1type sdcardd, domain; 2type sdcardd_exec, exec_type, file_type; 3 4init_daemon_domain(sdcardd) 5 6allow sdcardd cgroup:dir create_dir_perms; 7allow sdcardd fuse_device:chr_file rw_file_perms; 8allow sdcardd rootfs:dir mounton; 9allow sdcardd sdcard_type:filesystem { mount unmount }; 10allow sdcardd self:capability { setuid setgid dac_override sys_admin sys_resource }; 11 12allow sdcardd sdcard_type:dir create_dir_perms; 13allow sdcardd sdcard_type:file create_file_perms; 14 15type_transition sdcardd system_data_file:{ dir file } media_rw_data_file; 16allow sdcardd media_rw_data_file:dir create_dir_perms; 17allow sdcardd media_rw_data_file:file create_file_perms; 18 19# Read /data/system/packages.list. 20allow sdcardd system_data_file:file r_file_perms; 21 22# Read /data/.layout_version 23allow sdcardd install_data_file:file r_file_perms; 24