Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 147cf6482e64b61c29de11d76a618fbbaa530bb3^! / . / private / init.te
commit147cf6482e64b61c29de11d76a618fbbaa530bb3[log] [tgz]
authorJoel Fernandes <joelaf@google.com>Thu Nov 29 13:07:40 2018 -0800
committerJoel Fernandes <joelaf@google.com>Mon Jan 14 10:59:10 2019 -0500
tree3dc984c1076d9e0bfc5edda82766fbb2bbfb4785
parent4bf478828f25850b9a9341a702e6e1d4f4b20660 [diff] [blame]
Allow executing bpfloader from init and modify rules

init needs to execute bpfloader as a one-shot service. Add sepolicy for
the same. Also update old rules allowing init to fork/exec bpfloader and
remove rules allowing netd to do so.

Bug: 112334572
Change-Id: Ic242cd507731ed8af3f8e94d4fccc95819831d37
Signed-off-by: Joel Fernandes <joelaf@google.com>

diff --git a/private/init.te b/private/init.te
index b8b0066..5b1ebc8 100644
--- a/private/init.te
+++ b/private/init.te

@@ -7,6 +7,8 @@
 domain_trans(init, rootfs, healthd)
 domain_trans(init, rootfs, slideshow)
 domain_auto_trans(init, e2fs_exec, e2fs)
+domain_auto_trans(init, bpfloader_exec, bpfloader)
+
 recovery_only(`
   domain_trans(init, rootfs, adbd)
   domain_trans(init, rootfs, fastbootd)