diff options
Diffstat (limited to 'sepolicy/init.te')
-rw-r--r-- | sepolicy/init.te | 21 |
1 files changed, 2 insertions, 19 deletions
diff --git a/sepolicy/init.te b/sepolicy/init.te index 8a1581e..2329198 100644 --- a/sepolicy/init.te +++ b/sepolicy/init.te | |||
@@ -1,28 +1,11 @@ | |||
1 | #For holding a wake_lock in init.rc | 1 | #For loading modules via init.rc (ex: wifi) |
2 | wakelock_use(init) | ||
3 | |||
4 | #For loading modules via init.rc | ||
5 | allow init self:capability sys_module; | 2 | allow init self:capability sys_module; |
6 | |||
7 | #Create symlinks for storage | 3 | #Create symlinks for storage |
8 | allow init tmpfs:lnk_file create_file_perms; | 4 | allow init tmpfs:lnk_file create_file_perms; |
9 | |||
10 | # Allow module insertion | 5 | # Allow module insertion |
11 | allow init vendor_file:system module_load; | 6 | allow init vendor_file:system module_load; |
12 | |||
13 | # Configfs | 7 | # Configfs |
14 | allow init configfs:file write; | 8 | allow init configfs:file write; |
15 | allow init configfs:lnk_file { create unlink } ; | 9 | allow init configfs:lnk_file { create unlink } ; |
16 | 10 | ||
17 | # For cgroups creating | 11 | dontaudit init proc:file write; |
18 | allow init cgroup:file create; | ||
19 | |||
20 | # Access to /proc | ||
21 | allow init proc:dir { add_name write }; | ||
22 | allow init proc:file create; | ||
23 | |||
24 | # Access to /sys | ||
25 | allow init sysfs:file create; | ||
26 | allow init sysfs:dir add_name; | ||
27 | |||
28 | dontaudit init self:capability dac_read_search; | ||