aboutsummaryrefslogtreecommitdiff
path: root/init.te
diff options
context:
space:
mode:
Diffstat (limited to 'init.te')
-rw-r--r--init.te17
1 files changed, 4 insertions, 13 deletions
diff --git a/init.te b/init.te
index 047ea73..2d070de 100644
--- a/init.te
+++ b/init.te
@@ -99,10 +99,10 @@ allow init rootfs:{ dir file } relabelfrom;
# we just allow all file types except /system files here.
allow init self:capability { chown fowner fsetid };
allow init {file_type -system_file -exec_type -app_data_file}:dir { create search getattr open read setattr ioctl };
-allow init {file_type -system_file -exec_type -keystore_data_file -security_file -app_data_file -shell_data_file -vold_data_file}:dir { write add_name remove_name rmdir relabelfrom };
-allow init {file_type -system_file -exec_type -keystore_data_file -security_file -app_data_file -shell_data_file -vold_data_file -misc_logd_file }:file { create getattr open read write setattr relabelfrom unlink };
-allow init {file_type -system_file -exec_type -keystore_data_file -security_file -app_data_file -shell_data_file -vold_data_file}:{ sock_file fifo_file } { create getattr open read setattr relabelfrom unlink };
-allow init {file_type -system_file -exec_type -keystore_data_file -security_file -app_data_file -shell_data_file -vold_data_file}:lnk_file { create getattr setattr relabelfrom unlink };
+allow init {file_type -system_file -exec_type -keystore_data_file -app_data_file -shell_data_file -vold_data_file}:dir { write add_name remove_name rmdir relabelfrom };
+allow init {file_type -system_file -exec_type -keystore_data_file -app_data_file -shell_data_file -vold_data_file -misc_logd_file }:file { create getattr open read write setattr relabelfrom unlink };
+allow init {file_type -system_file -exec_type -keystore_data_file -app_data_file -shell_data_file -vold_data_file}:{ sock_file fifo_file } { create getattr open read setattr relabelfrom unlink };
+allow init {file_type -system_file -exec_type -keystore_data_file -app_data_file -shell_data_file -vold_data_file}:lnk_file { create getattr setattr relabelfrom unlink };
allow init {file_type -system_file -exec_type}:dir_file_class_set relabelto;
allow init { sysfs debugfs }:{ dir file lnk_file } { getattr relabelfrom };
allow init { sysfs_type debugfs_type }:{ dir file lnk_file } relabelto;
@@ -123,15 +123,6 @@ allow init { dev_type -kmem_device }:chr_file { read open setattr };
allow init unlabeled:dir { create_dir_perms relabelfrom };
allow init unlabeled:notdevfile_class_set { create_file_perms relabelfrom };
-# Create /data/security from init.rc post-fs-data.
-allow init security_file:dir { create setattr };
-
-# Reload policy upon setprop selinux.reload_policy 1.
-# Note: this requires the following allow rule
-# allow init kernel:security load_policy;
-# which can be configured on a device-by-device basis if needed.
-r_dir_file(init, security_file)
-
# Any operation that can modify the kernel ring buffer, e.g. clear
# or a read that consumes the messages that were read.
allow init kernel:system syslog_mod;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-13 03:41:36 +0000