vendor: Update SELinux policy for sysinit
Change-Id: I41d4c25d9d6246cd2ca0a8ff3b5a4e114e3bc4d4
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 9e7f998..ee47c75 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -4,6 +4,8 @@
/system/bin/auditd u:object_r:logd_exec:s0
/data/misc/audit(/.*)? u:object_r:auditd_log:s0
+/system/bin/sysinit u:object_r:sysinit_exec:s0
+
#############################
# performance-related sysfs files (CM)
/sys/kernel/mm/ksm(/.*)? -- u:object_r:sysfs_writable:s0
diff --git a/sepolicy/sepolicy.mk b/sepolicy/sepolicy.mk
index 231ef1f..5493b76 100644
--- a/sepolicy/sepolicy.mk
+++ b/sepolicy/sepolicy.mk
@@ -15,6 +15,7 @@
auditd.te \
installd.te \
netd.te \
+ sysinit.te \
system.te \
ueventd.te \
vold.te \
diff --git a/sepolicy/sysinit.te b/sepolicy/sysinit.te
new file mode 100644
index 0000000..dea539e
--- /dev/null
+++ b/sepolicy/sysinit.te
@@ -0,0 +1,11 @@
+type sysinit, domain;
+type sysinit_exec, exec_type, file_type;
+
+init_daemon_domain(sysinit)
+
+#============= sysinit ==============
+allow sysinit devpts:chr_file { rw_file_perms };
+allow sysinit shell_exec:file { rx_file_perms };
+allow sysinit system_file:file { rx_file_perms };
+allow sysinit self:process setcurrent;
+