private/apexd_derive_classpath.te - LeafOS-Project/android_system_sepolicy - Gitiles

 # Exclusive domain for apexd calling into derive_classpath binary
 type apexd_derive_classpath, domain, coredomain;

 # Allow the binary to write into output file at location /apex/derive_classpath_temp
 allow apexd_derive_classpath apexd:fd use;
 allow apexd_derive_classpath apex_mnt_dir:file { write open };
 # Allow the binary to log using logwrap
 allow apexd_derive_classpath apexd_devpts:chr_file { read write };
	# Exclusive domain for apexd calling into derive_classpath binary
	type apexd_derive_classpath, domain, coredomain;

	# Allow the binary to write into output file at location /apex/derive_classpath_temp
	allow apexd_derive_classpath apexd:fd use;
	allow apexd_derive_classpath apex_mnt_dir:file { write open };
	# Allow the binary to log using logwrap
	allow apexd_derive_classpath apexd_devpts:chr_file { read write };