36 lines
1,010 B
Text
36 lines
1,010 B
Text
# Adding allow rule for search on /fuse
|
|
allow init fuse:dir { search mounton };
|
|
allow init self:capability sys_module;
|
|
allow init {
|
|
adsprpcd_file
|
|
cache_file
|
|
persist_file
|
|
storage_file
|
|
}:dir mounton;
|
|
allow init kmsg_device:chr_file write;
|
|
|
|
#Allow triggering IPA FWs loading
|
|
allow init ipa_dev:chr_file write;
|
|
|
|
#For insmod to search module key for signature verification
|
|
allow init kernel:key search;
|
|
|
|
#For sdcard
|
|
allow init tmpfs:lnk_file create_file_perms;
|
|
|
|
#Certain domains needs LD_PRELOAD passed from init
|
|
#allow it for most domain. Do not honor LD_PRELOAD
|
|
#for lmkd
|
|
allow init { domain -lmkd }:process noatsecure;
|
|
|
|
#For configfs file permission
|
|
allow init configfs:dir r_dir_perms;
|
|
allow init configfs:file { rw_file_perms link };
|
|
allow init configfs:lnk_file create_file_perms;
|
|
|
|
#Allow init to mount non-hlos partitions in A/B builds
|
|
allow init firmware_file:dir { mounton };
|
|
allow init bt_firmware_file:dir { mounton };
|
|
|
|
#dontaudit non configfs usb denials
|
|
dontaudit init sysfs:dir write;
|