Blame - sepolicy/recovery.te - platform_vendor_bliss

blob: bc53de6964a072b781914ea122e1021134c20437 [file] [log] [blame]

Steve Kondik	2cb837d	2014-12-01 10:38:25 -0800	[diff] [blame]	1	recovery_only(`
				2
Tom Marshall	4ad487b	2014-11-26 13:26:14 -0800	[diff] [blame]	3	# Secure adb (setup_adbd)
				4	allow adbd adb_keys_file:dir search;
Steve Kondik	2cb837d	2014-12-01 10:38:25 -0800	[diff] [blame]	5	allow recovery adb_keys_file:dir r_dir_perms;
Tom Marshall	4ad487b	2014-11-26 13:26:14 -0800	[diff] [blame]	6	allow recovery adb_keys_file:file r_file_perms;
				7	allow recovery shell_prop:property_service set;
				8
				9	# Recovery dialogs
				10	unix_socket_connect(recovery, vold, vold)
				11	allow recovery tmpfs:sock_file create_file_perms;
Steve Kondik	2cb837d	2014-12-01 10:38:25 -0800	[diff] [blame]	12
				13	# Read packages.xml
Steve Kondik	9545446	2016-08-26 03:28:00 -0700	[diff] [blame]	14	#allow recovery system_data_file:file r_file_perms;
Steve Kondik	2cb837d	2014-12-01 10:38:25 -0800	[diff] [blame]	15
				16	# Manage fstab and /adb_keys
Steve Kondik	9545446	2016-08-26 03:28:00 -0700	[diff] [blame]	17	#allow recovery rootfs:file create_file_perms;
				18	#allow recovery rootfs:file link;
				19	#allow recovery rootfs:dir { write create rmdir add_name remove_name };
Steve Kondik	2cb837d	2014-12-01 10:38:25 -0800	[diff] [blame]	20
Matt Mower	ff280c9	2014-12-19 10:45:10 -0600	[diff] [blame]	21	# Read storage files and directories
Dan Pasanen	4d0df98	2014-12-14 10:36:10 -0600	[diff] [blame]	22	allow recovery media_rw_data_file:dir r_dir_perms;
				23	allow recovery media_rw_data_file:file r_file_perms;
Matt Mower	ff280c9	2014-12-19 10:45:10 -0600	[diff] [blame]	24	allow recovery vfat:dir r_dir_perms;
				25	allow recovery vfat:file r_file_perms;
Steve Kondik	12e7c02	2016-08-26 02:31:15 -0700	[diff] [blame]	26	allow recovery sdcard_type:dir r_dir_perms;
				27	allow recovery sdcard_type:file r_file_perms;
Dan Pasanen	4d0df98	2014-12-14 10:36:10 -0600	[diff] [blame]	28
Steve Kondik	2cb837d	2014-12-01 10:38:25 -0800	[diff] [blame]	29	# Control properties
				30	allow recovery recovery_prop:property_service set;
				31
Ricardo Cerqueira	656d328	2015-01-03 04:23:08 +0000	[diff] [blame]	32	# recursive rm for wipes... :(
Steve Kondik	9545446	2016-08-26 03:28:00 -0700	[diff] [blame]	33	#allow app_data_file self:filesystem associate;
				34	#allow recovery app_data_file:file { read open create write };
				35	#allow recovery app_data_file:filesystem { relabelto relabelfrom mount unmount };
				36
				37	#allow recovery file_type:dir { rw_dir_perms rmdir };
				38	#allow recovery file_type:notdevfile_class_set { unlink getattr };
Ricardo Cerqueira	656d328	2015-01-03 04:23:08 +0000	[diff] [blame]	39	# wipe saves and restores the layout version
Steve Kondik	9545446	2016-08-26 03:28:00 -0700	[diff] [blame]	40	#allow recovery install_data_file:file create_file_perms;
				41	#allow recovery system_data_file:file create_file_perms;
Ricardo Cerqueira	656d328	2015-01-03 04:23:08 +0000	[diff] [blame]	42
Ricardo Cerqueira	afc84b5	2015-02-05 22:33:47 +0000	[diff] [blame]	43	# /cache/recovery things: command and logs
Steve Kondik	9545446	2016-08-26 03:28:00 -0700	[diff] [blame]	44	allow recovery cache_recovery_file:dir create_dir_perms;
				45	allow recovery cache_recovery_file:file create_file_perms;
Ricardo Cerqueira	afc84b5	2015-02-05 22:33:47 +0000	[diff] [blame]	46
Steve Kondik	4a75d3f	2015-08-05 17:54:33 -0700	[diff] [blame]	47	# set system properties for various things
				48	allow recovery system_prop:property_service set;
Steve Kondik	2cb837d	2014-12-01 10:38:25 -0800	[diff] [blame]	49	')