vendor/hal_bootctl_default.te - LeafOS-Project/android_system_sepolicy - Gitiles

 # Boot control subsystem
 type hal_bootctl_default, domain;
 hal_server_domain(hal_bootctl_default, hal_bootctl)

 type hal_bootctl_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_bootctl_default)

 # Needed for ReadDefaultFstab.
 allow hal_bootctl_default proc_cmdline:file r_file_perms;
 allow hal_bootctl_default sysfs_dt_firmware_android:dir search;
 allow hal_bootctl_default sysfs_dt_firmware_android:file r_file_perms;
 read_fstab(hal_bootctl_default)

 # Needed for reading/writing misc partition.
 allow hal_bootctl_default block_device:dir search;
 allow hal_bootctl_default misc_block_device:blk_file rw_file_perms;

 # Needed for writing to kernel log
 allow hal_bootctl_default kmsg_device:chr_file open;
 allow hal_bootctl_default kmsg_device:chr_file write;
	# Boot control subsystem
	type hal_bootctl_default, domain;
	hal_server_domain(hal_bootctl_default, hal_bootctl)

	type hal_bootctl_default_exec, exec_type, vendor_file_type, file_type;
	init_daemon_domain(hal_bootctl_default)

	# Needed for ReadDefaultFstab.
	allow hal_bootctl_default proc_cmdline:file r_file_perms;
	allow hal_bootctl_default sysfs_dt_firmware_android:dir search;
	allow hal_bootctl_default sysfs_dt_firmware_android:file r_file_perms;
	read_fstab(hal_bootctl_default)

	# Needed for reading/writing misc partition.
	allow hal_bootctl_default block_device:dir search;
	allow hal_bootctl_default misc_block_device:blk_file rw_file_perms;

	# Needed for writing to kernel log
	allow hal_bootctl_default kmsg_device:chr_file open;
	allow hal_bootctl_default kmsg_device:chr_file write;