common/kernel.te


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

allow kernel block_device:blk_file rw_file_perms;

userdebug_or_eng(`
 #allow kernel self:capability { dac_read_search dac_override };
  allow kernel self:socket create_socket_perms_no_ioctl;
  r_dir_file(kernel, qti_debugfs);
  allow kernel debugfs_mmc:dir search;
')

# Access firmware_file
r_dir_file(kernel, firmware_file)

# Allow kernel to schedule process to different cpuset
# when the current cpu is hotplugged out
allow kernel domain:process setsched;