healthd.te - LeafOS-Project/android_system_sepolicy - Gitiles

 # healthd seclabel is specified in init.rc since
 # it lives in the rootfs and has no unique file type.
 type healthd, domain;
 type healthd_exec, exec_type, file_type;

 init_daemon_domain(healthd)
 allow healthd rootfs:file { read entrypoint };
 write_klog(healthd)

 allow healthd self:capability { net_admin mknod };
 allow healthd self:capability2 block_suspend;
 allow healthd self:netlink_kobject_uevent_socket create_socket_perms;
 binder_use(healthd)
 binder_call(healthd, system_server)

 # Workaround for 0x10 / block_suspend capability2 denials.
 # Requires a kernel patch to fix properly.
 permissive healthd;
	# healthd seclabel is specified in init.rc since
	# it lives in the rootfs and has no unique file type.
	type healthd, domain;
	type healthd_exec, exec_type, file_type;

	init_daemon_domain(healthd)
	allow healthd rootfs:file { read entrypoint };
	write_klog(healthd)

	allow healthd self:capability { net_admin mknod };
	allow healthd self:capability2 block_suspend;
	allow healthd self:netlink_kobject_uevent_socket create_socket_perms;
	binder_use(healthd)
	binder_call(healthd, system_server)

	# Workaround for 0x10 / block_suspend capability2 denials.
	# Requires a kernel patch to fix properly.
	permissive healthd;