2 files changed, 17 insertions, 0 deletions

diff --git a/sepolicy/sysinit.te b/sepolicy/sysinit.te
new file mode 100644
index 0000000..549fe58
--- /dev/null
+++ b/sepolicy/sysinit.te
@@ -0,0 +1,16 @@
+allow sysinit adsprpcd_file:dir getattr;
+allow sysinit cache_file:dir getattr;
+allow sysinit proc:file write;
+allow sysinit proc_dirty_ratio:file write;
+allow sysinit self:capability { dac_override dac_read_search };
+allow sysinit storage_file:dir getattr;
+allow sysinit system_block_device:blk_file read;
+allow sysinit proc:file open;
+allow sysinit proc_dirty_ratio:file open;
+allow sysinit system_block_device:blk_file open;
+allow sysinit proc:file read;
+allow sysinit proc_dirty_ratio:file read;
+allow sysinit system_block_device:blk_file ioctl;
+allow sysinit proc:file getattr;
+allow sysinit proc_dirty_ratio:file getattr;
+allow sysinit self:capability sys_admin;
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index 7c9fd5c..e9c07c8 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -17,3 +17,4 @@ allow system_server vold:process setsched;
 allow system_server zygote:process setsched;
 allow system_server diag_device:chr_file open;
 allow system_server diag_device:chr_file ioctl;
+allow system_server kernel:system syslog_read;