1 type init-qcom-devstart-sh, domain; 2 type init-qcom-devstart-sh_exec, exec_type, vendor_file_type, file_type; 3 4 init_daemon_domain(init-qcom-devstart-sh) 5 6 allow init-qcom-devstart-sh vendor_shell_exec:file rx_file_perms; 7 allow init-qcom-devstart-sh vendor_toolbox_exec:file rx_file_perms; 8 9 # execute grep 10 allow init-qcom-devstart-sh vendor_file:file rx_file_perms; 11 12 # Set the vendor.qcom.devup property 13 set_prop(init-qcom-devstart-sh, vendor_device_prop) 14 # Set the sys.adsp.firmware.version property. 15 set_prop(init-qcom-devstart-sh, public_vendor_system_prop) 16 17 # Set boot_adsp and boot_slpi to 1 18 allow init-qcom-devstart-sh sysfs_msm_subsys:file w_file_perms; 19 20 # Initialize Edge Sense. 21 # See b/67205273. 22 allow init-qcom-devstart-sh sysfs:dir r_dir_perms; 23 allow init-qcom-devstart-sh sysfs_pinctrl:dir r_dir_perms; 24 allow init-qcom-devstart-sh sysfs_pinctrl:file rw_file_perms; 25 allow init-qcom-devstart-sh sysfs_gpio_export:file w_file_perms; 26 allow init-qcom-devstart-sh sysfs_soc:dir r_dir_perms; 27 allow init-qcom-devstart-sh sysfs_soc:file r_file_perms; 28 allow init-qcom-devstart-sh sysfs_msm_subsys:dir r_dir_perms; 29 allow init-qcom-devstart-sh sysfs_msm_subsys:file r_file_perms; 30 allow init-qcom-devstart-sh sysfs_scsi_devices_0000:file r_file_perms; 31 allow init-qcom-devstart-sh sysfs_pixelstats:file r_file_perms; 32 # Ignore permissions used but not needed. 33 dontaudit init-qcom-devstart-sh sysfs:file { create getattr }; 34 dontaudit init-qcom-devstart-sh sysfs_type:dir { read write }; 35 dontaudit init-qcom-devstart-sh sysfs_graphics:file getattr; 36 dontaudit init-qcom-devstart-sh sysfs_devices_block:file getattr; 37
