1type move-widevine-data-sh, domain, coredomain; 2type move-widevine-data-sh_exec, system_file_type, exec_type, file_type; 3init_daemon_domain(move-widevine-data-sh); 4 5typeattribute move-widevine-data-sh data_between_core_and_vendor_violators; 6 7allow move-widevine-data-sh shell_exec:file rx_file_perms; 8allow move-widevine-data-sh toolbox_exec:file rx_file_perms; 9 10allow move-widevine-data-sh file_contexts_file:file { read getattr open }; 11 12allow move-widevine-data-sh media_data_file:file { getattr setattr relabelfrom }; 13allow move-widevine-data-sh media_data_file:dir { reparent rename rmdir setattr rw_dir_perms relabelfrom }; 14 15allow move-widevine-data-sh mediadrm_vendor_data_file:dir { create_dir_perms relabelto }; 16 17# for writing files_moved so we only execute the move once 18allow move-widevine-data-sh mediadrm_vendor_data_file:file { create open write getattr relabelto }; 19