1 # Restricted domain for shell processes spawned by init. 2 # Normally these are shell commands or scripts invoked via sh 3 # from an init*.rc file. No service should ever run in this domain. 4 type init_shell, domain; 5 domain_auto_trans(init, shell_exec, init_shell) 6 permissive_or_unconfined(init_shell) 7 8 # Run helpers from / or /system without changing domain. 9 allow init_shell rootfs:file execute_no_trans; 10 allow init_shell system_file:file execute_no_trans; 11