Home | History | Annotate | Download | only in sepolicy 
      1 # init switches to init domain (via init.rc).
      2 type init, domain;
      3 permissive init;
      4 # init is unconfined.
      5 unconfined_domain(init)
      6 tmpfs_domain(init)
      7 relabelto_domain(init)
      8 # add a rule to handle unlabelled mounts
      9 allow init unlabeled:filesystem mount;
     10 
     11 allow init {fs_type dev_type file_type}:dir_file_class_set relabelto;
     12 allow init kernel:security load_policy;
     13