1# type_transition must be private policy the domain_trans rules could stay
2# public, but conceptually should go with this
3# The postinstall program is run by update_engine_common and must be tagged
4# with postinstall_exec in the new filesystem.
5# TODO Have build system attempt to verify this
6domain_auto_trans(update_engine_common, postinstall_exec, postinstall)
7
8# Vendor directories can have the transition as well during OTA. This is caused
9# by update_engine execing scripts in vendor to perform any update tasks needed
10# there.
11domain_auto_trans(update_engine_common, postinstall_file, postinstall)
12
13allow update_engine_common labeledfs:filesystem { mount unmount relabelfrom };
14