ADHOC/replicant-vendor_replicant
3
0
Fork 0
Code Issues 6 Pull Requests Releases Activity

sepolicy: Additional filesystem perms for recovery

Browse Source 
Change-Id: I66c785de7256ea64302a258af7c33cb717530343
This commit is contained in:
Matt Mower 2014-12-19 10:45:10 -06:00 committed by Gerrit Code Review
parent e9c2de0679
commit 2806bc4f0c
2 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sepolicy/recovery.te
View File

@ -15,11 +15,15 @@ allow recovery system_data_file:file r_file_perms;
# Manage fstab and /adb_keys
allow recovery rootfs:file create_file_perms;
allow recovery rootfs:dir { write add_name };
allow recovery rootfs:dir { write create rmdir add_name remove_name };
# Read /data/media files and directories
# Read storage files and directories
allow recovery media_rw_data_file:dir r_dir_perms;
allow recovery media_rw_data_file:file r_file_perms;
allow recovery vfat:dir r_dir_perms;
allow recovery vfat:file r_file_perms;
allow recovery sdcard_posix:dir r_dir_perms;
allow recovery sdcard_posix:file r_file_perms;
# Control properties
allow recovery recovery_prop:property_service set;

5
sepolicy/vold.te
View File

@ -8,3 +8,8 @@ allow vold fuse_device:chr_file rw_file_perms;
# NTFS-3g wants to drop permission
allow vold self:capability { setgid setuid };
# Vold can also run as minivold in the rootfs
recovery_only(`
allow vold rootfs:dir { add_name write };
')