Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 1 | # init switches to init domain (via init.rc). |
| 2 | type init, domain; |
Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 3 | # init is unconfined. |
| 4 | unconfined_domain(init) |
| 5 | tmpfs_domain(init) |
Nick Kralevich | 0c9708b | 2013-07-10 14:46:05 -0700 | [diff] [blame] | 6 | relabelto_domain(init) |
repo sync | 77d4731 | 2013-05-17 17:11:29 -0700 | [diff] [blame] | 7 | # add a rule to handle unlabelled mounts |
| 8 | allow init unlabeled:filesystem mount; |
Nick Kralevich | 0c9708b | 2013-07-10 14:46:05 -0700 | [diff] [blame] | 9 | |
| 10 | allow init {fs_type dev_type file_type}:dir_file_class_set relabelto; |
Stephen Smalley | fea6e66 | 2013-12-06 08:05:53 -0500 | [diff] [blame] | 11 | allow init kernel:security load_policy; |
Stephen Smalley | 7adb999 | 2013-12-06 09:31:40 -0500 | [diff] [blame] | 12 | allow init usermodehelper:file rw_file_perms; |
| 13 | allow init proc_security:file rw_file_perms; |