selinux: Allow recovery to do recursive deletes
Our partial wipes (preserving media) require that recovery can rmdir dirs and getattr files Change-Id: I206f74131f9a37c5887ef30062adeabb58beaa3a
This commit is contained in:
parent
444ce4a6b1
commit
c738cc26ca
|
@ -1,7 +1,7 @@
|
|||
# Support asec containers getting mounted
|
||||
allow file_type rootfs:filesystem associate;
|
||||
|
||||
type auditd_log, file_type;
|
||||
type auditd_log, file_type, data_file_type;
|
||||
|
||||
# Themes
|
||||
type theme_data_file, file_type, data_file_type;
|
||||
|
|
|
@ -24,4 +24,11 @@ allow recovery media_rw_data_file:file r_file_perms;
|
|||
# Control properties
|
||||
allow recovery recovery_prop:property_service set;
|
||||
|
||||
# recursive rm for wipes... :(
|
||||
allow recovery file_type:dir { rw_dir_perms rmdir };
|
||||
allow recovery file_type:notdevfile_class_set { unlink getattr };
|
||||
# wipe saves and restores the layout version
|
||||
allow recovery install_data_file:file create_file_perms;
|
||||
allow recovery system_data_file:file create;
|
||||
|
||||
')
|
||||
|
|
Loading…
Reference in New Issue