type userfaultfdSimple, domain;

type userfaultfdSimple_exec, vendor_file_type, exec_type, file_type;

type uffd_t;
type_transition userfaultfdSimple userfaultfdSimple : anon_inode uffd_t "[userfaultfd]";
allow userfaultfdSimple uffd_t:anon_inode { create ioctl read };

# Uncomment one of the allowx lines below to test ioctl whitelisting.
# None
allowxperm userfaultfdSimple uffd_t:anon_inode ioctl 0x0;
# UFFDIO_API
#allowxperm userfaultfdSimple uffd_t:anon_inode ioctl 0xaa3f;

dontaudit userfaultfdSimple adbd:fd use;
dontaudit userfaultfdSimple adbd:unix_stream_socket { read write };
dontaudit userfaultfdSimple devpts:chr_file { getattr ioctl read write };
dontaudit userfaultfdSimple shell:fd use;

domain_auto_trans(shell, userfaultfdSimple_exec, userfaultfdSimple);