2012-01-04 09:33:27 -08:00
|
|
|
# init switches to init domain (via init.rc).
|
|
|
|
type init, domain;
|
|
|
|
# init is unconfined.
|
|
|
|
unconfined_domain(init)
|
|
|
|
tmpfs_domain(init)
|
2013-07-10 14:46:05 -07:00
|
|
|
relabelto_domain(init)
|
2013-05-17 17:11:29 -07:00
|
|
|
# add a rule to handle unlabelled mounts
|
|
|
|
allow init unlabeled:filesystem mount;
|
2013-07-10 14:46:05 -07:00
|
|
|
|
2014-02-10 10:29:38 -08:00
|
|
|
allow init fs_type:filesystem *;
|
2013-07-10 14:46:05 -07:00
|
|
|
allow init {fs_type dev_type file_type}:dir_file_class_set relabelto;
|
2013-12-06 05:05:53 -08:00
|
|
|
allow init kernel:security load_policy;
|
2013-12-06 06:31:40 -08:00
|
|
|
allow init usermodehelper:file rw_file_perms;
|
|
|
|
allow init proc_security:file rw_file_perms;
|
2014-01-24 20:43:07 -08:00
|
|
|
|
|
|
|
# Transitions to seclabel processes in init.rc
|
|
|
|
allow init adbd:process transition;
|
|
|
|
allow init healthd:process transition;
|
|
|
|
allow init recovery:process transition;
|
|
|
|
allow init shell:process transition;
|
|
|
|
allow init ueventd:process transition;
|
|
|
|
allow init watchdogd:process transition;
|