| type cros_init_shill, chromeos_domain, domain, cros_init_scripts_domain, cros_bootstat_domain, cros_metrics_client_domain; |
| |
| permissive cros_init_shill; |
| |
| domain_auto_trans(cros_init, cros_init_shill_shell_script, cros_init_shill); |
| |
| filetrans_pattern(cros_init_shill, cros_var_cache, cros_var_cache_shill, dir, "shill"); |
| filetrans_pattern(cros_init_shill, cros_var_lib, cros_var_lib_shill, dir, "shill"); |
| filetrans_pattern(cros_init_shill, cros_var_lib, cros_var_lib_shill, dir, "dhcpcd"); |
| filetrans_pattern(cros_init_shill, cros_run, cros_run_shill, dir); |
| |
| uma_writer(cros_init_shill); |
| r_dir_file(cros_init_shill, cros_passwd_file); |
| |
| allow cros_init_shill self:capability { chown fowner fsetid }; |
| allow cros_init_shill {cros_run_shill cros_var_lib_shill cros_var_cache_shill}:dir create_dir_perms; |
| allow cros_init_shill {cros_run_shill cros_var_lib_shill cros_var_cache_shill}:file create_file_perms; |
| allow cros_init_shill cros_home_chronos:dir search; |
| allow cros_init_shill cros_home_chronos:file getattr; |
| |
| allow cros_init_shill proc_net:file { getattr setattr }; |