1*e4a36f41SAndroid Build Coastguard Workertypeattribute init coredomain; 2*e4a36f41SAndroid Build Coastguard Worker 3*e4a36f41SAndroid Build Coastguard Workertmpfs_domain(init) 4*e4a36f41SAndroid Build Coastguard Worker 5*e4a36f41SAndroid Build Coastguard Worker# Transitions to seclabel processes in init.rc 6*e4a36f41SAndroid Build Coastguard Workerdomain_trans(init, rootfs, healthd) 7*e4a36f41SAndroid Build Coastguard Workerdomain_trans(init, rootfs, slideshow) 8*e4a36f41SAndroid Build Coastguard Workerdomain_auto_trans(init, charger_exec, charger) 9*e4a36f41SAndroid Build Coastguard Workerdomain_auto_trans(init, e2fs_exec, e2fs) 10*e4a36f41SAndroid Build Coastguard Workerdomain_auto_trans(init, bpfloader_exec, bpfloader) 11*e4a36f41SAndroid Build Coastguard Worker 12*e4a36f41SAndroid Build Coastguard Workerrecovery_only(` 13*e4a36f41SAndroid Build Coastguard Worker # Files in recovery image are labeled as rootfs. 14*e4a36f41SAndroid Build Coastguard Worker domain_trans(init, rootfs, adbd) 15*e4a36f41SAndroid Build Coastguard Worker domain_trans(init, rootfs, charger) 16*e4a36f41SAndroid Build Coastguard Worker domain_trans(init, rootfs, fastbootd) 17*e4a36f41SAndroid Build Coastguard Worker domain_trans(init, rootfs, recovery) 18*e4a36f41SAndroid Build Coastguard Worker') 19*e4a36f41SAndroid Build Coastguard Workerdomain_trans(init, shell_exec, shell) 20*e4a36f41SAndroid Build Coastguard Workerdomain_trans(init, init_exec, ueventd) 21*e4a36f41SAndroid Build Coastguard Workerdomain_trans(init, init_exec, vendor_init) 22*e4a36f41SAndroid Build Coastguard Workerdomain_trans(init, { rootfs toolbox_exec }, modprobe) 23*e4a36f41SAndroid Build Coastguard Workeruserdebug_or_eng(` 24*e4a36f41SAndroid Build Coastguard Worker # case where logpersistd is actually logcat -f in logd context (nee: logcatd) 25*e4a36f41SAndroid Build Coastguard Worker domain_auto_trans(init, logcat_exec, logpersist) 26*e4a36f41SAndroid Build Coastguard Worker 27*e4a36f41SAndroid Build Coastguard Worker # allow init to execute services marked with seclabel u:r:su:s0 in userdebug/eng 28*e4a36f41SAndroid Build Coastguard Worker allow init su:process transition; 29*e4a36f41SAndroid Build Coastguard Worker dontaudit init su:process noatsecure; 30*e4a36f41SAndroid Build Coastguard Worker allow init su:process { siginh rlimitinh }; 31*e4a36f41SAndroid Build Coastguard Worker') 32*e4a36f41SAndroid Build Coastguard Worker 33*e4a36f41SAndroid Build Coastguard Worker# Allow the BoringSSL self test to request a reboot upon failure 34*e4a36f41SAndroid Build Coastguard Workerset_prop(init, powerctl_prop) 35