blob: f151ce81ce574d31a1dad697fb6dde19879b733e
1 | allow init self:capability { sys_module }; |
2 | allow init tmpfs:lnk_file { create_file_perms }; |
3 | allow init tmpfs:blk_file { getattr read write open }; |
4 | |
5 | allow init sysfs:dir { add_name }; |
6 | allow init sysfs:file { create }; |
7 | |
8 | allow init kernel:system module_request; |
9 | allow init configfs:file { create getattr open unlink write }; |
10 | |
11 | allow init cgroup:file create_file_perms; |
12 | allow init { system_file vendor_file rootfs}:system { module_load }; |
13 | |
14 | allow init vendor_file:file { execute }; |
15 | |
16 | allow init { tee_block_device userdata_block_device cache_block_device block_device }:blk_file { relabelto write read }; |
17 | allow init { vendor_block_device system_block_fsck_device odm_block_device param_block_device }:blk_file { relabelto write read }; |
18 | |
19 | |
20 | allow init configfs:file { create getattr open unlink write }; |
21 | allow init configfs:lnk_file { create unlink }; |
22 | |
23 | allow init sysfs_devices_system_cpu:file { create }; |
24 | allow init sysfs_devices_system_cpu:dir { write add_name }; |
25 | allow init functionfs:dir mounton; |
26 | |
27 | allow init property_socket:sock_file write; |
28 | allow init proc:dir { write add_name }; |
29 | allow init proc:file { create }; |
30 | |
31 | allow init socket_device:sock_file { create setattr unlink }; |
32 | |
33 | allow init drm_device:chr_file { setattr read write open ioctl }; |
34 | allow init firmload_exec:file {getattr}; |
35 | |
36 | # |
37 | # |
38 | ## add system_control service |
39 | ##domain_trans(init, system_control_exec, system_control) |
40 | #domain_auto_trans(init, system_control_exec, system_control) |
41 | # |
42 | ##allow init imageserver_service:service_manager add; |
43 | #domain_trans(init, imageserver_exec, imageserver) |
44 | # |
45 | #domain_trans(init, shell_exec, logcat) |
46 | # |
47 | #domain_trans(init, tee_exec, tee) |
48 | #allow init fuse:file { open read write }; |
49 | #allow init fuse:dir search; |
50 | # |
51 | ##allow tvserver service |
52 | #domain_trans(init, tvserver_exec, tvserver) |
53 | #domain_auto_trans(init, tvserver_exec, tvserver) |
54 | # |
55 | ##allow hdmi_cec service |
56 | #domain_trans(init, hdmi_cec_exec, hdmi_cec) |
57 | #domain_auto_trans(init, hdmi_cec_exec, hdmi_cec) |
58 | # |
59 | ##allow dv_config service |
60 | #domain_trans(init, dv_config_exec, dv_config) |
61 | #domain_auto_trans(init, dv_config_exec, dv_config) |
62 | # |
63 | #domain_trans(init, make_ext4fs_exec, make_ext4fs) |
64 | # |
65 | #domain_trans(init, hdcp_tx22_exec, hdcp_tx22) |
66 | # |
67 | #domain_trans(init, bcmdl_exec, bcmdl); |
68 | ##allow usbpm service |
69 | #domain_trans(init, usbpm_exec, usbpm) |
70 | #domain_auto_trans(init, usbpm_exec, usbpm) |
71 | # |
72 | #allow init property_socket:sock_file write; |
73 | #allow param_tv_file rootfs:filesystem { associate }; |
74 | # |
75 | #allow init vfat:dir rw_dir_perms; |
76 | #allow init vfat:file create_file_perms; |
77 | # |
78 | #allow init init:tcp_socket create_stream_socket_perms; |
79 | #allow init port:tcp_socket name_bind; |
80 | #allow init node:tcp_socket node_bind; |
81 | #allow init tmpfs:lnk_file {create_file_perms}; |
82 | #allow init socket_device:sock_file create_file_perms; |
83 | #allow init functionfs:file mounton; |
84 | #allow init functionfs:dir mounton; |
85 | #allow init system_data_file:file {link}; |
86 | #allow init debugfs:dir mounton; |
87 | #allow init debugfs:file w_file_perms; |
88 | #allow init userdata_block_device:blk_file rw_file_perms; |
89 | #allow init cache_block_device:blk_file rw_file_perms; |
90 | |
91 | #allow init tee_block_device:blk_file rw_file_perms; |
92 | #allow init odm_block_device:blk_file rw_file_perms; |
93 | |
94 | # |
95 | #recovery_only(` |
96 | # domain_trans(init, rootfs, shell) |
97 | # domain_trans(init, rootfs, adbd) |
98 | #') |
99 | # |
100 | #allow init property_socket:sock_file write; |
101 | #allow init configfs:file { create getattr open unlink write }; |
102 | #allow init configfs:lnk_file { create }; |
103 | #allow init sysfs_devices_system_cpu:dir { add_name write }; |
104 | #allow init sysfs_devices_system_cpu:file { create }; |
105 | # |
106 | #allow init sysfs:dir { add_name }; |
107 | #allow init sysfs:file { create }; |
108 | #allow init cgroup:file create_file_perms; |
109 | #allow init kernel:system module_request; |
110 | # |
111 | #allow init { system_file vendor_file rootfs}:system { module_load }; |
112 |