###
### Apps that run with the system UID, e.g. com.android.system.ui,
### com.android.settings.  These are not as privileged as the system
### server.
###

allow system_app cache_file:dir { create add_name write ioctl open search };
allow system_app cache_file:file {create open write ioctl };
allow system_app cache_recovery_file:dir { create add_name write ioctl open search read setattr getattr remove_name};
allow system_app cache_recovery_file:file {create open write read unlink setattr getattr };
allow system_app ota_package_file:dir { create add_name write ioctl open search read setattr getattr remove_name};
allow system_app ota_package_file:file {create open write read unlink setattr getattr };

type system_app, domain;