1 # installer daemon 2 type installd, domain; 3 type installd_exec, exec_type, file_type; 4 5 init_daemon_domain(installd) 6 typeattribute installd mlstrustedsubject; 7 allow installd self:capability { chown dac_override fowner fsetid setgid setuid }; 8 allow installd system_data_file:file create_file_perms; 9 allow installd system_data_file:lnk_file create; 10 allow installd dalvikcache_data_file:file create_file_perms; 11 allow installd data_file_type:dir create_dir_perms; 12 allow installd data_file_type:dir { relabelfrom relabelto }; 13 allow installd data_file_type:file { getattr unlink }; 14 allow installd apk_data_file:file r_file_perms; 15 allow installd apk_tmp_file:file r_file_perms; 16 allow installd system_file:file x_file_perms; 17 allow installd cgroup:dir create_dir_perms; 18 dontaudit installd self:capability sys_admin; 19 # Check validity of SELinux context before use. 20 selinux_check_context(installd) 21 # Read /seapp_contexts, presently on the rootfs. 22 allow installd rootfs:file r_file_perms; 23
