| Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 1 | # init switches to init domain (via init.rc). |
| 2 | type init, domain; |
| Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 3 | # init is unconfined. |
| 4 | unconfined_domain(init) |
| 5 | tmpfs_domain(init) |
| Nick Kralevich | 0c9708b | 2013-07-10 14:46:05 -0700 | [diff] [blame] | 6 | relabelto_domain(init) |
| repo sync | 77d4731 | 2013-05-17 17:11:29 -0700 | [diff] [blame] | 7 | # add a rule to handle unlabelled mounts |
| 8 | allow init unlabeled:filesystem mount; |
| Nick Kralevich | 0c9708b | 2013-07-10 14:46:05 -0700 | [diff] [blame] | 9 | |
| Stephen Smalley | 5487ca0 | 2014-02-10 16:31:04 -0500 | [diff] [blame^] | 10 | allow init self:capability { sys_rawio mknod }; |
| 11 | |
| Stephen Smalley | b081cc1 | 2014-02-10 13:29:38 -0500 | [diff] [blame] | 12 | allow init fs_type:filesystem *; |
| Nick Kralevich | 0c9708b | 2013-07-10 14:46:05 -0700 | [diff] [blame] | 13 | allow init {fs_type dev_type file_type}:dir_file_class_set relabelto; |
| Stephen Smalley | fea6e66 | 2013-12-06 08:05:53 -0500 | [diff] [blame] | 14 | allow init kernel:security load_policy; |
| Stephen Smalley | 7adb999 | 2013-12-06 09:31:40 -0500 | [diff] [blame] | 15 | allow init usermodehelper:file rw_file_perms; |
| 16 | allow init proc_security:file rw_file_perms; |
| Nick Kralevich | fed8a2a | 2014-01-24 20:43:07 -0800 | [diff] [blame] | 17 | |
| 18 | # Transitions to seclabel processes in init.rc |
| 19 | allow init adbd:process transition; |
| 20 | allow init healthd:process transition; |
| 21 | allow init recovery:process transition; |
| 22 | allow init shell:process transition; |
| 23 | allow init ueventd:process transition; |
| 24 | allow init watchdogd:process transition; |