| Stephen Smalley | b3cb969 | 2014-02-21 13:45:29 -0500 | [diff] [blame] | 1 | # Restricted domain for shell processes spawned by init. |
| 2 | # Normally these are shell commands or scripts invoked via sh |
| 3 | # from an init*.rc file. No service should ever run in this domain. |
| Stephen Smalley | 42fb824 | 2014-06-11 07:10:09 -0400 | [diff] [blame] | 4 | type init_shell, domain; |
| Alex Klyubin | 8199123 | 2013-05-06 13:24:27 -0700 | [diff] [blame] | 5 | domain_auto_trans(init, shell_exec, init_shell) |
| Stephen Smalley | 42fb824 | 2014-06-11 07:10:09 -0400 | [diff] [blame] | 6 | permissive_or_unconfined(init_shell) |
| Stephen Smalley | f3c3a1a | 2014-06-19 09:07:17 -0400 | [diff] [blame] | 7 | |
| 8 | # Run helpers from / or /system without changing domain. |
| 9 | allow init_shell rootfs:file execute_no_trans; |
| 10 | allow init_shell system_file:file execute_no_trans; |