blob: f491d00f3f18f6cb15d1ea2ac4e210bed9b750c1 [file] [log] [blame]
# type_transition must be private policy the domain_trans rules could stay
# public, but conceptually should go with this
# Transitions to seclabel processes in init.rc
domain_trans(init, rootfs, adbd)
domain_trans(init, rootfs, charger)
domain_trans(init, rootfs, healthd)
domain_trans(init, rootfs, slideshow)
domain_trans(init, rootfs, recovery)
domain_trans(init, shell_exec, shell)
domain_trans(init, init_exec, ueventd)
domain_trans(init, init_exec, watchdogd)
domain_trans(init, rootfs, modprobe)
# case where logpersistd is actually logcat -f in logd context (nee: logcatd)
domain_auto_trans(init, logcat_exec, logpersist)
# Creating files on sysfs is impossible so this isn't a threat
# Sometimes we have to write to non-existent files to avoid conditional
# init behavior. See b/35303861 for an example.
dontaudit init sysfs:dir write;