private/recovery_refresh.te - platform/system/sepolicy - Git at Google

 # type_transition must be private policy the domain_trans rules could stay
 # public, but conceptually should go with this
 init_daemon_domain(recovery_refresh)

 # recovery_refresh is not allowed to write anywhere
 # TODO: deal with tmpfs_domain pub/priv split properly
 neverallow recovery_refresh { file_type -recovery_refresh_tmpfs userdebug_or_eng(`-coredump_file') }:file write;
	# type_transition must be private policy the domain_trans rules could stay
	# public, but conceptually should go with this
	init_daemon_domain(recovery_refresh)

	# recovery_refresh is not allowed to write anywhere
	# TODO: deal with tmpfs_domain pub/priv split properly
	neverallow recovery_refresh { file_type -recovery_refresh_tmpfs userdebug_or_eng(`-coredump_file') }:file write;