1typeattribute recovery_persist coredomain;
2
3init_daemon_domain(recovery_persist)
4
5# recovery_persist is not allowed to write anywhere other than recovery_data_file
6neverallow recovery_persist {
7  file_type
8  -recovery_data_file
9  userdebug_or_eng(`-coredump_file')
10  with_native_coverage(`-method_trace_data_file')
11}:file write;
12