blob: cb8ae6b2dce1d459a73920156b067b3ddebec0f1
1 | type droidvold, domain; |
2 | type droidvold_exec, exec_type, vendor_file_type, file_type; |
3 | |
4 | init_daemon_domain(droidvold) |
5 | |
6 | allow droidvold self:capability { setgid setuid }; |
7 | |
8 | allow droidvold cpuctl_device:dir search; |
9 | |
10 | allow droidvold device:dir { open read }; |
11 | allow droidvold usb_device:dir { open read search }; |
12 | allow droidvold system_data_file:fifo_file { open read write }; |
13 | |
14 | allow droidvold block_device:dir { create read write search add_name }; |
15 | |
16 | allow droidvold fuseblk:filesystem mount; |
17 | |
18 | #allow droidvold self:capability { dac_override sys_admin }; |
19 | |
20 | allow droidvold tmpfs:dir create_dir_perms; |
21 | allow droidvold tmpfs:dir mounton; |
22 | |
23 | allow droidvold kernel:system module_request; |
24 | allow droidvold mnt_media_rw_file:dir { r_dir_perms }; |
25 | allow droidvold mnt_media_rw_stub_file:dir { r_dir_perms mounton }; |
26 | |
27 | allow droidvold droidvold:netlink_kobject_uevent_socket { create setopt bind read getopt }; |
28 | allow droidvold self:capability { net_admin }; |
29 | |
30 | allow droidvold rootfs:dir mounton; |
31 | allow droidvold rootfs:file { read open getattr }; |
32 | |
33 | allow droidvold { sysfs sysfs_zram sysfs_zram_uevent }:dir { open read search }; |
34 | allow droidvold { sysfs sysfs_zram sysfs_zram_uevent }:file { write open read }; |
35 | |
36 | allow droidvold file_contexts_file:file r_file_perms; |
37 | |
38 | allow proc_net proc:filesystem { associate }; |
39 |