| dcashman | cc39f63 | 2016-07-22 13:13:11 -0700 | [diff] [blame] | 1 | # type_transition must be private policy the domain_trans rules could stay |
| 2 | # public, but conceptually should go with this |
| 3 | tmpfs_domain(init) |
| 4 | |
| 5 | # Transitions to seclabel processes in init.rc |
| 6 | domain_trans(init, rootfs, adbd) |
| Sandeep Patil | dc08245 | 2016-11-01 13:49:10 -0700 | [diff] [blame] | 7 | domain_trans(init, rootfs, charger) |
| Sandeep Patil | 137a13d | 2016-12-15 12:36:45 -0800 | [diff] [blame] | 8 | domain_trans(init, rootfs, healthd) |
| dcashman | cc39f63 | 2016-07-22 13:13:11 -0700 | [diff] [blame] | 9 | domain_trans(init, rootfs, slideshow) |
| 10 | recovery_only(` |
| 11 | domain_trans(init, rootfs, recovery) |
| 12 | ') |
| 13 | domain_trans(init, shell_exec, shell) |
| 14 | domain_trans(init, init_exec, ueventd) |
| 15 | domain_trans(init, init_exec, watchdogd) |
| 16 | # case where logpersistd is actually logcat -f in logd context (nee: logcatd) |
| 17 | userdebug_or_eng(` |
| Mark Salyzyn | da62cb4 | 2016-08-10 11:10:02 -0700 | [diff] [blame] | 18 | domain_auto_trans(init, logcat_exec, logpersist) |
| dcashman | cc39f63 | 2016-07-22 13:13:11 -0700 | [diff] [blame] | 19 | ') |
| Paul Lawrence | e9cb763 | 2017-02-13 08:48:51 -0800 | [diff] [blame^] | 20 | |
| 21 | # Creating files on sysfs is impossible so this isn't a threat |
| 22 | # Sometimes we have to write to non-existent files to avoid conditional |
| 23 | # init behavior. See b/35303861 for an example. |
| 24 | dontaudit init sysfs:dir write; |