From 536b33349c483e3cdb54cc926faba678f405be82 Mon Sep 17 00:00:00 2001
From: William Roberts <william.c.roberts@intel.com>
Date: Tue, 1 Mar 2016 10:53:29 -0800
Subject: [PATCH] init: keep init out of system_app sandboxes

Change-Id: Idaf59ab51f7873d4d75969c5f4e62b5fbf608ef5
Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
 init.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/init.te b/init.te
index 1b99e902f..747f771bf 100644
--- a/init.te
+++ b/init.te
@@ -104,6 +104,7 @@ allow init {
   -system_file
   -exec_type
   -app_data_file
+  -system_app_data_file
 }:dir { create search getattr open read setattr ioctl };
 
 allow init {
@@ -112,6 +113,7 @@ allow init {
   -exec_type
   -keystore_data_file
   -app_data_file
+  -system_app_data_file
   -shell_data_file
   -vold_data_file
   -misc_logd_file
@@ -123,6 +125,7 @@ allow init {
   -exec_type
   -keystore_data_file
   -app_data_file
+  -system_app_data_file
   -shell_data_file
   -vold_data_file
   -misc_logd_file
@@ -134,6 +137,7 @@ allow init {
   -exec_type
   -keystore_data_file
   -app_data_file
+  -system_app_data_file
   -shell_data_file
   -vold_data_file
   -misc_logd_file
@@ -145,6 +149,7 @@ allow init {
   -exec_type
   -keystore_data_file
   -app_data_file
+  -system_app_data_file
   -shell_data_file
   -vold_data_file
   -misc_logd_file
-- 
GitLab