| # /dev/tty* I/O. Needed for /dev/ttyS0 |
| allow init serial_device:chr_file rw_file_perms; |
| |
| # Write to /configfs files. Needed only for /config/usb_gadget subtree. |
| allow init configfs:file w_file_perms; |
| allow init configfs:lnk_file create; |
| |
| # Add loadable modules. Needed for usbfunc:diag, usbfunc:diag, usbfunc:gsi, usbfunc:qdss modules. |
| allow init kernel:system module_request; |
| |
| # binfmt_misc arm for ndk translator |
| allow init binfmt_miscfs:file w_file_perms; |
| allow init proc:dir mounton; |
| |
| # init relabel vbmeta* and boot* symlinks under /dev/block/by-name/. |
| allow init ab_block_device:lnk_file relabelto; |
| allow init boot_block_device:lnk_file relabelto; |
| |
| # init needs to tune block device |
| allow init sysfs_devices_block:file w_file_perms; |
| |
| # /mnt/sdcard -> /storage/self/primary symlink is deprecated. Ignore attempts to |
| # create it. This denial is fixed in core policy in Android R aosp/943799. |
| dontaudit init tmpfs:lnk_file create; |
| |
| # permit mount of virtiofs on /mnt/vendor/shared |
| allow init mnt_vendor_file:dir mounton; |
| |
| allow init keymaster_device:chr_file rw_file_perms; |
| allow init gatekeeper_device:chr_file rw_file_perms; |
| allow init bt_device:chr_file rw_file_perms; |
| |
| allow init frp_block_device:blk_file setattr; |
