aosp12/system/sepolicy/private/preloads_copy.te

19 lines
758 B
Plaintext

type preloads_copy, domain, coredomain;
type preloads_copy_exec, system_file_type, exec_type, file_type;
init_daemon_domain(preloads_copy)
allow preloads_copy shell_exec:file rx_file_perms;
allow preloads_copy toolbox_exec:file rx_file_perms;
allow preloads_copy preloads_data_file:dir create_dir_perms;
allow preloads_copy preloads_data_file:file create_file_perms;
allow preloads_copy preloads_media_file:dir create_dir_perms;
allow preloads_copy preloads_media_file:file create_file_perms;
# Allow to copy from /postinstall
allow preloads_copy system_file:dir r_dir_perms;
# Silence the denial when /postinstall cannot be mounted, e.g., system_other
# is wiped, but preloads_copy.sh still runs.
dontaudit preloads_copy postinstall_mnt_dir:dir search;