1*e4a36f41SAndroid Build Coastguard Workertypeattribute vold coredomain; 2*e4a36f41SAndroid Build Coastguard Worker 3*e4a36f41SAndroid Build Coastguard Workerinit_daemon_domain(vold) 4*e4a36f41SAndroid Build Coastguard Worker 5*e4a36f41SAndroid Build Coastguard Worker# Switch to more restrictive domains when executing common tools 6*e4a36f41SAndroid Build Coastguard Workerdomain_auto_trans(vold, sgdisk_exec, sgdisk); 7*e4a36f41SAndroid Build Coastguard Workerdomain_auto_trans(vold, sdcardd_exec, sdcardd); 8*e4a36f41SAndroid Build Coastguard Worker 9*e4a36f41SAndroid Build Coastguard Worker# For a handful of probing tools, we choose an even more restrictive 10*e4a36f41SAndroid Build Coastguard Worker# domain when working with untrusted block devices 11*e4a36f41SAndroid Build Coastguard Workerdomain_trans(vold, blkid_exec, blkid); 12*e4a36f41SAndroid Build Coastguard Workerdomain_trans(vold, blkid_exec, blkid_untrusted); 13*e4a36f41SAndroid Build Coastguard Workerdomain_trans(vold, fsck_exec, fsck); 14*e4a36f41SAndroid Build Coastguard Workerdomain_trans(vold, fsck_exec, fsck_untrusted); 15*e4a36f41SAndroid Build Coastguard Worker 16*e4a36f41SAndroid Build Coastguard Worker# Newly created storage dirs are always treated as mount stubs to prevent us 17*e4a36f41SAndroid Build Coastguard Worker# from accidentally writing when the mount point isn't present. 18*e4a36f41SAndroid Build Coastguard Workertype_transition vold storage_file:dir storage_stub_file; 19*e4a36f41SAndroid Build Coastguard Workertype_transition vold mnt_media_rw_file:dir mnt_media_rw_stub_file; 20