1# kexec loads a crashdump kernel into memory using the kexec_file_load syscall. 2type kexec, domain, coredomain; 3type kexec_exec, exec_type, file_type, system_file_type; 4 5# allow kexec to write into /dev/kmsg for logging 6allow kexec kmsg_device:chr_file w_file_perms; 7 8# kexec is launched by microdroid_manager with fork/execvp. 9allow kexec microdroid_manager:fd use; 10 11# allow kexec to have SYS_BOOT 12allow kexec self:capability sys_boot; 13 14# allow kexec to write kmsg_debug 15allow kexec kmsg_debug_device:chr_file w_file_perms; 16