Lines Matching refs:postinstall

1 # Domain where the postinstall program runs during the update.
4 type postinstall, domain;
6 # Allow postinstall to write to its stdout/stderr when redirected via pipes to
8 allow postinstall update_engine_common:fd use;
9 allow postinstall update_engine_common:fifo_file rw_file_perms;
11 # Allow postinstall to read and execute directories and files in the same
13 allow postinstall postinstall_file:file rx_file_perms;
14 allow postinstall postinstall_file:lnk_file r_file_perms;
15 allow postinstall postinstall_file:dir r_dir_perms;
17 # Allow postinstall to execute the shell or other system executables.
18 allow postinstall shell_exec:file rx_file_perms;
19 allow postinstall system_file:file rx_file_perms;
20 allow postinstall toolbox_exec:file rx_file_perms;
22 # Allow postinstall to execute shell in recovery.
24   allow postinstall rootfs:file rx_file_perms;
31 # Allow postinstall scripts to talk to the system server.
32 binder_use(postinstall)
33 binder_call(postinstall, system_server)
36 allow postinstall otadexopt_service:service_manager find;
38 # Allow postinstall scripts to trigger f2fs garbage collection
39 allow postinstall sysfs_fs_f2fs:file rw_file_perms;
40 allow postinstall sysfs_fs_f2fs:dir r_dir_perms;
43 # should transition to postinstall, as it is only meant to run during the
45 neverallow { domain -update_engine -recovery } postinstall:process { transition dyntransition };