Merge "Add a domain for the recovery console."

commit: 200e97dda1d046a2daf9f58624601692e4daee78 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Mon Jan 13 16:55:51 2014 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Mon Jan 13 16:55:52 2014 +0000
tree: 52bafbceda95de241e63705459d8672bbfa5de7a
parent: 40ce0bb81bb496daf27f36a887b133c9f277f2fc [diff]
parent: 6d10ca8fb6b2938b4b45a7512e483420d892842a [diff]
diff --git a/recovery.te b/recovery.te
new file mode 100644
index 0000000..a52b2b5
--- /dev/null
+++ b/recovery.te

@@ -0,0 +1,11 @@
+# recovery console (used in recovery init.rc for /sbin/recovery)
+type recovery, domain;
+allow recovery rootfs:file entrypoint;
+unconfined_domain(recovery)
+relabelto_domain(recovery)
+
+allow recovery {fs_type dev_type -kmem_device file_type}:dir_file_class_set relabelto;
+allow recovery unlabeled:filesystem mount;
+
+allow recovery self:process execmem;
+allow recovery cache_file:file rx_file_perms;
commit	200e97dda1d046a2daf9f58624601692e4daee78	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Mon Jan 13 16:55:51 2014 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Mon Jan 13 16:55:52 2014 +0000
tree	52bafbceda95de241e63705459d8672bbfa5de7a
parent	40ce0bb81bb496daf27f36a887b133c9f277f2fc [diff]
parent	6d10ca8fb6b2938b4b45a7512e483420d892842a [diff]