system_app.te

#
# Apps that run with the system UID, e.g. com.android.system.ui,
# com.android.settings.  These are not as privileged as the system
# server.
#
type system_app, domain;
permissive_or_unconfined(system_app)
app_domain(system_app)
net_domain(system_app)
binder_service(system_app)

# Read and write /data/data subdirectory.
allow system_app system_app_data_file:dir create_dir_perms;
allow system_app system_app_data_file:file create_file_perms;

# Read wallpaper file.
allow system_app wallpaper_file:file r_file_perms;

# Write to dalvikcache.
allow system_app dalvikcache_data_file:file { write setattr };

# Write to properties
unix_socket_connect(system_app, property, init)
allow system_app debug_prop:property_service set;
allow system_app radio_prop:property_service set;
allow system_app system_prop:property_service set;
allow system_app ctl_bugreport_prop:property_service set;

# Create /data/anr/traces.txt.
allow system_app anr_data_file:dir ra_dir_perms;
allow system_app anr_data_file:file create_file_perms;