| # TODO: deal with tmpfs_domain pub/priv split properly | |
| # Read system properties managed by zygote. | |
| allow appdomain zygote_tmpfs:file read; | |
| neverallow appdomain system_server:udp_socket { | |
| accept append bind create ioctl listen lock name_bind | |
| relabelfrom relabelto setattr shutdown }; |