sepolicy/vold.te - platform_vendor_bliss - Gitiles

 domain_trans(init, rootfs, vold)

 # Allow vold to manage ASEC
 allow vold sdcard_external:file create_file_perms;

 # Allow vold to access fuse for fuse-based fs
 allow vold fuse_device:chr_file rw_file_perms;

 # NTFS-3g wants to drop permission
 allow vold self:capability { setgid setuid };

 # Vold can also run as minivold in the rootfs
 recovery_only(`
   allow vold rootfs:dir { add_name write };
 ')
	domain_trans(init, rootfs, vold)

	# Allow vold to manage ASEC
	allow vold sdcard_external:file create_file_perms;

	# Allow vold to access fuse for fuse-based fs
	allow vold fuse_device:chr_file rw_file_perms;

	# NTFS-3g wants to drop permission
	allow vold self:capability { setgid setuid };

	# Vold can also run as minivold in the rootfs
	recovery_only(`
	allow vold rootfs:dir { add_name write };
	')