pa-fazil
/
android_vendor_aospa
mirror of https://github.com/fazilsheik96/android_vendor_aospa.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

sepolicy: Sync recovery sepolicy rules from LineageOS 

Change-Id: Ie10f830a1dd58fdb89118216feb4e32b1b6a22c0
Signed-off-by: Abhay Singh Gill <abhaygill017@gmail.com>
This commit is contained in:
ReallySnow 2024-07-13 20:46:03 +05:30 committed by Fazil Sheik
parent 86c7fb551a
commit e65a55e0b8
2 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
sepolicy/private/mkfs.te Normal file
View File

@ -0,0 +1,9 @@
type mkfs, coredomain, domain;
type mkfs_exec, system_file_type, exec_type, file_type;
init_daemon_domain(mkfs)
# Allow formatting userdata or cache partitions
allow mkfs block_device:dir search;
allow mkfs userdata_block_device:blk_file rw_file_perms;
allow mkfs cache_block_device:blk_file rw_file_perms;

20
sepolicy/private/recovery.te Normal file
View File

@ -0,0 +1,20 @@
recovery_only(`
userdebug_or_eng(`
permissive recovery;
')
# Volume manager
allow recovery block_device:dir create_dir_perms;
allow recovery block_device:blk_file { create unlink rw_file_perms };
allow recovery self:capability { mknod fsetid };
allow recovery proc_filesystems:file r_file_perms;
allow recovery self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
allow recovery sysfs:file w_file_perms; # writing to /sys/*/uevent during coldboot.
allow recovery tmpfs:file link;
allow recovery rootfs:dir w_dir_perms;
allow recovery rootfs:file { create_file_perms link };
allow recovery media_rw_data_file:dir r_dir_perms;
# Read fbe encryption info
r_dir_file(recovery, unencrypted_data_file)
')