platform_system_sepolicy/private/kernel.te
Andreas Gampe d6fdcefaa8 Sepolicy: Move otapreopt_chroot to private
Move complete domain to private/. Move referencing parts in domain
and kernel to private.

Bug: 128840749
Test: m
Change-Id: I5572c3b04e41141c8f4db62b1361e2b392a5e2da
2019-03-18 10:54:42 -07:00

8 lines
320 B
Text

typeattribute kernel coredomain;
domain_auto_trans(kernel, init_exec, init)
# Allow the kernel to read otapreopt_chroot's file descriptors and files under
# /postinstall, as it uses apexd logic to mount APEX packages in /postinstall/apex.
allow kernel otapreopt_chroot:fd use;
allow kernel postinstall_file:file read;