platform_system_sepolicy/microdroid/system/private/file.te

allow fs_type self:filesystem associate;
allow cgroup tmpfs:filesystem associate;
allow cgroup_v2 tmpfs:filesystem associate;
allow cgroup_rc_file tmpfs:filesystem associate;
allow debugfs_type { debugfs debugfs_tracing debugfs_tracing_debug }:filesystem associate;
allow dev_type tmpfs:filesystem associate;
allow encryptedstore_file encryptedstore_fs:filesystem associate;
allow extra_apk_file zipfusefs:filesystem associate;
allow file_type labeledfs:filesystem associate;
allow file_type tmpfs:filesystem associate;
allow file_type rootfs:filesystem associate;
allow proc_net proc:filesystem associate;
allow sysfs_type sysfs:filesystem associate;
allow system_data_file tmpfs:filesystem associate;

type authfs_fuse, fs_type, contextmount_type;

# /dev/selinux/test - used to verify that apex sepolicy is loaded and
# property labeled.
type sepolicy_test_file, file_type;

# /system/bin/mke2fs - used to format encryptedstore block device
type e2fs_exec, system_file_type, exec_type, file_type;

type encryptedstore_file, file_type;
type encryptedstore_fs, fs_type, contextmount_type;

# Filesystem entry for for PRNG seeder socket.
type prng_seeder_socket, file_type, coredomain_socket;