device/amlogic/common.git - Unnamed repository; edit this file 'description' to name the repository.

1 allow vendor_init rootfs:dir { create_dir_perms relabelfrom };
2 #allow vendor_init { hdcp_file }:dir { setattr search };
3 #allow vendor_init update_data_file:dir { read };
4
5 #allow vendor_init sysfs_devices_system_cpu:dir { write add_name create };
6 allow vendor_init sysfs_devices_system_cpu:file { create };
7
8 allow vendor_init debugfs:dir { mounton };
9 allow vendor_init debugfs:file { read write };
10
11 allow vendor_init update_data_file:file { read };
12
13 allow vendor_init self:capability sys_module;
14 allow vendor_init vendor_file:system module_load;
15
16 allow vendor_init rootfs:dir { read relabelfrom };
17 allow vendor_init self:capability sys_module;
18
19 allow vendor_init proc:file write;
20 allow vendor_init unlabeled:dir search;
21
22 allow vendor_init proc_vm_writable:file rw_file_perms;
23
24 allow vendor_init ffs_prop:property_service set;
25
26 # optee
27 allow vendor_init drm_device:chr_file setattr;
28
29 # allow init mount a new filesystem and set its selinux contexts
30 allow vendor_init unlabeled:dir { getattr read relabelfrom setattr };
31
32 set_prop(vendor_init, vendor_platform_prop)
33 # set_prop(vendor_init, shell_prop)
34 set_prop(vendor_init, vendor_app_prop)
35 set_prop(vendor_init, media_prop)
36 set_prop(vendor_init, audio_prop)
37 set_prop(vendor_init, tv_prop)
38 set_prop(vendor_init, netflix_prop)
39 # set_prop(vendor_init, vold_prop)
40 # set_prop(vendor_init, config_prop)
41 set_prop(vendor_init, oem_prop)
42 set_prop(vendor_init, exported_default_prop)
43 set_prop(vendor_init, system_prop)
44 set_prop(vendor_init, vendor_persist_prop)
45 allow vendor_init vendor_persist_prop:property_service {set};
46 allow vendor_init tee_vendor_file:dir { create relabelto };
47
1	allow vendor_init rootfs:dir { create_dir_perms relabelfrom };
2	#allow vendor_init { hdcp_file }:dir { setattr search };
3	#allow vendor_init update_data_file:dir { read };
4
5	#allow vendor_init sysfs_devices_system_cpu:dir { write add_name create };
6	allow vendor_init sysfs_devices_system_cpu:file { create };
7
8	allow vendor_init debugfs:dir { mounton };
9	allow vendor_init debugfs:file { read write };
10
11	allow vendor_init update_data_file:file { read };
12
13	allow vendor_init self:capability sys_module;
14	allow vendor_init vendor_file:system module_load;
15
16	allow vendor_init rootfs:dir { read relabelfrom };
17	allow vendor_init self:capability sys_module;
18
19	allow vendor_init proc:file write;
20	allow vendor_init unlabeled:dir search;
21
22	allow vendor_init proc_vm_writable:file rw_file_perms;
23
24	allow vendor_init ffs_prop:property_service set;
25
26	# optee
27	allow vendor_init drm_device:chr_file setattr;
28
29	# allow init mount a new filesystem and set its selinux contexts
30	allow vendor_init unlabeled:dir { getattr read relabelfrom setattr };
31
32	set_prop(vendor_init, vendor_platform_prop)
33	# set_prop(vendor_init, shell_prop)
34	set_prop(vendor_init, vendor_app_prop)
35	set_prop(vendor_init, media_prop)
36	set_prop(vendor_init, audio_prop)
37	set_prop(vendor_init, tv_prop)
38	set_prop(vendor_init, netflix_prop)
39	# set_prop(vendor_init, vold_prop)
40	# set_prop(vendor_init, config_prop)
41	set_prop(vendor_init, oem_prop)
42	set_prop(vendor_init, exported_default_prop)
43	set_prop(vendor_init, system_prop)
44	set_prop(vendor_init, vendor_persist_prop)
45	allow vendor_init vendor_persist_prop:property_service {set};
46	allow vendor_init tee_vendor_file:dir { create relabelto };
47