| dcashman | cc39f63 | 2016-07-22 13:13:11 -0700 | [diff] [blame] | 1 | # type_transition must be private policy the domain_trans rules could stay |
| 2 | # public, but conceptually should go with this |
| 3 | init_daemon_domain(recovery_persist) |
| dcashman | 2e00e63 | 2016-10-12 14:58:09 -0700 | [diff] [blame^] | 4 | |
| 5 | # recovery_persist is not allowed to write anywhere other than recovery_data_file |
| 6 | # TODO: deal with tmpfs_domain pub/priv split properly |
| 7 | neverallow recovery_persist { file_type -recovery_data_file -recovery_persist_tmpfs userdebug_or_eng(`-coredump_file') }:file write; |