blob: 46e0eb328f8c46957b035d7786c159d73e7c7b15 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
type init-power-sh, domain, device_domain_deprecated;
type init-power-sh_exec, exec_type, file_type;
init_daemon_domain(init-power-sh)
allow init-power-sh proc_kernel_sched:file w_file_perms;
allow init-power-sh self:capability net_admin;
allow init-power-sh shell_exec:file r_file_perms;
allow init-power-sh sysfs_devices_system_cpu:file w_file_perms;
allow init-power-sh sysfs_performance:dir search;
allow init-power-sh sysfs_performance:file w_file_perms;
allow init-power-sh sysfs_thermal:dir search;
allow init-power-sh sysfs_thermal:file w_file_perms;
allow init-power-sh sysfs_power_management:file w_file_perms;
# interactive files in /sys receive the default sysfs context when created
# after the restorecon of /sys/. Allow init-power-sh to restorecon sysfs files
# and symlinks to sysfs_devices_system_cpu
allow init-power-sh sysfs:{ dir file lnk_file } relabelfrom;
allow init-power-sh sysfs_devices_system_cpu:{ dir file lnk_file } relabelto;
allow init-power-sh file_contexts_file:file r_file_perms;
# execute toybox/toolbox
allow init-power-sh toolbox_exec:file rx_file_perms;
|
