| n_to_p_migration(` |
| type move-widevine-data-sh, domain; |
| type move-widevine-data-sh_exec; |
| type shell_exec; |
| type toolbox_exec; |
| type file_contexts_file; |
| type media_data_file, file_type, android_file_type; |
| type mediadrm_vendor_data_file; |
| attribute data_between_core_and_vendor_violators; |
| |
| typeattribute move-widevine-data-sh data_between_core_and_vendor_violators; |
| |
| allow move-widevine-data-sh shell_exec:file rx_file_perms; |
| allow move-widevine-data-sh toolbox_exec:file rx_file_perms; |
| |
| allow move-widevine-data-sh file_contexts_file:file { read getattr open }; |
| |
| allow move-widevine-data-sh media_data_file:file { getattr setattr relabelfrom rename }; |
| allow move-widevine-data-sh media_data_file:dir { create reparent rename rmdir setattr rw_dir_perms relabelfrom }; |
| |
| allow move-widevine-data-sh mediadrm_vendor_data_file:dir { create_dir_perms relabelto }; |
| |
| # for writing files_moved so we only execute the move once |
| allow move-widevine-data-sh mediadrm_vendor_data_file:file { create open write getattr relabelto }; |
| ') |
