| type init_foreground, domain; |
| type init_foreground_exec, exec_type, file_type; |
| |
| init_daemon_domain(init_foreground) |
| |
| allow init_foreground proc:file getattr; |
| allow init_foreground proc_iomem:file getattr; |
| allow init_foreground proc_meminfo:file getattr; |
| allow init_foreground proc_sysrq:file getattr; |
| allow init_foreground shell_exec:file { getattr read }; |
| allow init_foreground toolbox_exec:file rx_file_perms; |
| |
| allow init_foreground domain:dir { getattr search }; |
| allow init_foreground domain:file { read open }; |
| |
| allow init_foreground kernel:process setsched; |
