From 9e96824161ddf1d6af516f44cad4d0e904a7abed Mon Sep 17 00:00:00 2001
From: topjohnwu <topjohnwu@gmail.com>
Date: Sat, 4 Nov 2017 04:04:00 +0800
Subject: [PATCH] Add pre-init rules

---
 rules.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/rules.c b/rules.c
index c33f651c1..e85dd2e13 100644
--- a/rules.c
+++ b/rules.c
@@ -163,6 +163,14 @@ void sepol_min_rules() {
 	sepol_attradd("su", "mlstrustedsubject");
 	sepol_attradd("su_device", "mlstrustedobject");
 
+	// Let pre-init do stuffs
+	sepol_allow("kernel", "kernel", "security", "load_policy");
+	sepol_allow("kernel", "device", "dir", "write");
+	sepol_allow("kernel", "device", "dir", "add_name");
+	sepol_allow("kernel", "device", "file", "create");
+	sepol_allow("kernel", "device", "file", "open");
+	sepol_allow("kernel", "device", "file", "read");
+
 	// Let init run stuffs in su context
 	sepol_allow("kernel", "su", "fd", "use");
 	sepol_allow("init", "su", "process", ALL);