sepolicy/init.te

   1 # Mount debugfs on /sys/kernel/debug.
   2 allow init debugfs:dir mounton;
   3
   4 # Mount EFS on /efs
   5 allow init efs_file:dir  mounton;
   6
   7 # /dev/block/mmcblk0p[0-9]
   8 allow init emmcblk_device:blk_file rw_file_perms;
   9
  10 allow init block_device:lnk_file setattr;
  11 allow init tmpfs:lnk_file create_file_perms;
  12
  13 # /sys/class/power_supply/battery and /sys/class/android_usb/android0
  14 allow init sysfs_usb_supply:file { rw_file_perms setattr };
  15
  16 # /data
  17 allow init sdcardd_exec:file r_file_perms;
  18
  19 # sysfs iio:device[0-9]
  20 allow init sysfs:lnk_file setattr;
  21
  22 # sysfs ion device
  23 allow init sysfs_ion:file setattr;
  24
  25 # sysfs usb device
  26 allow init sysfs_android_usb:file setattr;
  27
  28 # read/chown mDNIE symlinks
  29 allow init sysfs_mdnie:lnk_file { r_file_perms setattr };
  30 allow init sysfs_mdnie:file rw_file_perms;
  31
  32 # read/chown camera firmware
  33 allow init sysfs_camera:file { relabelto setattr };
  34 allow init sysfs_camera:filesystem associate;
  35
  36 # WiFi firmware permissions
  37 allow init sysfs_wifi:file setattr;
  38
  39 # Input devices
  40 allow init sysfs_input:file { rw_file_perms setattr };
  41
  42 # BT permissions
  43 allow init sysfs_bluetooth_writable:file setattr;
  44
  45 # GPS permissions
  46 allow init sysfs_gps:lnk_file read;
  47 allow init sysfs_gps:file setattr;
  48
  49 # CPU permissions
  50 allow init sysfs_devices_system_cpu:file rw_file_perms;
  51
  52 # Block device sysfs
  53 allow init sysfs_block:file rw_file_perms;
  54
  55 # Audio Jack
  56 allow init sysfs_jack:file setattr;
  57
  58 unix_socket_connect(init, property, rild)
  59
  60 allow init { domain -lmkd -crash_dump }:process noatsecure;
  61
  62 # Allow access to /proc/device-tree nodes
  63 r_dir_file(init, proc_dt_firmware)
  64
  65 allow init sysfs_mmc:file { w_file_perms setattr };
  66 allow init sysfs_net:file rw_file_perms;
  67 allow init sysfs_graphics:file { rw_file_perms setattr };
  68 allow init sysfs_light:file { rw_file_perms setattr };
  69 allow init sysfs_light:lnk_file { rw_file_perms setattr };
  70 allow init sysfs_mdnie:file setattr;
  71 allow init sysfs_sec:file { rw_file_perms setattr };
  72 allow init sysfs_sec:lnk_file read;
  73 allow init sysfs_sensors:file { rw_file_perms setattr };
  74 allow init sysfs_sensors:lnk_file read;
  75 allow init sysfs_multipdp:file setattr;
  76
  77 # Proc files
  78 allow init proc_reset_reason:file rw_file_perms;
  79 allow init proc_vm:file rw_file_perms;
  80 allow init proc_simslot_count:file rw_file_perms;
  81 allow init proc_sec:file rw_file_perms;
  82
  83 # Sockets
  84 allow init socket_device:sock_file { read write getattr setattr create unlink };