b1d81645b3
Start running in enforcing mode for kernel / init. This should be mostly a no-op, as the kernel / init is in the unconfined domain. Change-Id: I8273d936c9a4eecb50b78ae93490a4dd52f59eb6
11 lines
344 B
Text
11 lines
344 B
Text
# init switches to init domain (via init.rc).
|
|
type init, domain;
|
|
# init is unconfined.
|
|
unconfined_domain(init)
|
|
tmpfs_domain(init)
|
|
relabelto_domain(init)
|
|
# add a rule to handle unlabelled mounts
|
|
allow init unlabeled:filesystem mount;
|
|
|
|
allow init {fs_type dev_type file_type}:dir_file_class_set relabelto;
|
|
allow init kernel:security load_policy;
|