blob: 117268940cdf3212b67df68410334148071b2bb6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
allow init custom_ab_block_device:lnk_file relabelto;
# This is needed for chaining a boot partition vbmeta
# descriptor, where init will probe the boot partition
# to read the chained vbmeta in the first-stage, then
# relabel /dev/block/by-name/boot_[a|b] to block_device
# after loading sepolicy in the second stage.
allow init boot_block_device:lnk_file relabelto;
allow init modem_img_file:dir mounton;
allow init mnt_vendor_file:dir mounton;
allow init modem_img_file:filesystem { getattr mount relabelfrom };
allow init persist_file:dir mounton;
allow init modem_efs_file:dir mounton;
allow init modem_userdata_file:dir mounton;
allow init ram_device:blk_file w_file_perms;
allow init per_boot_file:file ioctl;
allowxperm init per_boot_file:file ioctl { F2FS_IOC_SET_PIN_FILE };
allow init sysfs_scsi_devices_0000:file w_file_perms;
# Workaround for b/193113005 that modem_img unlabeled after disable-verity
dontaudit init overlayfs_file:file { rename };
dontaudit init overlayfs_file:chr_file { unlink };
|
