recovery: Add new rules for recursive wipe We now use a temporary context when mounting /data, so add permissions to do that, and add permissions necessary to do the recursive wipe. Change-Id: Ic925c70f1cf01c8b19a6ac48a9468d6eb9205321

commit: db4fb0ee6b7396c31a016ae9975892d26ed719f3 [log] [tgz]
author: Pat Erley <perley@cyngn.com> Tue Jan 12 17:46:52 2016 -0800
committer: Gerrit Code Review <gerrit@cyanogenmod.org> Thu Jan 28 15:20:51 2016 -0800
tree: e0b2bf45a0a4534bd8d535c30850ea013db4ce33
parent: 86020c90661be88e09b1132fded7018ce259bd4d [diff] [blame]
diff --git a/sepolicy/recovery.te b/sepolicy/recovery.te
index e2efee4..76e7a62 100644
--- a/sepolicy/recovery.te
+++ b/sepolicy/recovery.te

@@ -30,6 +30,10 @@
 allow recovery recovery_prop:property_service set;
 
 # recursive rm for wipes... :(
+allow app_data_file self:filesystem associate;
+allow recovery app_data_file:file { read open create write };
+allow recovery app_data_file:filesystem { relabelto relabelfrom mount unmount };
+
 allow recovery file_type:dir { rw_dir_perms rmdir };
 allow recovery file_type:notdevfile_class_set { unlink getattr };
 # wipe saves and restores the layout version
commit	db4fb0ee6b7396c31a016ae9975892d26ed719f3	[log] [tgz]
author	Pat Erley <perley@cyngn.com>	Tue Jan 12 17:46:52 2016 -0800
committer	Gerrit Code Review <gerrit@cyanogenmod.org>	Thu Jan 28 15:20:51 2016 -0800
tree	e0b2bf45a0a4534bd8d535c30850ea013db4ce33
parent	86020c90661be88e09b1132fded7018ce259bd4d [diff] [blame]