type composd, domain, coredomain;
type composd_exec, system_file_type, exec_type, file_type;

# Host dynamic AIDL services
init_daemon_domain(composd)
binder_use(composd)
add_service(composd, compos_service)
add_service(composd, compos_internal_service)

# Call back into system server
binder_call(composd, system_server)

# Start a VM
virtualizationservice_use(composd)

# Allow preparing staging directory for odrefresh
allow composd apex_art_data_file:dir { create_dir_perms relabelfrom };
allow composd apex_art_staging_data_file:dir { create_dir_perms relabelto };

# Access our APEX data files
allow composd apex_module_data_file:dir search;
allow composd apex_compos_data_file:dir create_dir_perms;
allow composd apex_compos_data_file:file create_file_perms;

# TODO(b/209008712): Removed these when we run odrefresh in the VM
# Run odrefresh to refresh ART artifacts, and kill it if we need to
domain_auto_trans(composd, odrefresh_exec, odrefresh)
allow composd odrefresh:process sigkill;

# Run fd_server in its own domain, and send SIGTERM when finished.
domain_auto_trans(composd, fd_server_exec, compos_fd_server)
allow composd compos_fd_server:process signal;

# Read ART's properties
get_prop(composd, dalvik_config_prop)