Revert "Revert "SELinux policy changes for re-execing init.""
This reverts commit c450759e8e67caa7a77ca078b1478b018a9b848b.
There was nothing wrong with this change originally --- the companion
change in init was broken.
Bug: http://b/19702273
Change-Id: I9d806f6ac251734a61aa90c0741bec7118ea0387
diff --git a/init.te b/init.te
index 78f460a..9f68bb8 100644
--- a/init.te
+++ b/init.te
@@ -1,7 +1,22 @@
-# init switches to init domain (via init.rc).
+# init is its own domain.
type init, domain, mlstrustedsubject;
tmpfs_domain(init)
+# The init domain is entered by execing init.
+type init_exec, exec_type, file_type;
+
+# /dev/__null__ node created by init.
+allow init tmpfs:chr_file create_file_perms;
+
+#
+# init direct restorecon calls.
+#
+# /dev/socket
+allow init { device socket_device }:dir relabelto;
+# /dev/__properties__
+allow init tmpfs:file relabelfrom;
+allow init properties_device:file relabelto;
+
# setrlimit
allow init self:capability sys_resource;
@@ -30,6 +45,8 @@
allow init rootfs:dir create_dir_perms;
allow init rootfs:dir mounton;
+allow init proc:dir mounton;
+
# Mount on /dev/usb-ffs/adb.
allow init device:dir mounton;
@@ -144,8 +161,8 @@
domain_trans(init, rootfs, recovery)
')
domain_trans(init, shell_exec, shell)
-domain_trans(init, rootfs, ueventd)
-domain_trans(init, rootfs, watchdogd)
+domain_trans(init, init_exec, ueventd)
+domain_trans(init, init_exec, watchdogd)
# Support "adb shell stop"
allow init self:capability kill;
@@ -257,9 +274,9 @@
# The init domain is only entered via setcon from the kernel domain,
# never via an exec-based transition.
-neverallow { domain -kernel} init:process dyntransition;
-neverallow domain init:process transition;
-neverallow init { file_type fs_type }:file entrypoint;
+neverallow domain init:process dyntransition;
+neverallow { domain -kernel} init:process transition;
+neverallow init { file_type fs_type -init_exec }:file entrypoint;
# Never read/follow symlinks created by shell or untrusted apps.
neverallow init shell_data_file:lnk_file read;