summaryrefslogtreecommitdiff
path: root/prebuilts/api/32.0/private/preloads_copy.te
diff options
context:
space:
mode:
Diffstat (limited to 'prebuilts/api/32.0/private/preloads_copy.te')
-rw-r--r--prebuilts/api/32.0/private/preloads_copy.te18
1 files changed, 18 insertions, 0 deletions
diff --git a/prebuilts/api/32.0/private/preloads_copy.te b/prebuilts/api/32.0/private/preloads_copy.te
new file mode 100644
index 000000000..ba54b70ac
--- /dev/null
+++ b/prebuilts/api/32.0/private/preloads_copy.te
@@ -0,0 +1,18 @@
+type preloads_copy, domain, coredomain;
+type preloads_copy_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(preloads_copy)
+
+allow preloads_copy shell_exec:file rx_file_perms;
+allow preloads_copy toolbox_exec:file rx_file_perms;
+allow preloads_copy preloads_data_file:dir create_dir_perms;
+allow preloads_copy preloads_data_file:file create_file_perms;
+allow preloads_copy preloads_media_file:dir create_dir_perms;
+allow preloads_copy preloads_media_file:file create_file_perms;
+
+# Allow to copy from /postinstall
+allow preloads_copy system_file:dir r_dir_perms;
+
+# Silence the denial when /postinstall cannot be mounted, e.g., system_other
+# is wiped, but preloads_copy.sh still runs.
+dontaudit preloads_copy postinstall_mnt_dir:dir search;
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 05:13:54 +0000