Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / sepolicy / 208deb335719280c11ab0e6aa033bfd33629320a / . / kernel.te
blob: dfc6258252021e92c20bf414acb54e8a1aa92c0d [file] [log] [blame]
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]1# Life begins with the kernel.
2type kernel, domain;
Nick Kralevichfed8a2a2014-01-24 20:43:07 -0800[diff] [blame]3
4allow kernel init:process dyntransition;
5
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]6# The kernel is unconfined.
7unconfined_domain(kernel)
Nick Kralevich0c9708b2013-07-10 14:46:05 -0700[diff] [blame]8relabelto_domain(kernel)
9
10allow kernel {fs_type dev_type file_type}:dir_file_class_set relabelto;
Geremy Condra217f8af2013-09-05 15:36:30 -0700[diff] [blame]11allow kernel unlabeled:filesystem mount;
Stephen Smalleyfea6e662013-12-06 08:05:53 -0500[diff] [blame]12
13# Initial setenforce by init prior to switching to init domain.
14allow kernel self:security setenforce;
Stephen Smalley8b516742014-01-08 09:29:30 -0500[diff] [blame]15
16# Set checkreqprot by init.rc prior to switching to init domain.
17allow kernel self:security setcheckreqprot;