type init_citadel, domain; | |
type init_citadel_exec, exec_type, vendor_file_type, file_type; | |
# Shell script exec (toolbox) | |
allow init_citadel vendor_shell_exec:file r_file_perms; | |
allow init_citadel vendor_toolbox_exec:file rx_file_perms; | |
allow init_citadel vendor_file:file rx_file_perms; | |
# Citadel communication must be via citadeld | |
vndbinder_use(init_citadel) | |
binder_call(init_citadel, citadeld) | |
allow init_citadel citadeld_service:service_manager find; | |
init_daemon_domain(init_citadel) |