1# GKI pre- & post-install hooks. 2# 3# Allow to run pre- and post-install hooks for GKI APEXes 4 5type gki_apex_prepostinstall, domain, coredomain; 6type gki_apex_prepostinstall_exec, system_file_type, exec_type, file_type; 7 8# Execute /system/bin/sh. 9allow gki_apex_prepostinstall shell_exec:file rx_file_perms; 10 11# Execute various toolsbox utilities. 12allow gki_apex_prepostinstall toolbox_exec:file rx_file_perms; 13 14# Allow preinstall.sh to execute update_engine_stable_client binary. 15allow gki_apex_prepostinstall gki_apex_prepostinstall_exec:file execute_no_trans; 16 17# Allow preinstall hook to communicate with update_engine to execute update. 18binder_use(gki_apex_prepostinstall) 19allow gki_apex_prepostinstall update_engine_stable_service:service_manager find; 20binder_call(gki_apex_prepostinstall, update_engine) 21 22# /dev/zero is inherited although it is not used. See b/126787589. 23allow gki_apex_prepostinstall apexd:fd use; 24