Files that end with *.te are SELinux policy source files, which define domains and their labels. You may need to create new policy files in /device/manufacturer/device-name/sepolicy, but you should try to update existing files where possible.
require Statement at the start of the list.
If SELinux policy rule does not exist to allow access, such as for a process opening a file, access is denied
We use “optional_policy” statement to declare a rule which could be invalid if an appropriate module (module containing a declaration of an interface) is disabled/removed or is not declared. Probably the following example is better than my definition.
optional_policy(`
corosync_exec(fenced_t)
‘)
