1typeattribute update_engine coredomain; 2 3init_daemon_domain(update_engine); 4 5# Allow to talk to gsid. 6allow update_engine gsi_service:service_manager find; 7binder_call(update_engine, gsid) 8 9# Allow to start gsid service. 10set_prop(update_engine, ctl_gsid_prop) 11 12# Allow to start snapuserd for dm-user communication. 13set_prop(update_engine, ctl_snapuserd_prop) 14 15# Allow to set the OTA related properties, e.g. ota.warm_reset. 16set_prop(update_engine, ota_prop) 17 18# Allow to get the DSU status 19get_prop(update_engine, gsid_prop) 20 21# Allow update_engine to call the callback function provided by GKI update hook. 22binder_call(update_engine, gki_apex_prepostinstall) 23 24# Allow to communicate with the snapuserd service, for dm-user snapshots. 25allow update_engine snapuserd:unix_stream_socket connectto; 26allow update_engine snapuserd_socket:sock_file write; 27 28# Allow to communicate with apexd for calculating and reserving space for 29# capex decompression 30allow update_engine apex_service:service_manager find; 31binder_call(update_engine, apexd) 32