From b4b417de55c9e8bd859516c7b038e78d0f82fd28 Mon Sep 17 00:00:00 2001
From: chengjinsong2 <chengjinsong2@huawei.com>
Date: Fri, 9 Jun 2023 21:09:30 +0800
Subject: [PATCH] feat:modify the se for sandbox

Signed-off-by: chengjinsong2 <chengjinsong2@huawei.com>
---
 sepolicy/ohos_policy/startup/init/system/init.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sepolicy/ohos_policy/startup/init/system/init.te b/sepolicy/ohos_policy/startup/init/system/init.te
index 52573dcdd..64d4e9d6e 100644
--- a/sepolicy/ohos_policy/startup/init/system/init.te
+++ b/sepolicy/ohos_policy/startup/init/system/init.te
@@ -403,7 +403,8 @@ allow init time_service:process { rlimitinh siginh transition };
 allow init tmpfs:blk_file { getattr relabelfrom };
 allow init tmpfs:chr_file { getattr relabelfrom write open read };
 allow init tmpfs:dir { add_name create mounton open read relabelfrom setattr write };
-allow init tmpfs:file { getattr relabelfrom };
+allow init tmpfs:file { getattr relabelfrom create open execute mounton };
+allow init system_lib_file:file { mounton };
 allow init tmpfs:lnk_file { create getattr relabelfrom };
 allow init tmpfs:sock_file { getattr relabelfrom };
 allow init token_sync_service:process { rlimitinh siginh transition };
-- 
Gitee