type move-widevine-data-sh, domain, coredomain;
type move-widevine-data-sh_exec, exec_type, system_file_type, file_type;
init_daemon_domain(move-widevine-data-sh);

allow move-widevine-data-sh shell_exec:file rx_file_perms;
allow move-widevine-data-sh toolbox_exec:file rx_file_perms;

allow move-widevine-data-sh file_contexts_file:file { read getattr open };

# for writing files_moved so we only execute the move once
allow move-widevine-data-sh vendor_data_file:file { getattr };