zuma/vendor/init.te

allow init mnt_vendor_file:dir mounton;
allow init custom_ab_block_device:lnk_file relabelto;

# This is needed for chaining a boot partition vbmeta
# descriptor, where init will probe the boot partition
# to read the chained vbmeta in the first-stage, then
# relabel /dev/block/by-name/boot_[a|b] to block_device
# after loading sepolicy in the second stage.
allow init boot_block_device:lnk_file relabelto;

allow init persist_file:dir mounton;
allow init ram_device:blk_file w_file_perms;