microdroid/system/private/diced.te - android_system_sepolicy - Gitiles

 type diced, domain, coredomain;
 type diced_exec, system_file_type, exec_type, file_type;

 # Block crash dumps to ensure the DICE secrets are not leaked.
 typeattribute diced no_crash_dump_domain;

 # diced can be started by init
 init_daemon_domain(diced)

 # diced can talk to dice HAL
 hal_client_domain(diced, hal_dice)

 # diced hosts AIDL services
 binder_use(diced)
 binder_service(diced)
 add_service(diced, dice_node_service)
 add_service(diced, dice_maintenance_service)

 # diced can check SELinux permissions.
 selinux_check_access(diced)

 # diced is using bootstrap bionic
 use_bootstrap_libs(diced)
	type diced, domain, coredomain;
	type diced_exec, system_file_type, exec_type, file_type;

	# Block crash dumps to ensure the DICE secrets are not leaked.
	typeattribute diced no_crash_dump_domain;

	# diced can be started by init
	init_daemon_domain(diced)

	# diced can talk to dice HAL
	hal_client_domain(diced, hal_dice)

	# diced hosts AIDL services
	binder_use(diced)
	binder_service(diced)
	add_service(diced, dice_node_service)
	add_service(diced, dice_maintenance_service)

	# diced can check SELinux permissions.
	selinux_check_access(diced)

	# diced is using bootstrap bionic
	use_bootstrap_libs(diced)