device/amlogic/common.git - Unnamed repository; edit this file 'description' to name the repository.

1 allow init self:capability { sys_module };
2 allow init tmpfs:lnk_file { create_file_perms };
3 allow init tmpfs:blk_file { getattr read write open };
4
5 allow init sysfs:dir { add_name };
6 allow init sysfs:file { create };
7
8 allow init kernel:system module_request;
9 allow init configfs:file { create getattr open unlink write };
10
11 allow init cgroup:file create_file_perms;
12 allow init { system_file vendor_file rootfs}:system { module_load };
13
14 allow init vendor_file:file { execute };
15
16 allow init { tee_block_device userdata_block_device cache_block_device block_device }:blk_file { relabelto write read };
17 allow init { vendor_block_device system_block_fsck_device odm_block_device param_block_device }:blk_file { relabelto write read };
18
19
20 allow init configfs:file { create getattr open unlink write };
21 allow init configfs:lnk_file { create unlink };
22
23 allow init sysfs_devices_system_cpu:file { create };
24 allow init sysfs_devices_system_cpu:dir { write add_name };
25 allow init functionfs:dir mounton;
26
27 allow init property_socket:sock_file write;
28 allow init proc:dir { write add_name };
29 allow init proc:file { create };
30
31 allow init socket_device:sock_file { create setattr unlink };
32
33 allow init drm_device:chr_file { setattr read write open ioctl };
34 allow init firmload_exec:file {getattr};
35
36 #
37 #
38 ## add system_control service
39 ##domain_trans(init, system_control_exec, system_control)
40 #domain_auto_trans(init, system_control_exec, system_control)
41 #
42 ##allow init imageserver_service:service_manager add;
43 #domain_trans(init, imageserver_exec, imageserver)
44 #
45 #domain_trans(init, shell_exec, logcat)
46 #
47 #domain_trans(init, tee_exec, tee)
48 #allow init fuse:file { open read write };
49 #allow init fuse:dir search;
50 #
51 ##allow tvserver service
52 #domain_trans(init, tvserver_exec, tvserver)
53 #domain_auto_trans(init, tvserver_exec, tvserver)
54 #
55 ##allow hdmi_cec service
56 #domain_trans(init, hdmi_cec_exec, hdmi_cec)
57 #domain_auto_trans(init, hdmi_cec_exec, hdmi_cec)
58 #
59 ##allow dv_config service
60 #domain_trans(init, dv_config_exec, dv_config)
61 #domain_auto_trans(init, dv_config_exec, dv_config)
62 #
63 #domain_trans(init, make_ext4fs_exec, make_ext4fs)
64 #
65 #domain_trans(init, hdcp_tx22_exec, hdcp_tx22)
66 #
67 #domain_trans(init, bcmdl_exec, bcmdl);
68 ##allow usbpm service
69 #domain_trans(init, usbpm_exec, usbpm)
70 #domain_auto_trans(init, usbpm_exec, usbpm)
71 #
72 #allow init property_socket:sock_file write;
73 #allow param_tv_file rootfs:filesystem { associate };
74 #
75 #allow init vfat:dir rw_dir_perms;
76 #allow init vfat:file create_file_perms;
77 #
78 #allow init init:tcp_socket create_stream_socket_perms;
79 #allow init port:tcp_socket name_bind;
80 #allow init node:tcp_socket node_bind;
81 #allow init tmpfs:lnk_file {create_file_perms};
82 #allow init socket_device:sock_file create_file_perms;
83 #allow init functionfs:file mounton;
84 #allow init functionfs:dir mounton;
85 #allow init system_data_file:file {link};
86 allow init debugfs:dir mounton;
87 #allow init debugfs:file w_file_perms;
88 #allow init userdata_block_device:blk_file rw_file_perms;
89 #allow init cache_block_device:blk_file rw_file_perms;
90
91 #allow init tee_block_device:blk_file rw_file_perms;
92 #allow init odm_block_device:blk_file rw_file_perms;
93
94 #
95 #recovery_only(`
96 #  domain_trans(init, rootfs, shell)
97 #  domain_trans(init, rootfs, adbd)
98 #')
99 #
100 #allow init property_socket:sock_file write;
101 #allow init configfs:file { create getattr open unlink write };
102 #allow init configfs:lnk_file { create };
103 #allow init sysfs_devices_system_cpu:dir { add_name write };
104 #allow init sysfs_devices_system_cpu:file { create };
105 #
106 #allow init sysfs:dir { add_name };
107 #allow init sysfs:file { create };
108 #allow init cgroup:file create_file_perms;
109 #allow init kernel:system module_request;
110 #
