1type convert-to-ext4-sh, domain, coredomain; 2type convert-to-ext4-sh_exec, system_file_type, exec_type, file_type; 3 4userdebug_or_eng(` 5 permissive convert-to-ext4-sh; 6 7 init_daemon_domain(convert-to-ext4-sh) 8 9 allow convert-to-ext4-sh block_device:dir search; 10 allow convert-to-ext4-sh e2fs_exec:file rx_file_perms; 11 allow convert-to-ext4-sh efs_block_device:blk_file rw_file_perms; 12 allow convert-to-ext4-sh kernel:process setsched; 13 allow convert-to-ext4-sh kmsg_device:chr_file rw_file_perms; 14 allow convert-to-ext4-sh persist_block_device:blk_file { getattr ioctl open read write }; 15 allow convert-to-ext4-sh shell_exec:file rx_file_perms; 16 allow convert-to-ext4-sh sysfs_fs_ext4_features:dir { read search }; 17 allow convert-to-ext4-sh sysfs_fs_ext4_features:file read; 18 allow convert-to-ext4-sh tmpfs:dir { add_name create mounton open }; 19 allow convert-to-ext4-sh tmpfs:dir { remove_name rmdir rw_file_perms setattr }; 20 allow convert-to-ext4-sh tmpfs:file { create rw_file_perms unlink }; 21 allow convert-to-ext4-sh toolbox_exec:file rx_file_perms; 22 allow convert-to-ext4-sh vendor_persist_type:dir { rw_file_perms search }; 23 allow convert-to-ext4-sh vendor_persist_type:file rw_file_perms; 24 25 allowxperm convert-to-ext4-sh { efs_block_device persist_block_device}:blk_file ioctl { 26 BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET LOOP_CLR_FD 27 }; 28 29 dontaudit convert-to-ext4-sh labeledfs:filesystem { mount unmount }; 30 dontaudit convert-to-ext4-sh self:capability { chown fowner fsetid dac_read_search sys_admin sys_rawio }; 31 dontaudit convert-to-ext4-sh unlabeled:dir { add_name create mounton open rw_file_perms search setattr }; 32 dontaudit convert-to-ext4-sh unlabeled:file { create rw_file_perms setattr }; 33 dontaudit convert-to-ext4-sh convert-to-ext4-sh:capability { dac_override }; 34') 35