1# ART APEX postinstall. 2# 3 4type art_apex_postinstall, domain, coredomain; 5type art_apex_postinstall_exec, system_file_type, exec_type, file_type; 6 7# /system/bin/sh (see b/126787589). 8allow art_apex_postinstall apexd:fd use; 9 10# Read temp dirs and files. Move directories. 11allow art_apex_postinstall ota_data_file:dir { r_dir_perms write rename remove_name relabelfrom reparent }; 12allow art_apex_postinstall ota_data_file:file { r_file_perms relabelfrom }; 13# We're deleting the old /data/dalvik-cache/* and move the new ones 14# over. 15allow art_apex_postinstall dalvikcache_data_file:dir { create_dir_perms relabelto }; 16allow art_apex_postinstall dalvikcache_data_file:file { r_file_perms unlink relabelto }; 17 18# Required for relabel. 19allow art_apex_postinstall file_contexts_file:file r_file_perms; 20allow art_apex_postinstall self:global_capability_class_set sys_admin; 21 22# Script helpers. 23allow art_apex_postinstall shell_exec:file rx_file_perms; 24allow art_apex_postinstall toolbox_exec:file rx_file_perms; 25 26# Fsverity in the same domain. 27allow art_apex_postinstall system_file:file execute_no_trans; 28# Fsverity work. 29allowxperm art_apex_postinstall ota_data_file:file ioctl { 30 FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY 31}; 32