1 type init-power-sh, domain, domain_deprecated; 2 type init-power-sh_exec, exec_type, file_type; 3 4 init_daemon_domain(init-power-sh) 5 6 allow init-power-sh proc_kernel_sched:file w_file_perms; 7 allow init-power-sh self:capability net_admin; 8 allow init-power-sh shell_exec:file r_file_perms; 9 allow init-power-sh sysfs_devices_system_cpu:file w_file_perms; 10 allow init-power-sh sysfs_performance:dir search; 11 allow init-power-sh sysfs_performance:file w_file_perms; 12 allow init-power-sh sysfs_thermal:dir search; 13 allow init-power-sh sysfs_thermal:file w_file_perms; 14 allow init-power-sh sysfs_power_management:file w_file_perms; 15 16 # interactive files in /sys receive the default sysfs context when created 17 # after the restorecon of /sys/. Allow init-power-sh to restorecon sysfs files 18 # and symlinks to sysfs_devices_system_cpu 19 allow init-power-sh sysfs:{ dir file lnk_file } relabelfrom; 20 allow init-power-sh sysfs_devices_system_cpu:{ dir file lnk_file } relabelto; 21 22 # execute toybox/toolbox 23 allow init-power-sh toolbox_exec:file rx_file_perms; 24
