Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / sepolicy / 35102f584b81e2c38073863a368cd3209cf0a4c8 / . / recovery.te
blob: b6f82c7834d1323a897f294ed730a4eb374c2960 [file] [log] [blame]
Stephen Smalley6d10ca82014-01-13 09:45:45 -0500[diff] [blame]1# recovery console (used in recovery init.rc for /sbin/recovery)
2type recovery, domain;
3allow recovery rootfs:file entrypoint;
4unconfined_domain(recovery)
5relabelto_domain(recovery)
6
Stephen Smalley04ee5df2014-01-30 13:23:08 -0500[diff] [blame]7allow recovery self:capability2 mac_admin;
8
Stephen Smalley6d10ca82014-01-13 09:45:45 -0500[diff] [blame]9allow recovery {fs_type dev_type -kmem_device file_type}:dir_file_class_set relabelto;
10allow recovery unlabeled:filesystem mount;
Stephen Smalleyb081cc12014-02-10 13:29:38 -0500[diff] [blame]11allow recovery fs_type:filesystem *;
Stephen Smalley6d10ca82014-01-13 09:45:45 -0500[diff] [blame]12
Stephen Smalley3f40d4f2014-02-11 14:40:14 -0500[diff] [blame]13# Required to e.g. wipe userdata/cache.
14allow recovery dev_type:blk_file rw_file_perms;
15
Stephen Smalley6d10ca82014-01-13 09:45:45 -0500[diff] [blame]16allow recovery self:process execmem;
Stephen Smalley9fe4e7b2014-01-13 15:32:11 -0500[diff] [blame]17allow recovery ashmem_device:chr_file execute;
Stephen Smalley9a407022014-01-13 14:03:47 -0500[diff] [blame]18allow recovery tmpfs:file rx_file_perms;
Stephen Smalley5487ca02014-02-10 16:31:04 -0500[diff] [blame]19
20## TODO: Investigate whether it is safe to remove these
21allow recovery self:capability { sys_rawio mknod };
22auditallow recovery self:capability { sys_rawio mknod };