shared_relro.te - platform/external/sepolicy - Git at Google

 # Process which creates/updates shared RELRO files to be used by other apps.
 type shared_relro, domain;

 # The shared relro process is a Java program forked from the zygote, so it
 # inherits from app to get basic permissions it needs to run.
 app_domain(shared_relro)

 # Grant write access to the shared relro files/directory.
 allow shared_relro shared_relro_file:dir rw_dir_perms;
 allow shared_relro shared_relro_file:file create_file_perms;

 # Needs to contact the "webviewupdate" and "activity" services
 allow shared_relro system_server_service:service_manager find;
 allow shared_relro tmp_system_server_service:service_manager find;

 service_manager_local_audit_domain(shared_relro)
 auditallow shared_relro {
     tmp_system_server_service
     -webviewupdate_service
 }:service_manager find;
	# Process which creates/updates shared RELRO files to be used by other apps.
	type shared_relro, domain;

	# The shared relro process is a Java program forked from the zygote, so it
	# inherits from app to get basic permissions it needs to run.
	app_domain(shared_relro)

	# Grant write access to the shared relro files/directory.
	allow shared_relro shared_relro_file:dir rw_dir_perms;
	allow shared_relro shared_relro_file:file create_file_perms;

	# Needs to contact the "webviewupdate" and "activity" services
	allow shared_relro system_server_service:service_manager find;
	allow shared_relro tmp_system_server_service:service_manager find;

	service_manager_local_audit_domain(shared_relro)
	auditallow shared_relro {
	tmp_system_server_service
	-webviewupdate_service
	}:service_manager find;