| Alex Klyubin | f5446eb | 2017-03-23 14:27:32 -0700 | [diff] [blame^] | 1 | typeattribute vold coredomain; |
| 2 | |
| dcashman | cc39f63 | 2016-07-22 13:13:11 -0700 | [diff] [blame] | 3 | init_daemon_domain(vold) |
| 4 | |
| 5 | # Switch to more restrictive domains when executing common tools |
| 6 | domain_auto_trans(vold, sgdisk_exec, sgdisk); |
| 7 | domain_auto_trans(vold, sdcardd_exec, sdcardd); |
| 8 | |
| 9 | # For a handful of probing tools, we choose an even more restrictive |
| 10 | # domain when working with untrusted block devices |
| 11 | domain_trans(vold, shell_exec, blkid); |
| 12 | domain_trans(vold, shell_exec, blkid_untrusted); |
| 13 | domain_trans(vold, fsck_exec, fsck); |
| 14 | domain_trans(vold, fsck_exec, fsck_untrusted); |
| 15 | |
| 16 | # Newly created storage dirs are always treated as mount stubs to prevent us |
| 17 | # from accidentally writing when the mount point isn't present. |
| 18 | type_transition vold storage_file:dir storage_stub_file; |
| 19 | type_transition vold mnt_media_rw_file:dir mnt_media_rw_stub_file; |