| Tri Vo | bc8dc3a | 2019-05-26 13:17:08 -0700 | [diff] [blame^] | 1 | typeattribute init coredomain; |
| 2 | |
| 3 | tmpfs_domain(init) |
| 4 | |
| 5 | # Transitions to seclabel processes in init.rc |
| 6 | domain_trans(init, rootfs, healthd) |
| 7 | domain_trans(init, rootfs, slideshow) |
| 8 | domain_auto_trans(init, charger_exec, charger) |
| 9 | domain_auto_trans(init, e2fs_exec, e2fs) |
| 10 | domain_auto_trans(init, bpfloader_exec, bpfloader) |
| 11 | |
| 12 | recovery_only(` |
| 13 | # Files in recovery image are labeled as rootfs. |
| 14 | domain_trans(init, rootfs, adbd) |
| 15 | domain_trans(init, rootfs, charger) |
| 16 | domain_trans(init, rootfs, fastbootd) |
| 17 | domain_trans(init, rootfs, recovery) |
| 18 | ') |
| 19 | domain_trans(init, shell_exec, shell) |
| 20 | domain_trans(init, init_exec, ueventd) |
| 21 | domain_trans(init, init_exec, vendor_init) |
| 22 | domain_trans(init, { rootfs toolbox_exec }, modprobe) |
| 23 | userdebug_or_eng(` |
| 24 | # case where logpersistd is actually logcat -f in logd context (nee: logcatd) |
| 25 | domain_auto_trans(init, logcat_exec, logpersist) |
| 26 | |
| 27 | # allow init to execute services marked with seclabel u:r:su:s0 in userdebug/eng |
| 28 | allow init su:process transition; |
| 29 | dontaudit init su:process noatsecure; |
| 30 | allow init su:process { siginh rlimitinh }; |
| 31 | ') |
| 32 | |
| 33 | # Allow the BoringSSL self test to request a reboot upon failure |
| 34 | set_prop(init, powerctl_prop) |