platform_vendor_tequila/sepolicy/sysinit.te
Steve Kondik 0525ff2a9e sepolicy: Fix a few denials
* From sysinit and adbd

Change-Id: I56505e34774f9697a7f336efb43808a651a871f8
2016-09-20 02:41:48 -07:00

23 lines
870 B
Text

type sysinit, domain;
type sysinit_exec, exec_type, file_type;
init_daemon_domain(sysinit)
#============= sysinit ==============
allow sysinit devpts:chr_file { rw_file_perms };
allow sysinit shell_exec:file { rx_file_perms };
allow sysinit system_file:file { rx_file_perms };
allow sysinit system_file:dir { r_dir_perms };
allow sysinit toolbox_exec:file { rx_file_perms };
allow sysinit self:process setcurrent;
userdebug_or_eng(`
allow sysinit userinit_data_exec:file { r_file_perms relabelto };
allow sysinit property_socket:sock_file write;
allow sysinit init:unix_stream_socket connectto;
allow sysinit userinit_prop:property_service set;
allow sysinit sysfs:file rw_file_perms;
allow sysinit sysfs_devices_system_cpu:file write;
allow sysinit self:capability dac_override;
allow sysinit userinit_exec:file { rx_file_perms };
')