53789b340c
This was made from scratch, for a general cleanup of unused policies and update to M guidelines Change-Id: Id4acda2b384d28b5ca51b3ef0f6e93b648c8e79d
24 lines
914 B
Plaintext
24 lines
914 B
Plaintext
type cpboot-daemon, domain;
|
|
|
|
permissive cpboot-daemon;
|
|
|
|
allow cpboot-daemon cgroup:dir { create add_name };
|
|
allow cpboot-daemon device:dir { write remove_name add_name };
|
|
allow cpboot-daemon efs_block_device:blk_file { read open };
|
|
allow cpboot-daemon efs_device_file:dir search;
|
|
allow cpboot-daemon efs_file:file { read write open };
|
|
allow cpboot-daemon init:unix_stream_socket connectto;
|
|
allow cpboot-daemon log_device:chr_file { write open };
|
|
allow cpboot-daemon log_device:dir search;
|
|
allow cpboot-daemon property_socket:sock_file write;
|
|
allow cpboot-daemon radio_device:chr_file { read write ioctl open };
|
|
allow cpboot-daemon radio_prop:property_service set;
|
|
allow cpboot-daemon self:capability { setuid };
|
|
allow cpboot-daemon sysfs_radio:file { read write open };
|
|
allow cpboot-daemon usbfs:dir search;
|
|
|
|
|
|
# FIX ME
|
|
# allow cpboot-daemon usbfs:filesystem mount;
|
|
# allow cpboot-daemon self:capability { mknod };
|