1 type sdcardd, domain; 2 type sdcardd_exec, exec_type, file_type; 3 4 init_daemon_domain(sdcardd) 5 6 allow sdcardd cgroup:dir create_dir_perms; 7 allow sdcardd fuse_device:chr_file rw_file_perms; 8 allow sdcardd rootfs:dir mounton; 9 allow sdcardd sdcard_type:filesystem { mount unmount }; 10 allow sdcardd self:capability { setuid setgid dac_override sys_admin sys_resource }; 11 12 allow sdcardd sdcard_type:dir create_dir_perms; 13 allow sdcardd sdcard_type:file create_file_perms; 14 15 type_transition sdcardd system_data_file:{ dir file } media_rw_data_file; 16 allow sdcardd media_rw_data_file:dir create_dir_perms; 17 allow sdcardd media_rw_data_file:file create_file_perms; 18 19 # Read /data/system/packages.list. 20 allow sdcardd system_data_file:file r_file_perms; 21 22 # Read /data/.layout_version 23 allow sdcardd install_data_file:file r_file_perms; 24