Gitiles
Code Review Sign In
review.blissroms.org / platform_vendor_bliss / 06ec5853f36138ffdadca3e577f251b0381f3777^! / . / sepolicy
commit06ec5853f36138ffdadca3e577f251b0381f3777[log] [tgz]
authorSteve Kondik <steve@cyngn.com>Mon Dec 01 10:38:25 2014 -0800
committerSteve Kondik <shade@chemlab.org>Tue Dec 09 22:20:14 2014 +0000
treef56cc7433b252d5375c6920d1989bb47ddaced19
parentc4f6b977c5b320b7ccef98f5ba9fa716ceacfd82 [diff]
sepolicy: More rules for recovery

Change-Id: Ie50c04eb83cb9c62f679a1c1aa2ac482af159f7e

diff --git a/sepolicy/property.te b/sepolicy/property.te
index 6892010..fe7d9b2 100644
--- a/sepolicy/property.te
+++ b/sepolicy/property.te

@@ -1 +1,2 @@
 type adbtcp_prop, property_type;
+type recovery_prop, property_type;

diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts
index e5566dc..b3a3540 100644
--- a/sepolicy/property_contexts
+++ b/sepolicy/property_contexts

@@ -1 +1,3 @@
 service.adb.tcp.port          u:object_r:adbtcp_prop:s0
+recovery.perf.mode            u:object_r:recovery_prop:s0
+adb.secure                    u:object_r:recovery_prop:s0

diff --git a/sepolicy/recovery.te b/sepolicy/recovery.te
index 06bef3f..9d17beb 100644
--- a/sepolicy/recovery.te
+++ b/sepolicy/recovery.te

@@ -1,8 +1,23 @@
+recovery_only(`
+
 # Secure adb (setup_adbd)
 allow adbd adb_keys_file:dir search;
+allow recovery adb_keys_file:dir r_dir_perms;
 allow recovery adb_keys_file:file r_file_perms;
 allow recovery shell_prop:property_service set;
 
 # Recovery dialogs
 unix_socket_connect(recovery, vold, vold)
 allow recovery tmpfs:sock_file create_file_perms;
+
+# Read packages.xml
+allow recovery system_data_file:file r_file_perms;
+
+# Manage fstab and /adb_keys
+allow recovery rootfs:file create_file_perms;
+allow recovery rootfs:dir { write add_name };
+
+# Control properties
+allow recovery recovery_prop:property_service set;
+
+')