platform_system_sepolicy/private/system_server_startup.te

type system_server_startup, domain, coredomain;

tmpfs_domain(system_server_startup)

# Create JIT memory
allow system_server_startup self:process execmem;
allow system_server_startup system_server_startup_tmpfs:file { execute read write open map };

# Allow system_server_startup to run setcon() and enter the
# system_server domain
allow system_server_startup self:process setcurrent;
allow system_server_startup system_server:process dyntransition;