sepolicy/init_power.te - device/google/marlin - Git at Google

 type init_power, domain;
 type init_power_exec, exec_type, file_type;

 init_daemon_domain(init_power)

 allow init_power rootfs:file r_file_perms;
 allow init_power shell_exec:file rx_file_perms;
 allow init_power toolbox_exec:file rx_file_perms;

 # files are created in /sys as this script executes. Grant
 # access to all of /sys to make this robust.
 r_dir_file(init_power, sysfs_type)
 allow init_power sysfs:file { rw_file_perms relabelfrom };
 allow init_power sysfs:dir { relabelfrom r_dir_perms };
 allow init_power sysfs_devices_system_cpu:dir relabelto;
 allow init_power sysfs_devices_system_cpu:file { relabelto w_file_perms };
 allow init_power sysfs_msm_subsys:file w_file_perms;
 allow init_power sysfs_thermal:file w_file_perms;
 allow init_power sysfs_power_management:file write;

 # write to files proc/sys/kernel/sched_*
 allow init_power proc_kernel_sched:file w_file_perms;
	type init_power, domain;
	type init_power_exec, exec_type, file_type;

	init_daemon_domain(init_power)

	allow init_power rootfs:file r_file_perms;
	allow init_power shell_exec:file rx_file_perms;
	allow init_power toolbox_exec:file rx_file_perms;

	# files are created in /sys as this script executes. Grant
	# access to all of /sys to make this robust.
	r_dir_file(init_power, sysfs_type)
	allow init_power sysfs:file { rw_file_perms relabelfrom };
	allow init_power sysfs:dir { relabelfrom r_dir_perms };
	allow init_power sysfs_devices_system_cpu:dir relabelto;
	allow init_power sysfs_devices_system_cpu:file { relabelto w_file_perms };
	allow init_power sysfs_msm_subsys:file w_file_perms;
	allow init_power sysfs_thermal:file w_file_perms;
	allow init_power sysfs_power_management:file write;

	# write to files proc/sys/kernel/sched_*
	allow init_power proc_kernel_sched:file w_file_perms;