1*e4a36f41SAndroid Build Coastguard Workertype preloads_copy, domain, coredomain; 2*e4a36f41SAndroid Build Coastguard Workertype preloads_copy_exec, system_file_type, exec_type, file_type; 3*e4a36f41SAndroid Build Coastguard Worker 4*e4a36f41SAndroid Build Coastguard Workerinit_daemon_domain(preloads_copy) 5*e4a36f41SAndroid Build Coastguard Worker 6*e4a36f41SAndroid Build Coastguard Workerallow preloads_copy shell_exec:file rx_file_perms; 7*e4a36f41SAndroid Build Coastguard Workerallow preloads_copy toolbox_exec:file rx_file_perms; 8*e4a36f41SAndroid Build Coastguard Workerallow preloads_copy preloads_data_file:dir create_dir_perms; 9*e4a36f41SAndroid Build Coastguard Workerallow preloads_copy preloads_data_file:file create_file_perms; 10*e4a36f41SAndroid Build Coastguard Workerallow preloads_copy preloads_media_file:dir create_dir_perms; 11*e4a36f41SAndroid Build Coastguard Workerallow preloads_copy preloads_media_file:file create_file_perms; 12*e4a36f41SAndroid Build Coastguard Worker 13*e4a36f41SAndroid Build Coastguard Worker# Allow to copy from /postinstall 14*e4a36f41SAndroid Build Coastguard Workerallow preloads_copy system_file:dir r_dir_perms; 15*e4a36f41SAndroid Build Coastguard Worker 16*e4a36f41SAndroid Build Coastguard Worker# Silence the denial when /postinstall cannot be mounted, e.g., system_other 17*e4a36f41SAndroid Build Coastguard Worker# is wiped, but preloads_copy.sh still runs. 18*e4a36f41SAndroid Build Coastguard Workerdontaudit preloads_copy postinstall_mnt_dir:dir search; 19