blob: 08b0583174bda85988fd6f64402ba5acbadb2cc5
| 1 | allow vendor_init rootfs:dir { create_dir_perms relabelfrom }; |
| 2 | #allow vendor_init { hdcp_file }:dir { setattr search }; |
| 3 | #allow vendor_init update_data_file:dir { read }; |
| 4 | |
| 5 | #allow vendor_init sysfs_devices_system_cpu:dir { write add_name create }; |
| 6 | allow vendor_init sysfs_devices_system_cpu:file { create }; |
| 7 | |
| 8 | allow vendor_init debugfs:dir { mounton }; |
| 9 | allow vendor_init debugfs:file { read write }; |
| 10 | |
| 11 | allow vendor_init update_data_file:file { read }; |
| 12 | |
| 13 | allow vendor_init self:capability sys_module; |
| 14 | allow vendor_init vendor_file:system module_load; |
| 15 | |
| 16 | allow vendor_init rootfs:dir { read relabelfrom }; |
| 17 | allow vendor_init self:capability sys_module; |
| 18 | |
| 19 | allow vendor_init proc:file write; |
| 20 | allow vendor_init unlabeled:dir search; |
| 21 | |
| 22 | # optee |
| 23 | allow vendor_init drm_device:chr_file setattr; |
| 24 | |
| 25 | # allow init mount a new filesystem and set its selinux contexts |
| 26 | allow vendor_init unlabeled:dir { getattr read relabelfrom setattr }; |
| 27 | |
| 28 | set_prop(vendor_init, vendor_platform_prop) |
| 29 | # set_prop(vendor_init, shell_prop) |
| 30 | set_prop(vendor_init, vendor_app_prop) |
| 31 | set_prop(vendor_init, media_prop) |
| 32 | set_prop(vendor_init, audio_prop) |
| 33 | set_prop(vendor_init, tv_prop) |
| 34 | set_prop(vendor_init, netflix_prop) |
| 35 | # set_prop(vendor_init, vold_prop) |
| 36 | # set_prop(vendor_init, config_prop) |
| 37 | set_prop(vendor_init, oem_prop) |
| 38 | set_prop(vendor_init, exported_default_prop) |
| 39 | set_prop(vendor_init, system_prop) |
| 40 | set_prop(vendor_init, vendor_persist_prop) |
| 41 | allow vendor_init vendor_persist_prop:property_service {set}; |
| 42 | allow vendor_init tee_vendor_file:dir { create relabelto }; |
| 43 |