1*e4a36f41SAndroid Build Coastguard Workertype system_server_startup, domain, coredomain; 2*e4a36f41SAndroid Build Coastguard Workertype system_server_startup_tmpfs, file_type; 3*e4a36f41SAndroid Build Coastguard Worker 4*e4a36f41SAndroid Build Coastguard Workertmpfs_domain(system_server_startup) 5*e4a36f41SAndroid Build Coastguard Worker 6*e4a36f41SAndroid Build Coastguard Worker# Create JIT memory 7*e4a36f41SAndroid Build Coastguard Workerallow system_server_startup self:process execmem; 8*e4a36f41SAndroid Build Coastguard Workerallow system_server_startup system_server_startup_tmpfs:file { execute read write open map }; 9*e4a36f41SAndroid Build Coastguard Worker 10*e4a36f41SAndroid Build Coastguard Worker# Allow to pick up integrity-checked artifacts from the ART APEX dalvik cache. 11*e4a36f41SAndroid Build Coastguard Workerallow system_server_startup apex_art_data_file:dir r_dir_perms; 12*e4a36f41SAndroid Build Coastguard Workerallow system_server_startup apex_art_data_file:file { r_file_perms execute }; 13*e4a36f41SAndroid Build Coastguard Worker 14*e4a36f41SAndroid Build Coastguard Worker# Allow system_server_startup to run setcon() and enter the 15*e4a36f41SAndroid Build Coastguard Worker# system_server domain 16*e4a36f41SAndroid Build Coastguard Workerallow system_server_startup self:process setcurrent; 17*e4a36f41SAndroid Build Coastguard Workerallow system_server_startup system_server:process dyntransition; 18*e4a36f41SAndroid Build Coastguard Worker 19*e4a36f41SAndroid Build Coastguard Worker# Child of the zygote. 20*e4a36f41SAndroid Build Coastguard Workerallow system_server_startup zygote:process sigchld; 21*e4a36f41SAndroid Build Coastguard Worker 22*e4a36f41SAndroid Build Coastguard Worker# Allow query ART device config properties 23*e4a36f41SAndroid Build Coastguard Workerget_prop(system_server_startup, device_config_runtime_native_boot_prop) 24*e4a36f41SAndroid Build Coastguard Workerget_prop(system_server_startup, device_config_runtime_native_prop) 25