| # healthd seclabel is specified in init.rc since |
| # it lives in the rootfs and has no unique file type. |
| type healthd, domain; |
| type healthd_exec, exec_type, file_type; |
| |
| init_daemon_domain(healthd) |
| allow healthd rootfs:file { read entrypoint }; |
| write_klog(healthd) |
| # /dev/__null__ created by init prior to policy load, |
| # open fd inherited by healthd. |
| allow healthd tmpfs:chr_file { read write }; |
| |
| allow healthd self:capability { net_admin mknod }; |
| allow healthd self:capability2 block_suspend; |
| allow healthd self:netlink_kobject_uevent_socket create_socket_perms; |
| binder_use(healthd) |
| binder_service(healthd) |
| binder_call(healthd, system_server) |