1typeattribute update_engine coredomain; 2 3init_daemon_domain(update_engine); 4 5# Allow to talk to gsid. 6allow update_engine gsi_service:service_manager find; 7binder_call(update_engine, gsid) 8 9# Allow to start gsid service. 10set_prop(update_engine, ctl_gsid_prop) 11 12# Allow to start snapuserd for dm-user communication. 13set_prop(update_engine, ctl_snapuserd_prop) 14 15# Allow to set the OTA related properties, e.g. ota.warm_reset. 16set_prop(update_engine, ota_prop) 17get_prop(update_engine, ota_build_prop) 18 19# Allow to get the DSU status 20get_prop(update_engine, gsid_prop) 21 22# Allow update_engine to call the callback function provided by GKI update hook. 23binder_call(update_engine, gki_apex_prepostinstall) 24 25# Allow update_engine to call the callback function by settings app 26# for the kernel update triggered using 16k developer option 27binder_call(update_engine, system_app) 28 29# Allow to communicate with the snapuserd service, for dm-user snapshots. 30allow update_engine snapuserd:unix_stream_socket connectto; 31allow update_engine snapuserd_socket:sock_file write; 32get_prop(update_engine, snapuserd_prop) 33 34# Allow to communicate with apexd for calculating and reserving space for 35# capex decompression 36allow update_engine apex_service:service_manager find; 37binder_call(update_engine, apexd) 38 39# let this domain use the hal service 40binder_use(update_engine) 41hal_client_domain(update_engine, hal_bootctl) 42