1type factory_ota_app, domain, coredomain; 2 3app_domain(factory_ota_app) 4net_domain(factory_ota_app) 5 6# Write to /data/ota_package for OTA packages. 7# Factory OTA client will download OTA image into ota_package folder and unzip it. 8# Than Update engine could use it to execute OTA process. 9# So Factory OTA client need read / write and create file access right for this folder 10allow factory_ota_app ota_package_file:dir rw_dir_perms; 11allow factory_ota_app ota_package_file:file create_file_perms; 12 13# Properties 14# For write system property persist.* 15set_prop(factory_ota_app, sota_prop); 16 17# Services 18# For get access WiFi manager service and activity service 19allow factory_ota_app app_api_service:service_manager find; 20# Allow Factory OTA to call Update Engine 21binder_call(factory_ota_app, update_engine) 22# Allow Update Engine to call the Factory OTA callback 23binder_call(update_engine, factory_ota_app) 24#For access update engine function 25allow factory_ota_app update_engine_service:service_manager find; 26#For disable NFC wake up device feature 27allow factory_ota_app nfc_service:service_manager find; 28#For get device IMEI 29allow factory_ota_app radio_service:service_manager find; 30 31# For suppress more GPU service sepolicy error log. 32dontaudit factory_ota_app gpuservice:binder call; 33