1 type init_foreground, domain; 2 type init_foreground_exec, exec_type, file_type; 3 4 init_daemon_domain(init_foreground) 5 6 allow init_foreground proc:file getattr; 7 allow init_foreground proc_iomem:file getattr; 8 allow init_foreground proc_meminfo:file getattr; 9 allow init_foreground proc_sysrq:file getattr; 10 allow init_foreground shell_exec:file { getattr read }; 11 allow init_foreground toolbox_exec:file rx_file_perms; 12 13 allow init_foreground domain:dir { getattr search }; 14 allow init_foreground domain:file { read open }; 15 16 allow init_foreground kernel:process setsched; 17