blob: abe5e78a61451e94ac7b8262dd23edecaca06037 [file] [log] [blame]
Stephen Smalley2dd4e512012-01-04 12:33:27 -05001# init switches to init domain (via init.rc).
2type init, domain;
Stephen Smalley2dd4e512012-01-04 12:33:27 -05003# init is unconfined.
4unconfined_domain(init)
5tmpfs_domain(init)
Nick Kralevich0c9708b2013-07-10 14:46:05 -07006relabelto_domain(init)
repo sync77d47312013-05-17 17:11:29 -07007# add a rule to handle unlabelled mounts
8allow init unlabeled:filesystem mount;
Nick Kralevich0c9708b2013-07-10 14:46:05 -07009
10allow init {fs_type dev_type file_type}:dir_file_class_set relabelto;
Stephen Smalleyfea6e662013-12-06 08:05:53 -050011allow init kernel:security load_policy;
Stephen Smalley7adb9992013-12-06 09:31:40 -050012allow init usermodehelper:file rw_file_perms;
13allow init proc_security:file rw_file_perms;