Split general policy into public and private components.
Divide policy into public and private components. This is the first
step in splitting the policy creation for platform and non-platform
policies. The policy in the public directory will be exported for use
in non-platform policy creation. Backwards compatibility with it will
be achieved by converting the exported policy into attribute-based
policy when included as part of the non-platform policy and a mapping
file will be maintained to be included with the platform policy that
maps exported attributes of previous versions to the current platform
version.
Eventually we would like to create a clear interface between the
platform and non-platform device components so that the exported policy,
and the need for attributes is minimal. For now, almost all types and
avrules are left in public.
Test: Tested by building policy and running on device.
Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
diff --git a/private/init.te b/private/init.te
new file mode 100644
index 0000000..c235454
--- /dev/null
+++ b/private/init.te
@@ -0,0 +1,18 @@
+# type_transition must be private policy the domain_trans rules could stay
+# public, but conceptually should go with this
+tmpfs_domain(init)
+
+# Transitions to seclabel processes in init.rc
+domain_trans(init, rootfs, adbd)
+domain_trans(init, rootfs, healthd)
+domain_trans(init, rootfs, slideshow)
+recovery_only(`
+ domain_trans(init, rootfs, recovery)
+')
+domain_trans(init, shell_exec, shell)
+domain_trans(init, init_exec, ueventd)
+domain_trans(init, init_exec, watchdogd)
+# case where logpersistd is actually logcat -f in logd context (nee: logcatd)
+userdebug_or_eng(`
+ domain_auto_trans(init, logcat_exec, logd)
+')