| dcashman | cc39f63 | 2016-07-22 13:13:11 -0700 | [diff] [blame] | 1 | # type_transition must be private policy the domain_trans rules could stay |
| 2 | # public, but conceptually should go with this | ||||
| 3 | init_daemon_domain(recovery_refresh) | ||||
| dcashman | 2e00e63 | 2016-10-12 14:58:09 -0700 | [diff] [blame^] | 4 | |
| 5 | # recovery_refresh is not allowed to write anywhere | ||||
| 6 | # TODO: deal with tmpfs_domain pub/priv split properly | ||||
| 7 | neverallow recovery_refresh { file_type -recovery_refresh_tmpfs userdebug_or_eng(`-coredump_file') }:file write; | ||||