1typeattribute uncrypt coredomain; 2 3init_daemon_domain(uncrypt) 4 5# Set a property to reboot the device. 6set_prop(uncrypt, powerctl_prop) 7 8allow uncrypt self:global_capability_class_set { dac_override dac_read_search }; 9 10userdebug_or_eng(` 11 # For debugging, allow /data/local/tmp access 12 r_dir_file(uncrypt, shell_data_file) 13') 14 15# Read /cache/recovery/command 16# Read /cache/recovery/uncrypt_file 17allow uncrypt cache_file:dir search; 18allow uncrypt cache_recovery_file:dir rw_dir_perms; 19allow uncrypt cache_recovery_file:file create_file_perms; 20 21# Read and write(for f2fs_pin_file) on OTA zip file at /data/ota_package/. 22allow uncrypt ota_package_file:dir r_dir_perms; 23allow uncrypt ota_package_file:file rw_file_perms; 24 25# Write to /dev/socket/uncrypt 26unix_socket_connect(uncrypt, uncrypt, uncrypt) 27 28# Raw writes to block device 29allow uncrypt self:global_capability_class_set sys_rawio; 30allow uncrypt misc_block_device:blk_file w_file_perms; 31allow uncrypt block_device:dir r_dir_perms; 32 33# Access userdata block device. 34allow uncrypt userdata_block_device:blk_file w_file_perms; 35 36r_dir_file(uncrypt, rootfs) 37 38# Access to bootconfig is needed when calling ReadDefaultFstab. 39allow uncrypt { 40 proc_bootconfig 41 proc_cmdline 42 43}:file r_file_perms; 44 45# Read files in /sys 46r_dir_file(uncrypt, sysfs_dt_firmware_android) 47 48# Allow ReadDefaultFstab(). 49read_fstab(uncrypt) 50