1*e4a36f41SAndroid Build Coastguard Worker# kcmdlinectrl is a tool to have the bootloader send kernel commandline flags 2*e4a36f41SAndroid Build Coastguard Worker# for enabling dogfood features in the kernel 3*e4a36f41SAndroid Build Coastguard Workertype kcmdlinectrl, domain, coredomain; 4*e4a36f41SAndroid Build Coastguard Workertype kcmdlinectrl_exec, system_file_type, exec_type, file_type; 5*e4a36f41SAndroid Build Coastguard Worker 6*e4a36f41SAndroid Build Coastguard Workerinit_daemon_domain(kcmdlinectrl) 7*e4a36f41SAndroid Build Coastguard Worker 8*e4a36f41SAndroid Build Coastguard Worker# for setting kcmdline properties to match the bootloader state. 9*e4a36f41SAndroid Build Coastguard Workerset_prop(kcmdlinectrl, kcmdline_prop) 10*e4a36f41SAndroid Build Coastguard Worker 11*e4a36f41SAndroid Build Coastguard Worker# kcmdlinectrl communicates the request to the bootloader via the misc partition. 12*e4a36f41SAndroid Build Coastguard Worker# needs to write to update the request in misc partition, and read to sync 13*e4a36f41SAndroid Build Coastguard Worker# back to the property. 14*e4a36f41SAndroid Build Coastguard Workerallow kcmdlinectrl misc_block_device:blk_file rw_file_perms; 15*e4a36f41SAndroid Build Coastguard Workerallow kcmdlinectrl block_device:dir r_dir_perms; 16*e4a36f41SAndroid Build Coastguard Workerread_fstab(kcmdlinectrl) 17*e4a36f41SAndroid Build Coastguard Worker 18*e4a36f41SAndroid Build Coastguard Worker# bootloader_message tries to find the fstab in the device config path first, 19*e4a36f41SAndroid Build Coastguard Worker# but because we've already booted up we can use the ro.boot properties instead, 20*e4a36f41SAndroid Build Coastguard Worker# so we can just ignore the SELinux denial. 21*e4a36f41SAndroid Build Coastguard Workerdontaudit kcmdlinectrl sysfs_dt_firmware_android:dir search; 22*e4a36f41SAndroid Build Coastguard Workerdontaudit kcmdlinectrl vendor_property_type:file read; 23