cm: sepolicy: Add contexts for cm recovery

* Allow setup of secure adb (setup_adbd)

 * minivold in recovery

Change-Id: Id1243154f4016b59e54890404cadea46a2aad212

sepolicy/file_contexts

@@ -6,6 +6,9 @@
 
 /system/bin/sysinit       u:object_r:sysinit_exec:s0
 
+# For minivold in recovery
+/sbin/minivold            u:object_r:vold_exec:s0
+
 #############################
 # performance-related sysfs files (CM)
 /sys/kernel/mm/ksm(/.*)?       --          u:object_r:sysfs_writable:s0

sepolicy/recovery.te

@@ -0,0 +1,8 @@
+# Secure adb (setup_adbd)
+allow adbd adb_keys_file:dir search;
+allow recovery adb_keys_file:file r_file_perms;
+allow recovery shell_prop:property_service set;
+
+# Recovery dialogs
+unix_socket_connect(recovery, vold, vold)
+allow recovery tmpfs:sock_file create_file_perms;

sepolicy/sepolicy.mk

@@ -16,6 +16,7 @@ BOARD_SEPOLICY_UNION += \
     healthd.te \
     installd.te \
     netd.te \
+    recovery.te \
     su.te \
     sysinit.te \
     system.te \

sepolicy/vold.te

@@ -1,3 +1,5 @@
+domain_trans(init, rootfs, vold)
+
 # Allow vold to manage ASEC
 allow vold sdcard_external:file create_file_perms;