summaryrefslogtreecommitdiff
path: root/common/sepolicy/init.te (plain)
blob: 275b00cd8d708da192614d44a956eeb11e824a34
1allow init self:capability { sys_module };
2# add system_control service
3domain_trans(init, system_control_exec, system_control)
4domain_auto_trans(init, system_control_exec, system_control)
5
6#allow init imageserver_service:service_manager add;
7domain_trans(init, imageserver_exec, imageserver)
8
9domain_trans(init, shell_exec, logcat)
10
11domain_trans(init, tee_exec, tee)
12allow init fuse:file { open read write };
13allow init fuse:dir search;
14
15#allow tvserver service
16domain_trans(init, tvserver_exec, tvserver)
17domain_auto_trans(init, tvserver_exec, tvserver)
18
19#allow hdmi_cec service
20domain_trans(init, hdmi_cec_exec, hdmi_cec)
21domain_auto_trans(init, hdmi_cec_exec, hdmi_cec)
22
23#allow dv_config service
24domain_trans(init, dv_config_exec, dv_config)
25domain_auto_trans(init, dv_config_exec, dv_config)
26
27domain_trans(init, make_ext4fs_exec, make_ext4fs)
28
29domain_trans(init, hdcp_tx22_exec, hdcp_tx22)
30
31domain_trans(init, bcmdl_exec, bcmdl);
32#allow usbpm service
33domain_trans(init, usbpm_exec, usbpm)
34domain_auto_trans(init, usbpm_exec, usbpm)
35
36allow init property_socket:sock_file write;
37allow param_tv_file rootfs:filesystem { associate };
38
39allow init vfat:dir rw_dir_perms;
40allow init vfat:file create_file_perms;
41
42allow init init:tcp_socket create_stream_socket_perms;
43allow init port:tcp_socket name_bind;
44allow init node:tcp_socket node_bind;
45allow init tmpfs:lnk_file {create_file_perms};
46allow init socket_device:sock_file create_file_perms;
47allow init functionfs:file mounton;
48allow init functionfs:dir mounton;
49allow init system_data_file:file {link};
50allow init debugfs:dir mounton;
51allow init debugfs:file w_file_perms;
52allow init userdata_block_device:blk_file rw_file_perms;
53allow init cache_block_device:blk_file rw_file_perms;
54allow init drm_device:chr_file {setattr read write open ioctl};
55allow init tee_block_device:blk_file rw_file_perms;
56allow init odm_block_device:blk_file rw_file_perms;
57allow shell drm_device:chr_file rw_file_perms;
58allow init firmload_exec:file {getattr};
59
60recovery_only(`
61 domain_trans(init, rootfs, shell)
62 domain_trans(init, rootfs, adbd)
63')
64
65allow init property_socket:sock_file write;
66allow init configfs:file { create getattr open unlink write };
67allow init configfs:lnk_file { create };
68allow init sysfs_devices_system_cpu:dir { add_name write };
69allow init sysfs_devices_system_cpu:file { create };
70
71allow init sysfs:dir { add_name };
72allow init sysfs:file { create };
73allow init cgroup:file create_file_perms;
74allow init kernel:system module_request;
75
76allow init { system_file vendor_file rootfs}:system { module_load };
77
generated by cgit at 2024-05-17 00:28:50 (GMT)