1type preloads_copy, domain, coredomain; 2type preloads_copy_exec, system_file_type, exec_type, file_type; 3 4init_daemon_domain(preloads_copy) 5 6allow preloads_copy shell_exec:file rx_file_perms; 7allow preloads_copy toolbox_exec:file rx_file_perms; 8allow preloads_copy preloads_data_file:dir create_dir_perms; 9allow preloads_copy preloads_data_file:file create_file_perms; 10allow preloads_copy preloads_media_file:dir create_dir_perms; 11allow preloads_copy preloads_media_file:file create_file_perms; 12 13# Allow to copy from /postinstall 14allow preloads_copy system_file:dir r_dir_perms; 15 16# Silence the denial when /postinstall cannot be mounted, e.g., system_other 17# is wiped, but preloads_copy.sh still runs. 18dontaudit preloads_copy postinstall_mnt_dir:dir search; 19