sepolicy: Allow init to write in debugfs

avc: denied { write } for name="tracing_on" dev="debugfs" ino=3203 scontext=u:r:init:s0 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0 Change-Id: Ia3258d2d57088efd367d79de1a7d60fcb01a3e6a
author: Arne Coucheron <arco68@gmail.com> 2017-01-14 01:53:53 +0100
committer: davidevinavil <davidevinavil@gmail.com> 2017-01-27 18:20:46 +0100
commit: ca880489503387fba304ad89808addf2ea71e9fa (patch)
tree: 91f358471f2a485918091aea1ec0dde624012baf /sepolicy/init.te
parent: 49618bf00dd3983bb79be64e579d6cd75eb1f2a1 (diff)
1 files changed, 1 insertions, 3 deletions
diff --git a/sepolicy/init.te b/sepolicy/init.te
index 0776fab..23d7d46 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -1,4 +1,2 @@
-allow init vfat:file { read open };
-allow init socket_device:sock_file { create setattr unlink };
+allow init debugfs:file write;
 
-domain_trans(init, rootfs, dashd)
author	Arne Coucheron <arco68@gmail.com>	2017-01-14 01:53:53 +0100
committer	davidevinavil <davidevinavil@gmail.com>	2017-01-27 18:20:46 +0100
commit	ca880489503387fba304ad89808addf2ea71e9fa (patch)
tree	91f358471f2a485918091aea1ec0dde624012baf /sepolicy/init.te
parent	49618bf00dd3983bb79be64e579d6cd75eb1f2a1 (diff)