su.te

userdebug_or_eng(`
  domain_auto_trans(shell, su_exec, su)
  # Allow dumpstate to call su on userdebug / eng builds to collect
  # additional information.
  domain_auto_trans(dumpstate, su_exec, su)

  # Make sure that dumpstate runs the same from the "su" domain as
  # from the "init" domain.
  domain_auto_trans(su, dumpstate_exec, dumpstate)

# su is also permissive to permit setenforce.
  permissive su;

  app_domain(su)
')