1typeattribute installd coredomain; 2 3init_daemon_domain(installd) 4 5# Run migrate_legacy_obb_data.sh in its own sandbox. 6domain_auto_trans(installd, migrate_legacy_obb_data_exec, migrate_legacy_obb_data) 7allow installd shell_exec:file rx_file_perms; 8 9# Run dex2oat in its own sandbox. 10domain_auto_trans(installd, dex2oat_exec, dex2oat) 11 12# Run dexoptanalyzer in its own sandbox. 13domain_auto_trans(installd, dexoptanalyzer_exec, dexoptanalyzer) 14 15# Run viewcompiler in its own sandbox. 16domain_auto_trans(installd, viewcompiler_exec, viewcompiler) 17 18# Run profman in its own sandbox. 19domain_auto_trans(installd, profman_exec, profman) 20 21# Run idmap in its own sandbox. 22domain_auto_trans(installd, idmap_exec, idmap) 23 24# For collecting bugreports. 25allow installd dumpstate:fd use; 26allow installd dumpstate:fifo_file r_file_perms; 27 28# Delete /system/bin/bcc generated artifacts 29allow installd app_exec_data_file:file unlink; 30 31# Capture userdata snapshots to /data/misc_[ce|de]/rollback and 32# subsequently restore them. 33allow installd rollback_data_file:dir create_dir_perms; 34allow installd rollback_data_file:file create_file_perms; 35 36# Allow installd to access the runtime feature flag properties. 37get_prop(installd, device_config_runtime_native_prop) 38get_prop(installd, device_config_runtime_native_boot_prop) 39 40# Allow installd to access apk verity feature flag (for legacy case). 41get_prop(installd, apk_verity_prop) 42 43# Allow installd to delete files in /data/staging 44allow installd staging_data_file:file unlink; 45allow installd staging_data_file:dir { open read remove_name rmdir search write }; 46