Lines Matching refs:init
1 typeattribute init coredomain;
3 tmpfs_domain(init)
5 # Transitions to seclabel processes in init.rc
6 domain_trans(init, rootfs, healthd)
7 domain_trans(init, rootfs, slideshow)
8 domain_auto_trans(init, charger_exec, charger)
9 domain_auto_trans(init, e2fs_exec, e2fs)
10 domain_auto_trans(init, bpfloader_exec, bpfloader)
14 domain_trans(init, rootfs, adbd)
15 domain_trans(init, rootfs, charger)
16 domain_trans(init, rootfs, fastbootd)
17 domain_trans(init, rootfs, recovery)
18 domain_trans(init, rootfs, linkerconfig)
20 domain_trans(init, shell_exec, shell)
21 domain_trans(init, init_exec, ueventd)
22 domain_trans(init, init_exec, vendor_init)
23 domain_trans(init, { rootfs toolbox_exec }, modprobe)
26 domain_auto_trans(init, logcat_exec, logpersist)
28 # allow init to execute services marked with seclabel u:r:su:s0 in userdebug/eng
29 allow init su:process transition;
30 dontaudit init su:process noatsecure;
31 allow init su:process { siginh rlimitinh };
34 # Allow init to figure out name of dm-device from it's /dev/block/dm-XX path.
38 allow init sysfs_dm:file read;
41 set_prop(init, powerctl_prop)
43 # Only init is allowed to set userspace reboot related properties.
44 set_prop(init, userspace_reboot_exported_prop)
45 neverallow { domain -init } userspace_reboot_exported_prop:property_service set;
47 # Second-stage init performs a test for whether the kernel has SELinux hooks
53 allow init self:perf_event { open cpu };
54 allow init self:global_capability2_class_set perfmon;
55 neverallow init self:perf_event { kernel tracepoint read write };
56 dontaudit init self:perf_event { kernel tracepoint read write };
58 # Only init is allowed to set the sysprop indicating whether perf_event_open()
60 set_prop(init, init_perf_lsm_hooks_prop)
61 neverallow { domain -init } init_perf_lsm_hooks_prop:property_service set;
63 # Only init can write vts.native_server.on
64 set_prop(init, vts_status_prop)
65 neverallow { -init } vts_status_prop:property_service set;
67 # Only init can write normal ro.boot. properties
68 neverallow { -init } bootloader_prop:property_service set;
70 # Only init can write hal.instrumentation.enable
71 neverallow { -init } hal_instrumentation_prop:property_service set;
73 # Only init can write ro.property_service.version
74 neverallow { -init } property_service_version_prop:property_service set;