blob: 275b00cd8d708da192614d44a956eeb11e824a34
1 | allow init self:capability { sys_module }; |
2 | # add system_control service |
3 | domain_trans(init, system_control_exec, system_control) |
4 | domain_auto_trans(init, system_control_exec, system_control) |
5 | |
6 | #allow init imageserver_service:service_manager add; |
7 | domain_trans(init, imageserver_exec, imageserver) |
8 | |
9 | domain_trans(init, shell_exec, logcat) |
10 | |
11 | domain_trans(init, tee_exec, tee) |
12 | allow init fuse:file { open read write }; |
13 | allow init fuse:dir search; |
14 | |
15 | #allow tvserver service |
16 | domain_trans(init, tvserver_exec, tvserver) |
17 | domain_auto_trans(init, tvserver_exec, tvserver) |
18 | |
19 | #allow hdmi_cec service |
20 | domain_trans(init, hdmi_cec_exec, hdmi_cec) |
21 | domain_auto_trans(init, hdmi_cec_exec, hdmi_cec) |
22 | |
23 | #allow dv_config service |
24 | domain_trans(init, dv_config_exec, dv_config) |
25 | domain_auto_trans(init, dv_config_exec, dv_config) |
26 | |
27 | domain_trans(init, make_ext4fs_exec, make_ext4fs) |
28 | |
29 | domain_trans(init, hdcp_tx22_exec, hdcp_tx22) |
30 | |
31 | domain_trans(init, bcmdl_exec, bcmdl); |
32 | #allow usbpm service |
33 | domain_trans(init, usbpm_exec, usbpm) |
34 | domain_auto_trans(init, usbpm_exec, usbpm) |
35 | |
36 | allow init property_socket:sock_file write; |
37 | allow param_tv_file rootfs:filesystem { associate }; |
38 | |
39 | allow init vfat:dir rw_dir_perms; |
40 | allow init vfat:file create_file_perms; |
41 | |
42 | allow init init:tcp_socket create_stream_socket_perms; |
43 | allow init port:tcp_socket name_bind; |
44 | allow init node:tcp_socket node_bind; |
45 | allow init tmpfs:lnk_file {create_file_perms}; |
46 | allow init socket_device:sock_file create_file_perms; |
47 | allow init functionfs:file mounton; |
48 | allow init functionfs:dir mounton; |
49 | allow init system_data_file:file {link}; |
50 | allow init debugfs:dir mounton; |
51 | allow init debugfs:file w_file_perms; |
52 | allow init userdata_block_device:blk_file rw_file_perms; |
53 | allow init cache_block_device:blk_file rw_file_perms; |
54 | allow init drm_device:chr_file {setattr read write open ioctl}; |
55 | allow init tee_block_device:blk_file rw_file_perms; |
56 | allow init odm_block_device:blk_file rw_file_perms; |
57 | allow shell drm_device:chr_file rw_file_perms; |
58 | allow init firmload_exec:file {getattr}; |
59 | |
60 | recovery_only(` |
61 | domain_trans(init, rootfs, shell) |
62 | domain_trans(init, rootfs, adbd) |
63 | ') |
64 | |
65 | allow init property_socket:sock_file write; |
66 | allow init configfs:file { create getattr open unlink write }; |
67 | allow init configfs:lnk_file { create }; |
68 | allow init sysfs_devices_system_cpu:dir { add_name write }; |
69 | allow init sysfs_devices_system_cpu:file { create }; |
70 | |
71 | allow init sysfs:dir { add_name }; |
72 | allow init sysfs:file { create }; |
73 | allow init cgroup:file create_file_perms; |
74 | allow init kernel:system module_request; |
75 | |
76 | allow init { system_file vendor_file rootfs}:system { module_load }; |
77 |