Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 1 | # ueventd seclabel is specified in init.rc since |
| 2 | # it lives in the rootfs and has no unique file type. |
| 3 | type ueventd, domain; |
| 4 | tmpfs_domain(ueventd) |
William Roberts | 85c5fc2 | 2013-10-06 15:36:11 -0400 | [diff] [blame] | 5 | write_klog(ueventd) |
| 6 | security_access_policy(ueventd) |
| 7 | relabelto_domain(ueventd) |
Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 8 | allow ueventd rootfs:file entrypoint; |
William Roberts | 85c5fc2 | 2013-10-06 15:36:11 -0400 | [diff] [blame] | 9 | allow ueventd init:process sigchld; |
| 10 | allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio dac_override fowner }; |
| 11 | allow ueventd device:file create_file_perms; |
| 12 | allow ueventd device:chr_file rw_file_perms; |
| 13 | allow ueventd sysfs:file rw_file_perms; |
| 14 | allow ueventd sysfs:file setattr; |
| 15 | allow ueventd sysfs_type:file { relabelfrom relabelto }; |
Nick Kralevich | 967f39a | 2013-10-30 14:12:21 -0700 | [diff] [blame] | 16 | allow ueventd sysfs_devices_system_cpu:file rw_file_perms; |
William Roberts | 85c5fc2 | 2013-10-06 15:36:11 -0400 | [diff] [blame] | 17 | allow ueventd tmpfs:chr_file rw_file_perms; |
| 18 | allow ueventd dev_type:dir create_dir_perms; |
| 19 | allow ueventd dev_type:lnk_file { create unlink }; |
| 20 | allow ueventd dev_type:chr_file { create setattr unlink }; |
| 21 | allow ueventd dev_type:blk_file { create setattr unlink }; |
Stephen Smalley | 1601132 | 2014-02-24 15:06:11 -0500 | [diff] [blame] | 22 | allow ueventd self:netlink_kobject_uevent_socket create_socket_perms; |
William Roberts | 85c5fc2 | 2013-10-06 15:36:11 -0400 | [diff] [blame] | 23 | allow ueventd efs_file:dir search; |
| 24 | allow ueventd efs_file:file r_file_perms; |