| r_dir_file(update_engine, mnt_user_file) |
| r_dir_file(update_engine, storage_file) |
| |
| allow update_engine self:capability { chown fsetid }; |
| |
| allow update_engine labeledfs:filesystem { mount unmount }; |
| |
| allow update_engine { otapreopt_chroot_exec rootfs system_file toolbox_exec }:file rx_file_perms; |
| |
| allow update_engine labeledfs:filesystem mount; |
| allow update_engine rootfs:dir { add_name write }; |
| allow update_engine storage_file:lnk_file read; |
| allow update_engine system_file:file execute_no_trans; |
| allow update_engine toolbox_exec:file { execute getattr }; |