init.te - platform/external/sepolicy - Git at Google

 # init switches to init domain (via init.rc).
 type init, domain;
 # init is unconfined.
 unconfined_domain(init)
 tmpfs_domain(init)
 relabelto_domain(init)
 # add a rule to handle unlabelled mounts
 allow init unlabeled:filesystem mount;

 allow init {fs_type dev_type file_type}:dir_file_class_set relabelto;
 allow init kernel:security load_policy;
 allow init usermodehelper:file rw_file_perms;
 allow init proc_security:file rw_file_perms;
	# init switches to init domain (via init.rc).
	type init, domain;
	# init is unconfined.
	unconfined_domain(init)
	tmpfs_domain(init)
	relabelto_domain(init)
	# add a rule to handle unlabelled mounts
	allow init unlabeled:filesystem mount;

	allow init {fs_type dev_type file_type}:dir_file_class_set relabelto;
	allow init kernel:security load_policy;
	allow init usermodehelper:file rw_file_perms;
	allow init proc_security:file rw_file_perms;