1allow init modem_img_file:dir mounton; 2allow init mnt_vendor_file:dir mounton; 3allow init modem_img_file:filesystem { getattr mount relabelfrom }; 4allow init custom_ab_block_device:lnk_file relabelto; 5 6# This is needed for chaining a boot partition vbmeta 7# descriptor, where init will probe the boot partition 8# to read the chained vbmeta in the first-stage, then 9# relabel /dev/block/by-name/boot_[a|b] to block_device 10# after loading sepolicy in the second stage. 11allow init boot_block_device:lnk_file relabelto; 12 13allow init persist_file:dir mounton; 14allow init modem_efs_file:dir mounton; 15allow init modem_userdata_file:dir mounton; 16allow init ram_device:blk_file w_file_perms; 17allow init sysfs_scsi_devices_0000:file w_file_perms; 18 19# Workaround for b/193113005 that modem_img unlabeled after disable-verity 20dontaudit init overlayfs_file:file rename; 21dontaudit init overlayfs_file:chr_file unlink; 22