blob: e80fa32b8517f80d4e86059b0232819bb040cf97 [file] [log] [blame]
# ueventd seclabel is specified in init.rc since
# it lives in the rootfs and has no unique file type.
type ueventd, domain;
tmpfs_domain(ueventd)
write_klog(ueventd)
security_access_policy(ueventd)
relabelto_domain(ueventd)
allow ueventd rootfs:file entrypoint;
allow ueventd init:process sigchld;
allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio dac_override fowner };
allow ueventd device:file create_file_perms;
allow ueventd device:chr_file rw_file_perms;
allow ueventd sysfs:file rw_file_perms;
allow ueventd sysfs:file setattr;
allow ueventd sysfs_type:file { relabelfrom relabelto };
allow ueventd sysfs_devices_system_cpu:file rw_file_perms;
allow ueventd tmpfs:chr_file rw_file_perms;
allow ueventd dev_type:dir create_dir_perms;
allow ueventd dev_type:lnk_file { create unlink };
allow ueventd dev_type:chr_file { create setattr unlink };
allow ueventd dev_type:blk_file { create setattr unlink };
allow ueventd self:netlink_kobject_uevent_socket create_socket_perms;
allow ueventd efs_file:dir search;
allow ueventd efs_file:file r_file_perms;