1 # init switches to init domain (via init.rc). 2 type init, domain; 3 permissive init; 4 # init is unconfined. 5 unconfined_domain(init) 6 tmpfs_domain(init) 7 relabelto_domain(init) 8 # add a rule to handle unlabelled mounts 9 allow init unlabeled:filesystem mount; 10 11 allow init {fs_type dev_type file_type}:dir_file_class_set relabelto; 12 allow init kernel:security load_policy; 13