1 type init_power, domain; 2 type init_power_exec, exec_type, file_type; 3 4 init_daemon_domain(init_power) 5 6 allow init_power rootfs:file r_file_perms; 7 allow init_power shell_exec:file rx_file_perms; 8 allow init_power toolbox_exec:file rx_file_perms; 9 10 # files are created in /sys as this script executes. Grant 11 # access to all of /sys to make this robust. 12 r_dir_file(init_power, sysfs_type) 13 allow init_power sysfs:file { rw_file_perms relabelfrom }; 14 allow init_power sysfs:dir { relabelfrom r_dir_perms }; 15 allow init_power sysfs_devices_system_cpu:dir relabelto; 16 allow init_power sysfs_devices_system_cpu:file { relabelto w_file_perms }; 17 allow init_power sysfs_msm_subsys:file w_file_perms; 18 allow init_power sysfs_thermal:file w_file_perms; 19 allow init_power sysfs_power_management:file write; 20 21 # write to files proc/sys/kernel/sched_* 22 allow init_power proc_kernel_sched:file w_file_perms; 23
