• Home
  • Raw
  • Download

Lines Matching refs:init

1 typeattribute init coredomain;
3 tmpfs_domain(init)
5 # Transitions to seclabel processes in init.rc
6 domain_trans(init, rootfs, healthd)
7 domain_trans(init, rootfs, slideshow)
8 domain_auto_trans(init, charger_exec, charger)
9 domain_auto_trans(init, e2fs_exec, e2fs)
10 domain_auto_trans(init, bpfloader_exec, bpfloader)
14   domain_trans(init, rootfs, adbd)
15   domain_trans(init, rootfs, charger)
16   domain_trans(init, rootfs, fastbootd)
17   domain_trans(init, rootfs, recovery)
18   domain_trans(init, rootfs, linkerconfig)
19   domain_trans(init, rootfs, snapuserd)
21 domain_trans(init, shell_exec, shell)
22 domain_trans(init, init_exec, ueventd)
23 domain_trans(init, init_exec, vendor_init)
24 domain_trans(init, { rootfs toolbox_exec }, modprobe)
27   domain_auto_trans(init, logcat_exec, logpersist)
29   # allow init to execute services marked with seclabel u:r:su:s0 in userdebug/eng
30   allow init su:process transition;
31   dontaudit init su:process noatsecure;
32   allow init su:process { siginh rlimitinh };
35 # Allow init to figure out name of dm-device from it's /dev/block/dm-XX path.
39 allow init sysfs_dm:file read;
41 # Allow init to modify the properties of loop devices.
42 allow init sysfs_loop:dir r_dir_perms;
43 allow init sysfs_loop:file rw_file_perms;
45 # Allow init to examine the properties of block devices.
46 allow init sysfs_block_type:file { getattr read };
47 # Allow init access /dev/block
48 allow init bdev_type:dir r_dir_perms;
49 allow init bdev_type:blk_file getattr;
51 # Allow init to write to the drop_caches file.
52 allow init proc_drop_caches:file rw_file_perms;
55 set_prop(init, powerctl_prop)
57 # Only init is allowed to set userspace reboot related properties.
58 set_prop(init, userspace_reboot_exported_prop)
59 neverallow { domain -init } userspace_reboot_exported_prop:property_service set;
61 # Second-stage init performs a test for whether the kernel has SELinux hooks
67 allow init self:perf_event { open cpu };
68 allow init self:global_capability2_class_set perfmon;
69 neverallow init self:perf_event { kernel tracepoint read write };
70 dontaudit init self:perf_event { kernel tracepoint read write };
72 # Allow init to communicate with snapuserd to transition Virtual A/B devices
74 allow init snapuserd_socket:sock_file write;
75 allow init snapuserd:unix_stream_socket connectto;
77 allow init ota_metadata_file:dir lock;
79 # Allow init to restore contexts of vd_device(/dev/block/vd[..]) when labeling
81 allow init vd_device:blk_file relabelto;
83 # Only init is allowed to set the sysprop indicating whether perf_event_open()
85 set_prop(init, init_perf_lsm_hooks_prop)
86 neverallow { domain -init } init_perf_lsm_hooks_prop:property_service set;
88 # Only init can write vts.native_server.on
89 set_prop(init, vts_status_prop)
90 neverallow { domain -init } vts_status_prop:property_service set;
92 # Only init can write normal ro.boot. properties
93 neverallow { domain -init } bootloader_prop:property_service set;
95 # Only init can write hal.instrumentation.enable
96 neverallow { domain -init } hal_instrumentation_prop:property_service set;
98 # Only init can write ro.property_service.version
99 neverallow { domain -init } property_service_version_prop:property_service set;
101 # Only init can set keystore.boot_level
102 neverallow { domain -init } keystore_listen_prop:property_service set;
105 allow init debugfs_bootreceiver_tracing:file w_file_perms;
108 allow init {