| # cppreopts |
| # |
| # This command copies preopted files from the system_b partition to the data |
| # partition. This domain ensures that we are only copying into specific |
| # directories. |
| |
| type cppreopts, domain, mlstrustedsubject, coredomain; |
| type cppreopts_exec, system_file_type, exec_type, file_type; |
| |
| # Technically not a daemon but we do want the transition from init domain to |
| # cppreopts to occur. |
| init_daemon_domain(cppreopts) |
| domain_auto_trans(cppreopts, preopt2cachename_exec, preopt2cachename); |
| |
| # Allow cppreopts copy files into the dalvik-cache |
| allow cppreopts dalvikcache_data_file:dir { add_name remove_name search write }; |
| allow cppreopts dalvikcache_data_file:file { create getattr open read rename write unlink }; |
| |
| # Allow cppreopts to execute itself using #!/system/bin/sh |
| allow cppreopts shell_exec:file rx_file_perms; |
| |
| # Allow us to run find on /postinstall |
| allow cppreopts system_file:dir { open read }; |
| |
| # Allow running the cp command using cppreopts permissions. Needed so we can |
| # write into dalvik-cache |
| allow cppreopts toolbox_exec:file rx_file_perms; |
| |
| # Silence the denial when /postinstall cannot be mounted, e.g., system_other |
| # is wiped, but cppreopts.sh still runs. |
| dontaudit cppreopts postinstall_mnt_dir:dir search; |