target/board/generic/sepolicy/goldfish_setup.te - platform/build - Gitiles

 # goldfish-setup service: runs init.goldfish.sh script
 type goldfish_setup, domain;
 type goldfish_setup_exec, exec_type, file_type;

 init_daemon_domain(goldfish_setup)

 # Inherit open file to shell (interpreter) for script.
 allow goldfish_setup shell_exec:file read;

 # Run ifconfig, route commands to configure interfaces and routes.
 allow goldfish_setup system_file:file execute_no_trans;
 allow goldfish_setup self:capability { net_admin net_raw };
 allow goldfish_setup self:udp_socket create_socket_perms;

 # Set net.eth0.dns*, debug.sf.nobootanimation
 set_prop(goldfish_setup, system_prop)
 set_prop(goldfish_setup, debug_prop)

 # Set ro.radio.noril
 set_prop(goldfish_setup, radio_noril_prop)

 # Stop ril-daemon service (by setting ctl.stop to ril-daemon, which
 # transforms to a permission check on ctl.ril-daemon).
 set_prop(goldfish_setup, ctl_rildaemon_prop)
	# goldfish-setup service: runs init.goldfish.sh script
	type goldfish_setup, domain;
	type goldfish_setup_exec, exec_type, file_type;

	init_daemon_domain(goldfish_setup)

	# Inherit open file to shell (interpreter) for script.
	allow goldfish_setup shell_exec:file read;

	# Run ifconfig, route commands to configure interfaces and routes.
	allow goldfish_setup system_file:file execute_no_trans;
	allow goldfish_setup self:capability { net_admin net_raw };
	allow goldfish_setup self:udp_socket create_socket_perms;

	# Set net.eth0.dns*, debug.sf.nobootanimation
	set_prop(goldfish_setup, system_prop)
	set_prop(goldfish_setup, debug_prop)

	# Set ro.radio.noril
	set_prop(goldfish_setup, radio_noril_prop)

	# Stop ril-daemon service (by setting ctl.stop to ril-daemon, which
	# transforms to a permission check on ctl.ril-daemon).
	set_prop(goldfish_setup, ctl_rildaemon_prop)