device/amlogic-o.git - Unnamed repository; edit this file 'description' to name the repository.

1 type droidvold, domain;
2 type droidvold_exec, exec_type, vendor_file_type, file_type;
3
4 init_daemon_domain(droidvold)
5
6 allow droidvold self:capability { setgid setuid };
7
8 allow droidvold cpuctl_device:dir search;
9
10 allow droidvold device:dir { open read };
11 allow droidvold usb_device:dir { open read search };
12 allow droidvold system_data_file:fifo_file { open read write };
13
14 allow droidvold block_device:dir { create read write search add_name };
15
16 allow droidvold fuseblk:filesystem mount;
17
18 #allow droidvold self:capability { dac_override sys_admin };
19
20 allow droidvold tmpfs:dir create_dir_perms;
21 allow droidvold tmpfs:dir mounton;
22
23 allow droidvold kernel:system module_request;
24 allow droidvold mnt_media_rw_file:dir { r_dir_perms };
25 allow droidvold mnt_media_rw_stub_file:dir { r_dir_perms mounton };
26
27 allow droidvold droidvold:netlink_kobject_uevent_socket { create setopt bind read getopt };
28 allow droidvold self:capability { net_admin };
29
30 allow droidvold rootfs:dir mounton;
31 allow droidvold rootfs:file { read open getattr };
32
33 allow droidvold { sysfs sysfs_zram sysfs_zram_uevent }:dir { open read search };
34 allow droidvold { sysfs sysfs_zram sysfs_zram_uevent }:file { write open read };
35
36 allow droidvold file_contexts_file:file r_file_perms;
37
38 allow proc_net proc:filesystem { associate };
39
1	type droidvold, domain;
2	type droidvold_exec, exec_type, vendor_file_type, file_type;
3
4	init_daemon_domain(droidvold)
5
6	allow droidvold self:capability { setgid setuid };
7
8	allow droidvold cpuctl_device:dir search;
9
10	allow droidvold device:dir { open read };
11	allow droidvold usb_device:dir { open read search };
12	allow droidvold system_data_file:fifo_file { open read write };
13
14	allow droidvold block_device:dir { create read write search add_name };
15
16	allow droidvold fuseblk:filesystem mount;
17
18	#allow droidvold self:capability { dac_override sys_admin };
19
20	allow droidvold tmpfs:dir create_dir_perms;
21	allow droidvold tmpfs:dir mounton;
22
23	allow droidvold kernel:system module_request;
24	allow droidvold mnt_media_rw_file:dir { r_dir_perms };
25	allow droidvold mnt_media_rw_stub_file:dir { r_dir_perms mounton };
26
27	allow droidvold droidvold:netlink_kobject_uevent_socket { create setopt bind read getopt };
28	allow droidvold self:capability { net_admin };
29
30	allow droidvold rootfs:dir mounton;
31	allow droidvold rootfs:file { read open getattr };
32
33	allow droidvold { sysfs sysfs_zram sysfs_zram_uevent }:dir { open read search };
34	allow droidvold { sysfs sysfs_zram sysfs_zram_uevent }:file { write open read };
35
36	allow droidvold file_contexts_file:file r_file_perms;
37
38	allow proc_net proc:filesystem { associate };
39