bootchart: add policy rules for bootchart
allow the bootchart to create dir and files at init,
also allow user to create the stop and start file under
/data/bootchart directory to start and stop bootchart
Change-Id: Icfee8dcd17366383eef00fbe3139744bf4427a6b
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
diff --git a/init.te b/init.te
index 1283ec7..d81f5af 100644
--- a/init.te
+++ b/init.te
@@ -1,5 +1,5 @@
# init switches to init domain (via init.rc).
-type init, domain;
+type init, domain, mlstrustedsubject;
permissive_or_unconfined(init)
tmpfs_domain(init)
@@ -164,6 +164,11 @@
# Set UID and GID for services.
allow init self:capability { setuid setgid };
+# For bootchart to read the /proc/$pid/cmdline file of each process,
+# we need to have following line to allow init to have access
+# to different domains.
+r_dir_file(init, domain)
+
# Use setexeccon(), setfscreatecon(), and setsockcreatecon().
# setexec is for services with seclabel options.
# setfscreate is for labeling directories and socket files.