1type init-power-sh, domain; 2type init-power-sh_exec, exec_type, file_type; 3 4init_daemon_domain(init-power-sh) 5 6allow init-power-sh shell_exec:file r_file_perms; 7allow init-power-sh sysfs_devices_system_cpu:file w_file_perms; 8allow init-power-sh sysfs_performance:dir r_dir_perms; 9allow init-power-sh sysfs_performance:file w_file_perms; 10allow init-power-sh sysfs_thermal:dir r_dir_perms; 11allow init-power-sh sysfs_thermal:file rw_file_perms; 12allow init-power-sh proc_kernel_sched:file w_file_perms; 13 14# allow labeling of interactive /sys files created post-initial restorecon 15allow init-power-sh sysfs:{ dir file lnk_file } relabelfrom; 16allow init-power-sh sysfs_devices_system_cpu:{ dir file lnk_file } relabelto; 17 18# allow writes to sysfs files that have not yet been labeled 19allow init-power-sh sysfs:file rw_file_perms; 20 21# execute toybox/toolbox 22allow init-power-sh toolbox_exec:file rx_file_perms; 23