basic/non_plat/postinstall.te - LeafOS-Devices/android_device_mediatek_sepolicy - Gitiles

 allow postinstall dm_device:chr_file rw_file_perms;
 allow postinstall preloader_block_device:blk_file rw_file_perms;
 allow postinstall postinstall_block_device:blk_file rw_file_perms;
 allow postinstall sysfs_devices_block:dir search;
 allowxperm postinstall preloader_block_device:blk_file ioctl  BLKROSET;
 allow postinstall block_device:dir search;
 allow postinstall self:capability sys_admin;
	allow postinstall dm_device:chr_file rw_file_perms;
	allow postinstall preloader_block_device:blk_file rw_file_perms;
	allow postinstall postinstall_block_device:blk_file rw_file_perms;
	allow postinstall sysfs_devices_block:dir search;
	allowxperm postinstall preloader_block_device:blk_file ioctl BLKROSET;
	allow postinstall block_device:dir search;
	allow postinstall self:capability sys_admin;