sepolicy/policy/chromeos/cros_lsblk.te - third_party/platform2 - Git at Google

 type cros_lsblk, domain, chromeos_domain;

 domain_auto_trans_nnp(cros_is_running_from_installer, cros_lsblk_exec, cros_lsblk)
 domain_auto_trans_nnp(cros_os_install_service, cros_lsblk_exec, cros_lsblk)

 allow cros_lsblk {
   cros_is_running_from_installer
   cros_os_install_service
 }:fd use;
 allow cros_lsblk {
   cros_is_running_from_installer
   cros_os_install_service
 }:fifo_file rw_file_perms;

 allow cros_lsblk device:blk_file getattr;
 allow cros_lsblk device:lnk_file read;
 allow cros_lsblk sysfs:dir read;
 allow cros_lsblk sysfs:file { getattr read };
 allow cros_lsblk sysfs_dm:dir { getattr read search };
 allow cros_lsblk sysfs_dm:file { getattr read };
 allow cros_lsblk sysfs_loop:dir { read search };
 allow cros_lsblk sysfs_loop:file { getattr read };
 allow cros_lsblk sysfs_zram:dir { read search };
 allow cros_lsblk sysfs_zram:file { getattr read };
	type cros_lsblk, domain, chromeos_domain;

	domain_auto_trans_nnp(cros_is_running_from_installer, cros_lsblk_exec, cros_lsblk)
	domain_auto_trans_nnp(cros_os_install_service, cros_lsblk_exec, cros_lsblk)

	allow cros_lsblk {
	cros_is_running_from_installer
	cros_os_install_service
	}:fd use;
	allow cros_lsblk {
	cros_is_running_from_installer
	cros_os_install_service
	}:fifo_file rw_file_perms;

	allow cros_lsblk device:blk_file getattr;
	allow cros_lsblk device:lnk_file read;
	allow cros_lsblk sysfs:dir read;
	allow cros_lsblk sysfs:file { getattr read };
	allow cros_lsblk sysfs_dm:dir { getattr read search };
	allow cros_lsblk sysfs_dm:file { getattr read };
	allow cros_lsblk sysfs_loop:dir { read search };
	allow cros_lsblk sysfs_loop:file { getattr read };
	allow cros_lsblk sysfs_zram:dir { read search };
	allow cros_lsblk sysfs_zram:file { getattr read };