cm: sepolicy: Add contexts for cm recovery

* Allow setup of secure adb (setup_adbd) * minivold in recovery Change-Id: Id1243154f4016b59e54890404cadea46a2aad212
2014-11-26 13:26:14 -08:00 · 2014-11-26 13:26:14 -08:00 · 39a4244c77
commit 39a4244c77
parent d22efb80e1
4 changed files with 14 additions and 0 deletions
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@ -6,6 +6,9 @@

 /system/bin/sysinit       u:object_r:sysinit_exec:s0

+# For minivold in recovery
+/sbin/minivold            u:object_r:vold_exec:s0
+
 #############################
 # performance-related sysfs files (CM)
 /sys/kernel/mm/ksm(/.*)?       --          u:object_r:sysfs_writable:s0
--- a/sepolicy/recovery.te
+++ b/sepolicy/recovery.te
@ -0,0 +1,8 @@
+# Secure adb (setup_adbd)
+allow adbd adb_keys_file:dir search;
+allow recovery adb_keys_file:file r_file_perms;
+allow recovery shell_prop:property_service set;
+
+# Recovery dialogs
+unix_socket_connect(recovery, vold, vold)
+allow recovery tmpfs:sock_file create_file_perms;
--- a/sepolicy/sepolicy.mk
+++ b/sepolicy/sepolicy.mk
@ -16,6 +16,7 @@ BOARD_SEPOLICY_UNION += \
    healthd.te \
    installd.te \
    netd.te \
+    recovery.te \
    su.te \
    sysinit.te \
    system.te \
--- a/sepolicy/vold.te
+++ b/sepolicy/vold.te
@ -1,3 +1,5 @@
+domain_trans(init, rootfs, vold)
+
 # Allow vold to manage ASEC
 allow vold sdcard_external:file create_file_perms;