blob: 8571ff650ab646967301d31eabe2bad42cbbc500 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
|
# type_transition must be private policy the domain_trans rules could stay
# public, but conceptually should go with this
# The postinstall program is run by update_engine_common and must be tagged
# with postinstall_exec in the new filesystem.
# TODO Have build system attempt to verify this
domain_auto_trans(update_engine_common, postinstall_exec, postinstall)
# Vendor directories can have the transition as well during OTA. This is caused
# by update_engine execing scripts in vendor to perform any update tasks needed
# there.
domain_auto_trans(update_engine_common, postinstall_file, postinstall)
allow update_engine_common labeledfs:filesystem { mount unmount relabelfrom };
|
