2c1a0ad73f
The kernel bug that required healthd to remain permissive was fixed by I8a3e0db15ec5f4eb05d455a57e8446a8c2b484c2. Change-Id: Iff07b65b943cadf949d9b747376a8621b2378bf8 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
18 lines
641 B
Text
18 lines
641 B
Text
# healthd seclabel is specified in init.rc since
|
|
# it lives in the rootfs and has no unique file type.
|
|
type healthd, domain;
|
|
type healthd_exec, exec_type, file_type;
|
|
|
|
init_daemon_domain(healthd)
|
|
allow healthd rootfs:file { read entrypoint };
|
|
write_klog(healthd)
|
|
# /dev/__null__ created by init prior to policy load,
|
|
# open fd inherited by healthd.
|
|
allow healthd tmpfs:chr_file { read write };
|
|
|
|
allow healthd self:capability { net_admin mknod };
|
|
allow healthd self:capability2 block_suspend;
|
|
allow healthd self:netlink_kobject_uevent_socket create_socket_perms;
|
|
binder_use(healthd)
|
|
binder_service(healthd)
|
|
binder_call(healthd, system_server)
|