selinux: Allow recovery to do recursive deletes Our partial wipes (preserving media) require that recovery can rmdir dirs and getattr files Change-Id: I206f74131f9a37c5887ef30062adeabb58beaa3a

commit: c738cc26ca7d899e20b0ef68748da48893358c96 [log] [tgz]
author: Ricardo Cerqueira <ricardo@cyngn.com> Sat Jan 03 04:23:08 2015 +0000
committer: Ricardo Cerqueira <ricardo@cyngn.com> Sat Jan 03 04:23:08 2015 +0000
tree: a1e1c2ac0fe92fb2d9e826cb10538f493b709a2f
parent: 444ce4a6b18862944fe155074a2bd76c0a993eb3 [diff] [blame]
diff --git a/sepolicy/recovery.te b/sepolicy/recovery.te
index 6110f9a..87d2412 100644
--- a/sepolicy/recovery.te
+++ b/sepolicy/recovery.te

@@ -24,4 +24,11 @@
 # Control properties
 allow recovery recovery_prop:property_service set;
 
+# recursive rm for wipes... :(
+allow recovery file_type:dir { rw_dir_perms rmdir };
+allow recovery file_type:notdevfile_class_set { unlink getattr };
+# wipe saves and restores the layout version
+allow recovery install_data_file:file create_file_perms;
+allow recovery system_data_file:file create;
+
 ')
commit	c738cc26ca7d899e20b0ef68748da48893358c96	[log] [tgz]
author	Ricardo Cerqueira <ricardo@cyngn.com>	Sat Jan 03 04:23:08 2015 +0000
committer	Ricardo Cerqueira <ricardo@cyngn.com>	Sat Jan 03 04:23:08 2015 +0000
tree	a1e1c2ac0fe92fb2d9e826cb10538f493b709a2f
parent	444ce4a6b18862944fe155074a2bd76c0a993eb3 [diff] [blame]