| maxwen | bf33b37 | 2015-03-30 02:13:25 +0200 | [diff] [blame] | 1 | ########################### |
| 2 | # OmniROM common sepolicy |
| 3 | # |
| 4 | |
| maxwen | 160f0db | 2015-01-06 02:04:50 +0100 | [diff] [blame] | 5 | type sysinit, domain; |
| 6 | type sysinit_exec, exec_type, file_type; |
| 7 | |
| 8 | init_daemon_domain(sysinit) |
| 9 | |
| maxwen | bf33b37 | 2015-03-30 02:13:25 +0200 | [diff] [blame] | 10 | allow sysinit devpts:chr_file rw_file_perms; |
| 11 | allow sysinit shell_exec:file rx_file_perms; |
| 12 | allow sysinit system_file:file rx_file_perms; |
| Philipp Vogel | b833c18 | 2016-12-13 21:49:42 +0100 | [diff] [blame] | 13 | allow sysinit system_file:dir { read open }; |
| maxwen | bf33b37 | 2015-03-30 02:13:25 +0200 | [diff] [blame] | 14 | allow sysinit self:process { setcurrent setsched }; |
| 15 | allow sysinit userinit_exec:file { rx_file_perms }; |
| Philipp Vogel | b833c18 | 2016-12-13 21:49:42 +0100 | [diff] [blame] | 16 | allow sysinit rootfs:lnk_file getattr; |