installd.te revision 0c9708b2af4ea345277a47ae7bc1ce890e90d2bc
1# installer daemon 2type installd, domain; 3permissive installd; 4type installd_exec, exec_type, file_type; 5 6init_daemon_domain(installd) 7relabelto_domain(installd) 8typeattribute installd mlstrustedsubject; 9allow installd self:capability { chown dac_override fowner fsetid setgid setuid }; 10allow installd system_data_file:file create_file_perms; 11allow installd system_data_file:lnk_file create; 12allow installd dalvikcache_data_file:file create_file_perms; 13allow installd data_file_type:dir create_dir_perms; 14allow installd data_file_type:dir { relabelfrom relabelto }; 15allow installd data_file_type:{ file lnk_file } { getattr unlink }; 16allow installd apk_data_file:file r_file_perms; 17allow installd apk_tmp_file:file r_file_perms; 18allow installd system_file:file x_file_perms; 19allow installd cgroup:dir create_dir_perms; 20dontaudit installd self:capability sys_admin; 21# Check validity of SELinux context before use. 22selinux_check_context(installd) 23# Read /seapp_contexts and /data/security/seapp_contexts 24security_access_policy(installd) 25# ASEC 26allow installd platform_app_data_file:lnk_file { create setattr }; 27allow installd app_data_file:lnk_file { create setattr }; 28allow installd asec_apk_file:file r_file_perms; 29