata_file
}:dir create_dir_perms;

allow aconfigd {
    aconfig_storage_metadata_file
    aconfig_storage_flags_metadata_file
}:file create_file_perms;

# allow aconfigd to access shell_data_file for atest
userdebug_or_eng(`
    allow aconfigd shell_data_file:dir search;
    allow aconfigd shell_data_file:file { getattr read open map };
')

# allow aconfigd to log to the kernel dmesg via a file descriptor
# passed from init to aconfigd
allow aconfigd kmsg_device:chr_file write;

# allow aconfigd to read vendor partition storage files
allow aconfigd vendor_aconfig_storage_file:file r_file_perms;
allow aconfigd vendor_aconfig_storage_file:dir r_dir_perms;

# allow aconfigd to read /apex dir
allow aconfigd apex_mnt_dir:dir r_dir_perms;
allow aconfigd apex_mnt_dir:file r_file_perms;

###
### Neverallow assertions
###

# only init is allowed to enter the aconfigd domain
neverallow { domain -init } aconfigd:process transition;
neverallow * aconfigd:process dyntransition;