sepolicy/vendor/init.te - LeafOS-Devices/android_device_samsung_universal7904-common - Gitiles

 allow init rild:unix_stream_socket connectto;
 allow init self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
 allow init socket_device:sock_file create_file_perms;
 allow init sysfs_devices_system_cpu:file write;
 allow init vendor_data_file:fifo_file write;
 allow init vendor_data_file:file append;
 allow init dnsproxyd_socket:sock_file write;
 allow init fwk_sensor_hwservice:hwservice_manager find;
 allow init hwservicemanager:binder call;
 allow init netd:unix_stream_socket connectto;
 allow init fwmarkd_socket:sock_file write;
 allow init nfc:binder call;
 allow init nfc_device:chr_file ioctl;
 allow init efs_file:dir mounton;
 allow init efs_block_device:lnk_file relabelto;
 allow init tmpfs:lnk_file create;

 allow init sysfs_virtual:file create_file_perms;
 allow init sysfs_virtual:lnk_file { read };
 allow init sysfs:file setattr;
 allow init sysfs_multipdp:file setattr;
 allow init sysfs_camera:file setattr;
 allow init sysfs_charger:file setattr;
 allow init sysfs_input:file setattr;
 allow init sysfs_modem:file w_file_perms;
 allow init sysfs_battery_writable:file setattr;
 allow init sysfs_power_writable:file setattr;
 allow init sysfs_graphics:file create_file_perms;

 allow init system_server:binder { transfer call };
 allow init device:chr_file ioctl;
 allow init self:tcp_socket create_socket_perms;
 allow init node:tcp_socket node_bind;
 allow init port:tcp_socket { name_bind name_connect };
 allow init gps_vendor_data_file:fifo_file write;
 allow init gps_vendor_data_file:file lock;
 allow init socket_device:sock_file create_file_perms;
 allow init kernel:system module_request;

 allow init proc:file setattr;
 allow init proc_swapiness:file write;
 allow init proc_extra:file setattr;
 allow init proc_reset_reason:file setattr;
 allow init proc_swapiness:file open;
 allow init self:netlink_generic_socket { bind create getattr read setopt write };
 allow init mnt_vendor_file:dir mounton;

 unix_socket_connect(init, property, rild)
	allow init rild:unix_stream_socket connectto;
	allow init self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
	allow init socket_device:sock_file create_file_perms;
	allow init sysfs_devices_system_cpu:file write;
	allow init vendor_data_file:fifo_file write;
	allow init vendor_data_file:file append;
	allow init dnsproxyd_socket:sock_file write;
	allow init fwk_sensor_hwservice:hwservice_manager find;
	allow init hwservicemanager:binder call;
	allow init netd:unix_stream_socket connectto;
	allow init fwmarkd_socket:sock_file write;
	allow init nfc:binder call;
	allow init nfc_device:chr_file ioctl;
	allow init efs_file:dir mounton;
	allow init efs_block_device:lnk_file relabelto;
	allow init tmpfs:lnk_file create;

	allow init sysfs_virtual:file create_file_perms;
	allow init sysfs_virtual:lnk_file { read };
	allow init sysfs:file setattr;
	allow init sysfs_multipdp:file setattr;
	allow init sysfs_camera:file setattr;
	allow init sysfs_charger:file setattr;
	allow init sysfs_input:file setattr;
	allow init sysfs_modem:file w_file_perms;
	allow init sysfs_battery_writable:file setattr;
	allow init sysfs_power_writable:file setattr;
	allow init sysfs_graphics:file create_file_perms;

	allow init system_server:binder { transfer call };
	allow init device:chr_file ioctl;
	allow init self:tcp_socket create_socket_perms;
	allow init node:tcp_socket node_bind;
	allow init port:tcp_socket { name_bind name_connect };
	allow init gps_vendor_data_file:fifo_file write;
	allow init gps_vendor_data_file:file lock;
	allow init socket_device:sock_file create_file_perms;
	allow init kernel:system module_request;

	allow init proc:file setattr;
	allow init proc_swapiness:file write;
	allow init proc_extra:file setattr;
	allow init proc_reset_reason:file setattr;
	allow init proc_swapiness:file open;
	allow init self:netlink_generic_socket { bind create getattr read setopt write };
	allow init mnt_vendor_file:dir mounton;

	unix_socket_connect(init, property, rild)