| Todd Poynor | b2b87d9 | 2013-06-03 14:09:54 -0700 | [diff] [blame] | 1 | # healthd seclabel is specified in init.rc since |
| 2 | # it lives in the rootfs and has no unique file type. |
| 3 | type healthd, domain; |
| Todd Poynor | b2b87d9 | 2013-06-03 14:09:54 -0700 | [diff] [blame] | 4 | |
| Stephen Smalley | 2a604ad | 2013-11-04 09:53:46 -0500 | [diff] [blame] | 5 | allow healthd rootfs:file { read entrypoint }; |
| Todd Poynor | b2b87d9 | 2013-06-03 14:09:54 -0700 | [diff] [blame] | 6 | write_klog(healthd) |
| Stephen Smalley | 190c704 | 2014-01-22 13:23:02 -0500 | [diff] [blame] | 7 | # /dev/__null__ created by init prior to policy load, |
| 8 | # open fd inherited by healthd. |
| 9 | allow healthd tmpfs:chr_file { read write }; |
| Todd Poynor | b2b87d9 | 2013-06-03 14:09:54 -0700 | [diff] [blame] | 10 | |
| Stephen Smalley | 2a604ad | 2013-11-04 09:53:46 -0500 | [diff] [blame] | 11 | allow healthd self:capability { net_admin mknod }; |
| 12 | allow healthd self:capability2 block_suspend; |
| 13 | allow healthd self:netlink_kobject_uevent_socket create_socket_perms; |
| 14 | binder_use(healthd) |
| Nick Kralevich | 09e6abd | 2013-12-13 22:19:45 -0800 | [diff] [blame] | 15 | binder_service(healthd) |
| Stephen Smalley | 2a604ad | 2013-11-04 09:53:46 -0500 | [diff] [blame] | 16 | binder_call(healthd, system_server) |
| Nick Kralevich | 0352393 | 2014-01-27 16:15:00 -0800 | [diff] [blame] | 17 | |
| 18 | ### |
| 19 | ### healthd: charger mode |
| 20 | ### |
| 21 | |
| 22 | allow healthd graphics_device:dir r_dir_perms; |
| 23 | allow healthd graphics_device:chr_file rw_file_perms; |
| 24 | allow healthd input_device:dir r_dir_perms; |
| 25 | allow healthd input_device:chr_file r_file_perms; |
| 26 | allow healthd ashmem_device:chr_file execute; |
| 27 | allow healthd self:process execmem; |