jacinto6evm: sepolicy: add rules for cpuset script

Fix below denials generated for the script we added to
support both J6 and J6 Eco cpuset configuration.

[    5.956998] init: Warning!  Service exec 1
(/system/bin/init.jacinto6evmboard.cpuset.sh) needs a SELinux domain defined;
please fix!

[    5.978447] type=1400 audit(5.969:3): avc: denied { execute_no_trans }
for pid=177 comm="init" path="/system/bin/init.jacinto6evmboard.cpuset.sh"
dev="mmcblk0p10" ino=206 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0

Change-Id: I36c482e052fc60c9c2d82c7daceae604fcf242d5
Signed-off-by: Vishal Mahaveer <vishalm@ti.com>

2 files changed, 10 insertions, 0 deletions

diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 666c7e1..6ac1f73 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -22,6 +22,9 @@
 #Real Time Clock
 /dev/rtc0			u:object_r:rtc:s0
 
+#cpuset script
+/system/bin/init.jacinto6evmboard.cpuset.sh	u:object_r:init-cpuset-sh_exec:s0
+
 #Block devices
 /dev/block/platform/44000000.ocp/480b4000.mmc/by-name/system     u:object_r:system_block_device:s0
 /dev/block/platform/44000000.ocp/480b4000.mmc/by-name/recovery   u:object_r:recovery_block_device:s0
diff --git a/sepolicy/init-cpuset-sh.te b/sepolicy/init-cpuset-sh.te
new file mode 100644
index 0000000..4547c45
--- /dev/null
+++ b/sepolicy/init-cpuset-sh.te
@@ -0,0 +1,7 @@
+type init-cpuset-sh, domain;
+type init-cpuset-sh_exec, exec_type, file_type;
+
+init_daemon_domain(init-cpuset-sh)
+
+allow init-cpuset-sh system_file:file execute_no_trans;
+allow init-cpuset-sh shell_exec:file read;