| Steve Kondik | 06ec585 | 2014-12-01 10:38:25 -0800 | [diff] [blame] | 1 | recovery_only(` |
| 2 | |
| Tom Marshall | 39a4244 | 2014-11-26 13:26:14 -0800 | [diff] [blame] | 3 | # Secure adb (setup_adbd) |
| 4 | allow adbd adb_keys_file:dir search; |
| Steve Kondik | 06ec585 | 2014-12-01 10:38:25 -0800 | [diff] [blame] | 5 | allow recovery adb_keys_file:dir r_dir_perms; |
| Tom Marshall | 39a4244 | 2014-11-26 13:26:14 -0800 | [diff] [blame] | 6 | allow recovery adb_keys_file:file r_file_perms; |
| 7 | allow recovery shell_prop:property_service set; |
| 8 | |
| 9 | # Recovery dialogs |
| 10 | unix_socket_connect(recovery, vold, vold) |
| 11 | allow recovery tmpfs:sock_file create_file_perms; |
| Steve Kondik | 06ec585 | 2014-12-01 10:38:25 -0800 | [diff] [blame] | 12 | |
| 13 | # Read packages.xml |
| 14 | allow recovery system_data_file:file r_file_perms; |
| 15 | |
| 16 | # Manage fstab and /adb_keys |
| 17 | allow recovery rootfs:file create_file_perms; |
| 18 | allow recovery rootfs:dir { write add_name }; |
| 19 | |
| Dan Pasanen | e33cc1d | 2014-12-14 10:36:10 -0600 | [diff] [blame^] | 20 | # Read /data/media files and directories |
| 21 | allow recovery media_rw_data_file:dir r_dir_perms; |
| 22 | allow recovery media_rw_data_file:file r_file_perms; |
| 23 | |
| Steve Kondik | 06ec585 | 2014-12-01 10:38:25 -0800 | [diff] [blame] | 24 | # Control properties |
| 25 | allow recovery recovery_prop:property_service set; |
| 26 | |
| 27 | ') |