diff options
Diffstat (limited to 'sepolicy/init_fingerprint.te')
| -rw-r--r-- | sepolicy/init_fingerprint.te | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/sepolicy/init_fingerprint.te b/sepolicy/init_fingerprint.te new file mode 100644 index 0000000..4c27535 --- /dev/null +++ b/sepolicy/init_fingerprint.te @@ -0,0 +1,15 @@ +type init_fingerprint, domain; +type init_fingerprint_exec, exec_type, vendor_file_type, file_type; + +# Allow for transition from init domain to init_fingerprint +init_daemon_domain(init_fingerprint) + +# Shell script needs to execute /vendor/bin/sh +allow init_fingerprint vendor_shell_exec:file rx_file_perms; +allow init_fingerprint vendor_toolbox_exec:file rx_file_perms; + +# Allow to delete file +allow init_fingerprint persist_file:dir search; +allow init_fingerprint persist_drm_file:dir { read search open write remove_name }; +allow init_fingerprint persist_drm_file:file { getattr unlink }; +allow init_fingerprint system_data_file:file r_file_perms; |