mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-01-12 16:09:36 -05:00
057bedb65b
- 14.1+15.1+16.0: enable kernel protections for files - protected_*: hardlinks, symlinks, fifos, regular - from GrapheneOS - defconfig: enable more verity options - cleanup
28 lines
943 B
Plaintext
28 lines
943 B
Plaintext
#============= init ==============
|
|
allow init rootfs:file create;
|
|
allow init rootfs:lnk_file setattr;
|
|
|
|
#============= recovery ==============
|
|
allow recovery pstorefs:dir search;
|
|
allow recovery pstorefs:file { open read };
|
|
allow recovery selinuxfs:file write;
|
|
allow recovery sysfs_devices_block:file { open write };
|
|
allow recovery sysfs_scsi_devices_0000:file { open write };
|
|
allow recovery sysfs_scsi_devices_other:file { open write };
|
|
|
|
|
|
|
|
|
|
#============= init ==============
|
|
allow init rootfs:file create;
|
|
|
|
#============= recovery ==============
|
|
allow recovery alarm_boot_prop:file { getattr open };
|
|
allow recovery alarm_handled_prop:file { getattr open };
|
|
allow recovery alarm_instance_prop:file { getattr open };
|
|
allow recovery bg_boot_complete_prop:file open;
|
|
allow recovery self:capability fsetid;
|
|
allow recovery self:capability2 syslog;
|
|
allow recovery selinuxfs:file write;
|
|
allow recovery sysfs_io_sched_tuneable:dir { open read search }
|