private/logd.te - LeafOS-Project/android_system_sepolicy - Gitiles

 # type_transition must be private policy the domain_trans rules could stay
 # public, but conceptually should go with this
 init_daemon_domain(logd)

 # logd is not allowed to write anywhere other than /data/misc/logd, and then
 # only on userdebug or eng builds
 # TODO: deal with tmpfs_domain pub/priv split properly
 neverallow logd { file_type -logd_tmpfs userdebug_or_eng(` -misc_logd_file -coredump_file ') }:file { create write append };
	# type_transition must be private policy the domain_trans rules could stay
	# public, but conceptually should go with this
	init_daemon_domain(logd)

	# logd is not allowed to write anywhere other than /data/misc/logd, and then
	# only on userdebug or eng builds
	# TODO: deal with tmpfs_domain pub/priv split properly
	neverallow logd { file_type -logd_tmpfs userdebug_or_eng(` -misc_logd_file -coredump_file ') }:file { create write append };