1# /dev/tty* I/O. Needed for /dev/ttyS0 2allow init serial_device:chr_file rw_file_perms; 3 4# Write to /configfs files. Needed only for /config/usb_gadget subtree. 5allow init configfs:file w_file_perms; 6allow init configfs:lnk_file create; 7 8# Add loadable modules. Needed for usbfunc:diag, usbfunc:diag, usbfunc:gsi, usbfunc:qdss modules. 9allow init kernel:system module_request; 10 11# binfmt_misc arm for ndk translator 12allow init binfmt_miscfs:file w_file_perms; 13allow init proc:dir mounton; 14 15# init relabel vbmeta* and boot* symlinks under /dev/block/by-name/. 16allow init ab_block_device:lnk_file relabelto; 17allow init boot_block_device:lnk_file relabelto; 18 19# init needs to tune block device 20allow init sysfs_devices_block:file w_file_perms; 21 22# /mnt/sdcard -> /storage/self/primary symlink is deprecated. Ignore attempts to 23# create it. This denial is fixed in core policy in Android R aosp/943799. 24dontaudit init tmpfs:lnk_file create; 25 26# permit mount of virtiofs on /mnt/vendor/shared 27allow init mnt_vendor_file:dir mounton; 28 29allow init keymaster_device:chr_file rw_file_perms; 30allow init gatekeeper_device:chr_file rw_file_perms; 31allow init confirmationui_device:chr_file rw_file_perms; 32allow init uwb_device:chr_file rw_file_perms; 33allow init oemlock_device:chr_file rw_file_perms; 34allow init keymint_device:chr_file rw_file_perms; 35allow init sensors_device:chr_file rw_file_perms; 36allow init mcu_control_device:chr_file rw_file_perms; 37allow init mcu_uart_device:chr_file rw_file_perms; 38 39allow init frp_block_device:blk_file setattr; 40