1*e4a36f41SAndroid Build Coastguard Worker# GKI pre- & post-install hooks. 2*e4a36f41SAndroid Build Coastguard Worker# 3*e4a36f41SAndroid Build Coastguard Worker# Allow to run pre- and post-install hooks for GKI APEXes 4*e4a36f41SAndroid Build Coastguard Worker 5*e4a36f41SAndroid Build Coastguard Workertype gki_apex_prepostinstall, domain, coredomain; 6*e4a36f41SAndroid Build Coastguard Workertype gki_apex_prepostinstall_exec, system_file_type, exec_type, file_type; 7*e4a36f41SAndroid Build Coastguard Worker 8*e4a36f41SAndroid Build Coastguard Worker# Execute /system/bin/sh. 9*e4a36f41SAndroid Build Coastguard Workerallow gki_apex_prepostinstall shell_exec:file rx_file_perms; 10*e4a36f41SAndroid Build Coastguard Worker 11*e4a36f41SAndroid Build Coastguard Worker# Execute various toolsbox utilities. 12*e4a36f41SAndroid Build Coastguard Workerallow gki_apex_prepostinstall toolbox_exec:file rx_file_perms; 13*e4a36f41SAndroid Build Coastguard Worker 14*e4a36f41SAndroid Build Coastguard Worker# Allow preinstall.sh to execute update_engine_stable_client binary. 15*e4a36f41SAndroid Build Coastguard Workerallow gki_apex_prepostinstall gki_apex_prepostinstall_exec:file execute_no_trans; 16*e4a36f41SAndroid Build Coastguard Worker 17*e4a36f41SAndroid Build Coastguard Worker# Allow preinstall hook to communicate with update_engine to execute update. 18*e4a36f41SAndroid Build Coastguard Workerbinder_use(gki_apex_prepostinstall) 19*e4a36f41SAndroid Build Coastguard Workerallow gki_apex_prepostinstall update_engine_stable_service:service_manager find; 20*e4a36f41SAndroid Build Coastguard Workerbinder_call(gki_apex_prepostinstall, update_engine) 21*e4a36f41SAndroid Build Coastguard Worker 22*e4a36f41SAndroid Build Coastguard Worker# /dev/zero is inherited although it is not used. See b/126787589. 23*e4a36f41SAndroid Build Coastguard Workerallow gki_apex_prepostinstall apexd:fd use; 24