1 # installer daemon 2 type installd, domain; 3 type installd_exec, exec_type, file_type; 4 5 init_daemon_domain(installd) 6 relabelto_domain(installd) 7 typeattribute installd mlstrustedsubject; 8 allow installd self:capability { chown dac_override fowner fsetid setgid setuid }; 9 allow installd system_data_file:file create_file_perms; 10 allow installd system_data_file:lnk_file create; 11 allow installd dalvikcache_data_file:file create_file_perms; 12 allow installd data_file_type:dir create_dir_perms; 13 allow installd data_file_type:dir { relabelfrom relabelto }; 14 allow installd data_file_type:{ file_class_set } { getattr unlink }; 15 allow installd apk_data_file:file r_file_perms; 16 allow installd apk_tmp_file:file r_file_perms; 17 allow installd system_file:file x_file_perms; 18 allow installd cgroup:dir create_dir_perms; 19 allow installd download_file:dir { r_dir_perms write remove_name }; 20 allow installd download_file:file { r_file_perms unlink }; 21 dontaudit installd self:capability sys_admin; 22 # Check validity of SELinux context before use. 23 selinux_check_context(installd) 24 # Read /seapp_contexts and /data/security/seapp_contexts 25 security_access_policy(installd) 26 # ASEC 27 allow installd platform_app_data_file:lnk_file { create setattr }; 28 allow installd app_data_file:lnk_file { create setattr }; 29 allow installd asec_apk_file:file r_file_perms; 30 allow installd bluetooth_data_file:lnk_file { create setattr }; 31 allow installd nfc_data_file:lnk_file { create setattr }; 32 allow installd radio_data_file:lnk_file { create setattr }; 33 allow installd shell_data_file:lnk_file { create setattr }; 34
