basic/non_plat/fastbootd.te - LeafOS-Devices/android_device_mediatek_sepolicy - Gitiles

 # ==============================================
 # Common SEPolicy Rule
 # ==============================================
 # fastbootd (used in recovery init.rc for /sbin/fastbootd)

 allow fastbootd {
     bootdevice_block_device
     para_block_device
   }:blk_file rw_file_perms;

 allow fastbootd sysfs_boot_type:file rw_file_perms;

 allow fastbootd self:process setfscreate;
 allow fastbootd self:capability sys_rawio;

 allowxperm fastbootd bootdevice_block_device:blk_file ioctl {
   BLKSECDISCARD
   BLKDISCARD
   MMC_IOCTLCMD
 };
	# ==============================================
	# Common SEPolicy Rule
	# ==============================================
	# fastbootd (used in recovery init.rc for /sbin/fastbootd)

	allow fastbootd {
	bootdevice_block_device
	para_block_device
	}:blk_file rw_file_perms;

	allow fastbootd sysfs_boot_type:file rw_file_perms;

	allow fastbootd self:process setfscreate;
	allow fastbootd self:capability sys_rawio;

	allowxperm fastbootd bootdevice_block_device:blk_file ioctl {
	BLKSECDISCARD
	BLKDISCARD
	MMC_IOCTLCMD
	};