diff options
| -rw-r--r-- | sepolicy/file_contexts | 2 | ||||
| -rw-r--r-- | sepolicy/sepolicy.mk | 1 | ||||
| -rw-r--r-- | sepolicy/sysinit.te | 11 |
3 files changed, 14 insertions, 0 deletions
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 9e7f998f..ee47c75a 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -4,6 +4,8 @@ /system/bin/auditd u:object_r:logd_exec:s0 /data/misc/audit(/.*)? u:object_r:auditd_log:s0 +/system/bin/sysinit u:object_r:sysinit_exec:s0 + ############################# # performance-related sysfs files (CM) /sys/kernel/mm/ksm(/.*)? -- u:object_r:sysfs_writable:s0 diff --git a/sepolicy/sepolicy.mk b/sepolicy/sepolicy.mk index 231ef1f0..5493b76b 100644 --- a/sepolicy/sepolicy.mk +++ b/sepolicy/sepolicy.mk @@ -15,6 +15,7 @@ BOARD_SEPOLICY_UNION += \ auditd.te \ installd.te \ netd.te \ + sysinit.te \ system.te \ ueventd.te \ vold.te \ diff --git a/sepolicy/sysinit.te b/sepolicy/sysinit.te new file mode 100644 index 00000000..dea539e8 --- /dev/null +++ b/sepolicy/sysinit.te @@ -0,0 +1,11 @@ +type sysinit, domain; +type sysinit_exec, exec_type, file_type; + +init_daemon_domain(sysinit) + +#============= sysinit ============== +allow sysinit devpts:chr_file { rw_file_perms }; +allow sysinit shell_exec:file { rx_file_perms }; +allow sysinit system_file:file { rx_file_perms }; +allow sysinit self:process setcurrent; + |