vendor: sepolicy and rootdir -added sysinit and installd sepolicy - from CM -start sysinit as early as possible Change-Id: I0948f4b18e8d4ad11426e9d126130ff6acfa6587

commit: 160f0db76174ecf0a962fda7a2e6a4b8ce4d4049 [log] [tgz]
author: maxwen <max.weninger@gmail.com> Tue Jan 06 02:04:50 2015 +0100
committer: maxwen <max.weninger@gmail.com> Thu Jan 08 00:41:15 2015 +0100
tree: 029883d9d307807544183d2cfb4c5361f68efee8
parent: 58484cee3b683e35e9640d13b3e9568d6b9053d0 [diff]
diff --git a/prebuilt/etc/init.local.rc b/prebuilt/etc/init.local.rc
index ab82f12..4268dc7 100644
--- a/prebuilt/etc/init.local.rc
+++ b/prebuilt/etc/init.local.rc

@@ -95,11 +95,14 @@
     chown system system /sys/module/lowmemorykiller/parameters/minfree
     chmod 0644 /sys/module/lowmemorykiller/parameters/minfree
 
+    # Run sysinit
+    start sysinit
+
 # sysinit (/system/etc/init.d)
 service sysinit /system/bin/sysinit
-    class late-start
     user root
     oneshot
+    disabled
 
 # adb over network
 on property:service.adb.tcp.port=5555

diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 4ac47a5..8d6f8d6 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts

@@ -6,3 +6,5 @@
 /sys/kernel/mm/ksm(/.*)?    u:object_r:sysfs_ksm:s0
 /sys/block/mmcblk[0-2]/queue(/.*)     u:object_r:sysfs_ioscheduler:s0
 /sys/block/zram(/.*)?       u:object_r:sysfs_zram:s0
+
+/system/bin/sysinit u:object_r:sysinit_exec:s0
\ No newline at end of file

diff --git a/sepolicy/installd.te b/sepolicy/installd.te
new file mode 100644
index 0000000..7b32027
--- /dev/null
+++ b/sepolicy/installd.te

@@ -0,0 +1,4 @@
+# Allow querying of asec size on SD card
+allow installd sdcard_external:dir { search };
+allow installd sdcard_external:file { getattr };
+

diff --git a/sepolicy/sepolicy.mk b/sepolicy/sepolicy.mk
index b78666d..c403439 100644
--- a/sepolicy/sepolicy.mk
+++ b/sepolicy/sepolicy.mk

@@ -10,6 +10,8 @@
     file_contexts \
     file.te \
     genfs_contexts \
+    installd.te \
+    sysinit.te \
     system_app.te \
     system_server.te \
     vold.te

diff --git a/sepolicy/sysinit.te b/sepolicy/sysinit.te
new file mode 100644
index 0000000..e28daa1
--- /dev/null
+++ b/sepolicy/sysinit.te

@@ -0,0 +1,12 @@
+type sysinit, domain;
+type sysinit_exec, exec_type, file_type;
+
+init_daemon_domain(sysinit)
+
+#============= sysinit ==============
+allow sysinit devpts:chr_file { rw_file_perms };
+allow sysinit shell_exec:file { rx_file_perms };
+allow sysinit system_file:file { rx_file_perms };
+allow sysinit self:process setcurrent;
+
+
commit	160f0db76174ecf0a962fda7a2e6a4b8ce4d4049	[log] [tgz]
author	maxwen <max.weninger@gmail.com>	Tue Jan 06 02:04:50 2015 +0100
committer	maxwen <max.weninger@gmail.com>	Thu Jan 08 00:41:15 2015 +0100
tree	029883d9d307807544183d2cfb4c5361f68efee8
parent	58484cee3b683e35e9640d13b3e9568d6b9053d0 [diff]