Gitiles
Code Review Sign In
review.blissroms.org / platform_vendor_bliss / 63984ef36127932fbd2b930582b48e5561308fb5 / . / sepolicy / recovery.te
blob: 708d9b6285f4284ab4890ec4f27282f44eed5c34 [file] [log] [blame]
Steve Kondik06ec5852014-12-01 10:38:25 -0800[diff] [blame]1recovery_only(`
2
Tom Marshall39a42442014-11-26 13:26:14 -0800[diff] [blame]3# Secure adb (setup_adbd)
4allow adbd adb_keys_file:dir search;
Steve Kondik06ec5852014-12-01 10:38:25 -0800[diff] [blame]5allow recovery adb_keys_file:dir r_dir_perms;
Tom Marshall39a42442014-11-26 13:26:14 -0800[diff] [blame]6allow recovery adb_keys_file:file r_file_perms;
7allow recovery shell_prop:property_service set;
8
9# Recovery dialogs
10unix_socket_connect(recovery, vold, vold)
11allow recovery tmpfs:sock_file create_file_perms;
Steve Kondik06ec5852014-12-01 10:38:25 -0800[diff] [blame]12
13# Read packages.xml
Steve Kondik5b98d782016-08-26 03:28:00 -0700[diff] [blame]14#allow recovery system_data_file:file r_file_perms;
Steve Kondik06ec5852014-12-01 10:38:25 -0800[diff] [blame]15
16# Manage fstab and /adb_keys
Steve Kondik5b98d782016-08-26 03:28:00 -0700[diff] [blame]17#allow recovery rootfs:file create_file_perms;
18#allow recovery rootfs:file link;
19#allow recovery rootfs:dir { write create rmdir add_name remove_name };
Steve Kondik06ec5852014-12-01 10:38:25 -0800[diff] [blame]20
Matt Mower2806bc42014-12-19 10:45:10 -0600[diff] [blame]21# Read storage files and directories
Pat Erleyda1a9002016-04-19 11:34:09 -0700[diff] [blame]22allow recovery tmpfs:dir mounton;
Dan Pasanene33cc1d2014-12-14 10:36:10 -0600[diff] [blame]23allow recovery media_rw_data_file:dir r_dir_perms;
24allow recovery media_rw_data_file:file r_file_perms;
Matt Mower2806bc42014-12-19 10:45:10 -0600[diff] [blame]25allow recovery vfat:dir r_dir_perms;
26allow recovery vfat:file r_file_perms;
Steve Kondikaa38b562016-08-26 02:31:15 -0700[diff] [blame]27allow recovery sdcard_type:dir r_dir_perms;
28allow recovery sdcard_type:file r_file_perms;
Dan Pasanene33cc1d2014-12-14 10:36:10 -0600[diff] [blame]29
Steve Kondik06ec5852014-12-01 10:38:25 -0800[diff] [blame]30# Control properties
31allow recovery recovery_prop:property_service set;
32
AdrianDC36cb29d2016-02-08 19:12:58 +0100[diff] [blame]33# Set property sys.usb.ffs.ready
34allow recovery ffs_prop:property_service set;
35
Ricardo Cerqueirac738cc22015-01-03 04:23:08 +0000[diff] [blame]36# recursive rm for wipes... :(
Steve Kondik5b98d782016-08-26 03:28:00 -0700[diff] [blame]37#allow app_data_file self:filesystem associate;
38#allow recovery app_data_file:file { read open create write };
39#allow recovery app_data_file:filesystem { relabelto relabelfrom mount unmount };
Pat Erleydb4fb0e2016-01-12 17:46:52 -0800[diff] [blame]40
Steve Kondik5b98d782016-08-26 03:28:00 -0700[diff] [blame]41#allow recovery file_type:dir { rw_dir_perms rmdir };
42#allow recovery file_type:notdevfile_class_set { unlink getattr };
Ricardo Cerqueirac738cc22015-01-03 04:23:08 +0000[diff] [blame]43# wipe saves and restores the layout version
Steve Kondik5b98d782016-08-26 03:28:00 -0700[diff] [blame]44#allow recovery install_data_file:file create_file_perms;
45#allow recovery system_data_file:file create_file_perms;
Ricardo Cerqueirac738cc22015-01-03 04:23:08 +0000[diff] [blame]46
Ricardo Cerqueirac75446d2015-02-05 22:33:47 +0000[diff] [blame]47# /cache/recovery things: command and logs
Steve Kondik5b98d782016-08-26 03:28:00 -0700[diff] [blame]48allow recovery cache_recovery_file:dir create_dir_perms;
49allow recovery cache_recovery_file:file create_file_perms;
Ricardo Cerqueirac75446d2015-02-05 22:33:47 +0000[diff] [blame]50
Steve Kondik74891fa2015-08-05 17:54:33 -0700[diff] [blame]51# set system properties for various things
52allow recovery system_prop:property_service set;
Steve Kondik06ec5852014-12-01 10:38:25 -0800[diff] [blame]53')