sepolicy: Permissions for userinit Change-Id: Icaf9d191841a6214925729e40d84a61a2ebf2296

commit: dc699fb190a7249053c4f2fd280f9dc8a3096fe6 [log] [tgz]
author: Emerson Pinter <dev@pinter.com.br> Thu Feb 12 19:20:19 2015 -0200
committer: Gerrit Code Review <gerrit@cyanogenmod.org> Tue Mar 17 12:12:59 2015 +0000
tree: 6647d7ebd339e6102604d51745be4c48d7fc48fd
parent: 8df987a37181343070055e66c487aa290f2e2f28 [diff] [blame]
diff --git a/sepolicy/sysinit.te b/sepolicy/sysinit.te
index dea539e..6fd0b85 100644
--- a/sepolicy/sysinit.te
+++ b/sepolicy/sysinit.te

@@ -9,3 +9,13 @@
 allow sysinit system_file:file { rx_file_perms };
 allow sysinit self:process setcurrent;
 
+userdebug_or_eng(`
+    allow sysinit userinit_data_exec:file { r_file_perms relabelto };
+    allow sysinit property_socket:sock_file write;
+    allow sysinit init:unix_stream_socket connectto;
+    allow sysinit userinit_prop:property_service set;
+    allow sysinit sysfs:file rw_file_perms;
+    allow sysinit sysfs_devices_system_cpu:file write;
+    allow sysinit self:capability dac_override;
+    allow sysinit userinit_exec:file { rx_file_perms };
+')
commit	dc699fb190a7249053c4f2fd280f9dc8a3096fe6	[log] [tgz]
author	Emerson Pinter <dev@pinter.com.br>	Thu Feb 12 19:20:19 2015 -0200
committer	Gerrit Code Review <gerrit@cyanogenmod.org>	Tue Mar 17 12:12:59 2015 +0000
tree	6647d7ebd339e6102604d51745be4c48d7fc48fd
parent	8df987a37181343070055e66c487aa290f2e2f28 [diff] [blame]