vendor: Update SELinux policy for sysinit

Change-Id: I41d4c25d9d6246cd2ca0a8ff3b5a4e114e3bc4d4

3 files changed, 14 insertions, 0 deletions

diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 9e7f998f..ee47c75a 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -4,6 +4,8 @@
 /system/bin/auditd        u:object_r:logd_exec:s0
 /data/misc/audit(/.*)?    u:object_r:auditd_log:s0
 
+/system/bin/sysinit       u:object_r:sysinit_exec:s0
+
 #############################
 # performance-related sysfs files (CM)
 /sys/kernel/mm/ksm(/.*)?       --          u:object_r:sysfs_writable:s0
diff --git a/sepolicy/sepolicy.mk b/sepolicy/sepolicy.mk
index 231ef1f0..5493b76b 100644
--- a/sepolicy/sepolicy.mk
+++ b/sepolicy/sepolicy.mk
@@ -15,6 +15,7 @@ BOARD_SEPOLICY_UNION += \
     auditd.te \
     installd.te \
     netd.te \
+    sysinit.te \
     system.te \
     ueventd.te \
     vold.te \
diff --git a/sepolicy/sysinit.te b/sepolicy/sysinit.te
new file mode 100644
index 00000000..dea539e8
--- /dev/null
+++ b/sepolicy/sysinit.te
@@ -0,0 +1,11 @@
+type sysinit, domain;
+type sysinit_exec, exec_type, file_type;
+
+init_daemon_domain(sysinit)
+
+#============= sysinit ==============
+allow sysinit devpts:chr_file { rw_file_perms };
+allow sysinit shell_exec:file { rx_file_perms };
+allow sysinit system_file:file { rx_file_perms };
+allow sysinit self:process setcurrent;
+