universal7870: import Pie sepolicies

2025-09-06 00:17:47 -04:00 · 2020-01-28 00:06:11 +01:00 · 2020-01-28 00:06:11 +01:00 · 221b221b8a
commit 221b221b8a
parent 734b50ffaa
41 changed files with 583 additions and 0 deletions
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@ -0,0 +1,37 @@
+# Mount debugfs on /sys/kernel/debug.
+allow init debugfs:dir mounton;
+
+# Mount EFS on /efs
+allow init efs_file:dir  mounton;
+
+# /dev/block/mmcblk0p[0-9]
+allow init emmcblk_device:blk_file rw_file_perms;
+
+allow init block_device:lnk_file { setattr };
+allow init tmpfs:lnk_file create_file_perms;
+
+# /sys/class/power_supply/battery and /sys/class/android_usb/android0
+allow init sysfs:dir r_dir_perms;
+
+# required for LD_SHIM_LIBS
+allow init { domain -lmkd -crash_dump }:process noatsecure;
+
+# /data
+allow init sdcardd_exec:file r_file_perms;
+
+# sysfs iio:device[0-9]
+allow init sysfs:lnk_file setattr;
+
+# read/chown mDNIE symlinks
+allow init sysfs_mdnie_writable:lnk_file { read setattr };
+
+# read/chown camera firmware
+allow init sysfs_camera_writable:file { relabelto setattr };
+allow init sysfs_camera_writable:filesystem associate;
+
+allow init socket_device:sock_file { unlink create setattr };
+
+allow init sysfs_sec:lnk_file read;
+
+allow init block_device:blk_file write;
+allow init property_socket:sock_file write;