1domain_auto_trans(vold, vold_prepare_subdirs_exec, vold_prepare_subdirs) 2 3allow vold_prepare_subdirs system_file:file execute_no_trans; 4allow vold_prepare_subdirs shell_exec:file rx_file_perms; 5allow vold_prepare_subdirs toolbox_exec:file rx_file_perms; 6allow vold_prepare_subdirs devpts:chr_file rw_file_perms; 7allow vold_prepare_subdirs vold:fd use; 8allow vold_prepare_subdirs vold:fifo_file { read write }; 9allow vold_prepare_subdirs file_contexts_file:file r_file_perms; 10allow vold_prepare_subdirs self:global_capability_class_set { chown dac_override dac_read_search fowner }; 11allow vold_prepare_subdirs self:process setfscreate; 12allow vold_prepare_subdirs { 13 system_data_file 14 vendor_data_file 15}:dir { open read write add_name remove_name rmdir relabelfrom }; 16allow vold_prepare_subdirs { 17 backup_data_file 18 face_vendor_data_file 19 fingerprint_vendor_data_file 20 iris_vendor_data_file 21 rollback_data_file 22 storaged_data_file 23 vold_data_file 24}:dir { create_dir_perms relabelto }; 25allow vold_prepare_subdirs { 26 backup_data_file 27 face_vendor_data_file 28 fingerprint_vendor_data_file 29 iris_vendor_data_file 30 rollback_data_file 31 storaged_data_file 32 system_data_file 33 vold_data_file 34}:file { getattr unlink }; 35 36dontaudit vold_prepare_subdirs { proc unlabeled }:file r_file_perms; 37