1typeattribute init coredomain; 2 3tmpfs_domain(init) 4 5# Transitions to seclabel processes in init.rc 6domain_trans(init, rootfs, healthd) 7domain_trans(init, rootfs, slideshow) 8domain_auto_trans(init, charger_exec, charger) 9domain_auto_trans(init, e2fs_exec, e2fs) 10domain_auto_trans(init, bpfloader_exec, bpfloader) 11 12recovery_only(` 13 # Files in recovery image are labeled as rootfs. 14 domain_trans(init, rootfs, adbd) 15 domain_trans(init, rootfs, charger) 16 domain_trans(init, rootfs, fastbootd) 17 domain_trans(init, rootfs, recovery) 18 domain_trans(init, rootfs, linkerconfig) 19') 20domain_trans(init, shell_exec, shell) 21domain_trans(init, init_exec, ueventd) 22domain_trans(init, init_exec, vendor_init) 23domain_trans(init, { rootfs toolbox_exec }, modprobe) 24userdebug_or_eng(` 25 # case where logpersistd is actually logcat -f in logd context (nee: logcatd) 26 domain_auto_trans(init, logcat_exec, logpersist) 27 28 # allow init to execute services marked with seclabel u:r:su:s0 in userdebug/eng 29 allow init su:process transition; 30 dontaudit init su:process noatsecure; 31 allow init su:process { siginh rlimitinh }; 32') 33 34# Allow init to figure out name of dm-device from it's /dev/block/dm-XX path. 35# This is useful in case of remounting ext4 userdata into checkpointing mode, 36# since it potentially requires tearing down dm-devices (e.g. dm-bow, dm-crypto) 37# that userdata is mounted onto. 38allow init sysfs_dm:file read; 39 40# Allow the BoringSSL self test to request a reboot upon failure 41set_prop(init, powerctl_prop) 42 43# Only init is allowed to set userspace reboot related properties. 44set_prop(init, userspace_reboot_exported_prop) 45neverallow { domain -init } userspace_reboot_exported_prop:property_service set; 46 47# Second-stage init performs a test for whether the kernel has SELinux hooks 48# for the perf_event_open() syscall. This is done by testing for the syscall 49# outcomes corresponding to this policy. 50# TODO(b/137092007): this can be removed once the platform stops supporting 51# kernels that precede the perf_event_open hooks (Android common kernels 4.4 52# and 4.9). 53allow init self:perf_event { open cpu }; 54neverallow init self:perf_event { kernel tracepoint read write }; 55dontaudit init self:perf_event { kernel tracepoint read write }; 56 57# Only init is allowed to set the sysprop indicating whether perf_event_open() 58# SELinux hooks were detected. 59set_prop(init, init_perf_lsm_hooks_prop) 60neverallow { domain -init } init_perf_lsm_hooks_prop:property_service set; 61