Gitiles
Code Review Sign In
review.blissroms.org / platform_vendor_bliss / c738cc26ca7d899e20b0ef68748da48893358c96 / . / sepolicy / recovery.te
blob: 87d2412014f9f6e97f4ceb7afee697db845fe352 [file] [log] [blame]
Steve Kondik06ec5852014-12-01 10:38:25 -0800[diff] [blame]1recovery_only(`
2
Tom Marshall39a42442014-11-26 13:26:14 -0800[diff] [blame]3# Secure adb (setup_adbd)
4allow adbd adb_keys_file:dir search;
Steve Kondik06ec5852014-12-01 10:38:25 -0800[diff] [blame]5allow recovery adb_keys_file:dir r_dir_perms;
Tom Marshall39a42442014-11-26 13:26:14 -0800[diff] [blame]6allow recovery adb_keys_file:file r_file_perms;
7allow recovery shell_prop:property_service set;
8
9# Recovery dialogs
10unix_socket_connect(recovery, vold, vold)
11allow recovery tmpfs:sock_file create_file_perms;
Steve Kondik06ec5852014-12-01 10:38:25 -0800[diff] [blame]12
13# Read packages.xml
14allow recovery system_data_file:file r_file_perms;
15
16# Manage fstab and /adb_keys
17allow recovery rootfs:file create_file_perms;
18allow recovery rootfs:dir { write add_name };
19
Dan Pasanene33cc1d2014-12-14 10:36:10 -0600[diff] [blame]20# Read /data/media files and directories
21allow recovery media_rw_data_file:dir r_dir_perms;
22allow recovery media_rw_data_file:file r_file_perms;
23
Steve Kondik06ec5852014-12-01 10:38:25 -0800[diff] [blame]24# Control properties
25allow recovery recovery_prop:property_service set;
26
Ricardo Cerqueirac738cc22015-01-03 04:23:08 +0000[diff] [blame^]27# recursive rm for wipes... :(
28allow recovery file_type:dir { rw_dir_perms rmdir };
29allow recovery file_type:notdevfile_class_set { unlink getattr };
30# wipe saves and restores the layout version
31allow recovery install_data_file:file create_file_perms;
32allow recovery system_data_file:file create;
33
Steve Kondik06ec5852014-12-01 10:38:25 -0800[diff] [blame]34')