init.te

allow init kmsg_device:chr_file write;
allow init tmpfs:file { open };
allow init tmpfs:lnk_file { create setattr };
allow init debugfs:dir mounton;
allow init kernel:system module_request;
allow init system_file:system module_load;
allow init gpu_device:file { setattr relabelto };
allow init tmpfs:file { relabelfrom };
allow init init:capability sys_module;
allow init device:chr_file { create unlink };
allow init proc:dir mounton;
allow init binfmt_miscfs:file w_file_perms;
allow init tmpfs:lnk_file create_file_perms;
# set attributes on /sys/class/gpio sym link
# chmod 0770 /sys/class/gpio/gpio66
allow init sysfs:lnk_file setattr;
allow init sysfs:dir { write add_name };
# userspace cannot create files in sys. ignore denial
dontaudit init sysfs_devices_system_cpu:dir write;
allow init { cache_file storage_file }:dir mounton;
# /config
allow init configfs:{ file lnk_file } create_file_perms;
allow init cgroup:file create;
allow init sw_sync_device:file { relabelto setattr read write open ioctl };
allow init sysfs:file create;
allow init devpts:chr_file { ioctl };
allow init audio_device:chr_file { write ioctl };
allow init platform_app:unix_stream_socket { read };

allow init debugfs_pstate:file w_file_perms;
allow init userdata_block_device:blk_file write;
allow init misc_block_device:blk_file write;
allow init kernel:key search;