111 #allow init { system_file vendor_file rootfs}:system { module_load };
112
1	allow init self:capability { sys_module };
2	allow init tmpfs:lnk_file { create_file_perms };
3	allow init tmpfs:blk_file { getattr read write open };
4
5	allow init sysfs:dir { add_name };
6	allow init sysfs:file { create };
7
8	allow init kernel:system module_request;
9	allow init configfs:file { create getattr open unlink write };
10
11	allow init cgroup:file create_file_perms;
12	allow init { system_file vendor_file rootfs}:system { module_load };
13
14	allow init vendor_file:file { execute };
15
16	allow init { tee_block_device userdata_block_device cache_block_device block_device }:blk_file { relabelto write read };
17	allow init { vendor_block_device system_block_fsck_device odm_block_device param_block_device }:blk_file { relabelto write read };
18
19
20	allow init configfs:file { create getattr open unlink write };
21	allow init configfs:lnk_file { create unlink };
22
23	allow init sysfs_devices_system_cpu:file { create };
24	allow init sysfs_devices_system_cpu:dir { write add_name };
25	allow init functionfs:dir mounton;
26
27	allow init property_socket:sock_file write;
28	allow init proc:dir { write add_name };
29	allow init proc:file { create };
30
31	allow init socket_device:sock_file { create setattr unlink };
32
33	allow init drm_device:chr_file { setattr read write open ioctl };
34	allow init firmload_exec:file {getattr};
35
36	#
37	#
38	## add system_control service
39	##domain_trans(init, system_control_exec, system_control)
40	#domain_auto_trans(init, system_control_exec, system_control)
41	#
42	##allow init imageserver_service:service_manager add;
43	#domain_trans(init, imageserver_exec, imageserver)
44	#
45	#domain_trans(init, shell_exec, logcat)
46	#
47	#domain_trans(init, tee_exec, tee)
48	#allow init fuse:file { open read write };
49	#allow init fuse:dir search;
50	#
51	##allow tvserver service
52	#domain_trans(init, tvserver_exec, tvserver)
53	#domain_auto_trans(init, tvserver_exec, tvserver)
54	#
55	##allow hdmi_cec service
56	#domain_trans(init, hdmi_cec_exec, hdmi_cec)
57	#domain_auto_trans(init, hdmi_cec_exec, hdmi_cec)
58	#
59	##allow dv_config service
60	#domain_trans(init, dv_config_exec, dv_config)
61	#domain_auto_trans(init, dv_config_exec, dv_config)
62	#
63	#domain_trans(init, make_ext4fs_exec, make_ext4fs)
64	#
65	#domain_trans(init, hdcp_tx22_exec, hdcp_tx22)
66	#
67	#domain_trans(init, bcmdl_exec, bcmdl);
68	##allow usbpm service
69	#domain_trans(init, usbpm_exec, usbpm)
70	#domain_auto_trans(init, usbpm_exec, usbpm)
71	#
72	#allow init property_socket:sock_file write;
73	#allow param_tv_file rootfs:filesystem { associate };
74	#
75	#allow init vfat:dir rw_dir_perms;
76	#allow init vfat:file create_file_perms;
77	#
78	#allow init init:tcp_socket create_stream_socket_perms;
79	#allow init port:tcp_socket name_bind;
80	#allow init node:tcp_socket node_bind;
81	#allow init tmpfs:lnk_file {create_file_perms};
82	#allow init socket_device:sock_file create_file_perms;
83	#allow init functionfs:file mounton;
84	#allow init functionfs:dir mounton;
85	#allow init system_data_file:file {link};
86	allow init debugfs:dir mounton;
87	#allow init debugfs:file w_file_perms;
88	#allow init userdata_block_device:blk_file rw_file_perms;
89	#allow init cache_block_device:blk_file rw_file_perms;
90
91	#allow init tee_block_device:blk_file rw_file_perms;
92	#allow init odm_block_device:blk_file rw_file_perms;
93
94	#
95	#recovery_only(`
96	# domain_trans(init, rootfs, shell)
97	# domain_trans(init, rootfs, adbd)
98	#')
99	#
100	#allow init property_socket:sock_file write;
101	#allow init configfs:file { create getattr open unlink write };
102	#allow init configfs:lnk_file { create };
103	#allow init sysfs_devices_system_cpu:dir { add_name write };
104	#allow init sysfs_devices_system_cpu:file { create };
105	#
106	#allow init sysfs:dir { add_name };
107	#allow init sysfs:file { create };
108	#allow init cgroup:file create_file_perms;
109	#allow init kernel:system module_request;
110	#
111	#allow init { system_file vendor_file rootfs}:system { module_load };
112