1typeattribute postinstall coredomain; 2type postinstall_exec, system_file_type, exec_type, file_type; 3domain_auto_trans(postinstall, otapreopt_chroot_exec, otapreopt_chroot) 4 5allow postinstall rootfs:dir r_dir_perms; 6 7# Allow invoking `pm` shell commands. 8allow postinstall package_service:service_manager find; 9 10# Allow postinstall to write to its stdout/stderr when redirected via pipes to 11# update_engine. 12allow postinstall update_engine_common:fd use; 13allow postinstall update_engine_common:fifo_file rw_file_perms; 14 15# Allow postinstall to read and execute directories and files in the same 16# mounted location. 17allow postinstall postinstall_file:file rx_file_perms; 18allow postinstall postinstall_file:lnk_file r_file_perms; 19allow postinstall postinstall_file:dir r_dir_perms; 20 21# Allow postinstall to execute the shell or other system executables. 22allow postinstall shell_exec:file rx_file_perms; 23allow postinstall system_file:file rx_file_perms; 24allow postinstall toolbox_exec:file rx_file_perms; 25 26# Allow postinstall to execute shell in recovery. 27recovery_only(` 28 allow postinstall rootfs:file rx_file_perms; 29') 30 31# 32# For OTA dexopt. 33# 34 35# Allow postinstall scripts to talk to the system server. 36binder_use(postinstall) 37binder_call(postinstall, system_server) 38 39# Need to talk to the otadexopt service. 40allow postinstall otadexopt_service:service_manager find; 41 42# Allow postinstall scripts to trigger f2fs garbage collection 43allow postinstall sysfs_fs_f2fs:file rw_file_perms; 44allow postinstall sysfs_fs_f2fs:dir r_dir_perms; 45 46### 47### Neverallow rules 48### 49 50# No domain other than update_engine and recovery (via update_engine_sideload) 51# should transition to postinstall, as it is only meant to run during the 52# update. 53neverallow { domain -update_engine -recovery } postinstall:process { transition dyntransition }; 54