1*e4a36f41SAndroid Build Coastguard Worker# cppreopts 2*e4a36f41SAndroid Build Coastguard Worker# 3*e4a36f41SAndroid Build Coastguard Worker# This command copies preopted files from the system_b partition to the data 4*e4a36f41SAndroid Build Coastguard Worker# partition. This domain ensures that we are only copying into specific 5*e4a36f41SAndroid Build Coastguard Worker# directories. 6*e4a36f41SAndroid Build Coastguard Worker 7*e4a36f41SAndroid Build Coastguard Workertype cppreopts, domain, mlstrustedsubject, coredomain; 8*e4a36f41SAndroid Build Coastguard Workertype cppreopts_exec, system_file_type, exec_type, file_type; 9*e4a36f41SAndroid Build Coastguard Worker 10*e4a36f41SAndroid Build Coastguard Worker# Technically not a daemon but we do want the transition from init domain to 11*e4a36f41SAndroid Build Coastguard Worker# cppreopts to occur. 12*e4a36f41SAndroid Build Coastguard Workerinit_daemon_domain(cppreopts) 13*e4a36f41SAndroid Build Coastguard Workerdomain_auto_trans(cppreopts, preopt2cachename_exec, preopt2cachename); 14*e4a36f41SAndroid Build Coastguard Worker 15*e4a36f41SAndroid Build Coastguard Worker# Allow cppreopts copy files into the dalvik-cache 16*e4a36f41SAndroid Build Coastguard Workerallow cppreopts dalvikcache_data_file:dir { add_name remove_name search write }; 17*e4a36f41SAndroid Build Coastguard Workerallow cppreopts dalvikcache_data_file:file { create getattr open read rename write unlink }; 18*e4a36f41SAndroid Build Coastguard Worker 19*e4a36f41SAndroid Build Coastguard Worker# Allow cppreopts to execute itself using #!/system/bin/sh 20*e4a36f41SAndroid Build Coastguard Workerallow cppreopts shell_exec:file rx_file_perms; 21*e4a36f41SAndroid Build Coastguard Worker 22*e4a36f41SAndroid Build Coastguard Worker# Allow us to run find on /postinstall 23*e4a36f41SAndroid Build Coastguard Workerallow cppreopts system_file:dir { open read }; 24*e4a36f41SAndroid Build Coastguard Worker 25*e4a36f41SAndroid Build Coastguard Worker# Allow running the cp command using cppreopts permissions. Needed so we can 26*e4a36f41SAndroid Build Coastguard Worker# write into dalvik-cache 27*e4a36f41SAndroid Build Coastguard Workerallow cppreopts toolbox_exec:file rx_file_perms; 28*e4a36f41SAndroid Build Coastguard Worker 29*e4a36f41SAndroid Build Coastguard Worker# Silence the denial when /postinstall cannot be mounted, e.g., system_other 30*e4a36f41SAndroid Build Coastguard Worker# is wiped, but cppreopts.sh still runs. 31*e4a36f41SAndroid Build Coastguard Workerdontaudit cppreopts postinstall_mnt_dir:dir search; 32