type sdcardd, domain; type sdcardd_exec, exec_type, file_type; init_daemon_domain(sdcardd) allow sdcardd cgroup:dir create_dir_perms; allow sdcardd fuse_device:chr_file rw_file_perms; allow sdcardd rootfs:dir mounton; allow sdcardd sdcard:filesystem mount; allow sdcardd self:capability { setuid setgid }; allow sdcardd system_data_file:dir create_dir_perms; allow sdcardd system_data_file:file create_file_perms;