ADHOC/replicant-vendor_replicant
3
0
Fork 0
Code Issues 6 Pull Requests Releases Activity
2,541 Commits 2 Branches 0 Tags 430 MiB
da1a9004f8
Commit Graph

12 Commits

Author SHA1 Message Date
Pat Erley
da1a9004f8 sepolicy: Allow recovery to mount on tmpfs 
/storage is a tmpfs volume, and is where updater stores its zip
when downloading updates.  Devices with emmc partitions that are
used as 'sdcard' volumes will end up with paths like:

  /storage/UUID/...../update.zip

where UUID is the mount point for the partition and update.zip is
the downloaded update.  With this change, minivold can create the
UUID folder and mount onto it, fixing the application of updates.

Change-Id: I4fa84fd590f5ff0f91e38c49cef0c179728fdf43
 2016-04-22 13:09:37 -07:00
AdrianDC
36cb29d509 recovery: Add new rule for sys.usb.ffs.ready 
init: avc:  denied  { set } for property=sys.usb.ffs.ready
    scontext=u:r:recovery:s0 tcontext=u:object_r:ffs_prop:s0
    tclass=property_service

Change-Id: Id3441ccc3c6a8915a5fdf50efd8c617d1242868a
 2016-02-23 16:28:56 -08:00
Pat Erley
db4fb0ee6b recovery: Add new rules for recursive wipe 
We now use a temporary context when mounting /data, so add permissions
to do that, and add permissions necessary to do the recursive wipe.

Change-Id: Ic925c70f1cf01c8b19a6ac48a9468d6eb9205321
 2016-01-28 15:20:51 -08:00
Steve Kondik
aeec0ac261 sepolicy: Allow recovery to create links in the rootfs 
* Needed to support vold and other new code.

Change-Id: I25a0b1cc6461eced7112dd4b3974a71423f7957b
 2015-11-26 02:19:44 -08:00
Steve Kondik
74891faea9 sepolicy: Allow recovery to set system properties 
* This is used by extremely critical things.

Change-Id: Ie529851469408adac1e081fe4f6dc5daa9002933
 2015-08-05 17:54:33 -07:00
Tom Marshall
b4bf950060 sepolicy: recovery: Allow data file write 
Needed to preserve /data/.layout_version (aka nesting bug fix).

Change-Id: Iaae982223e80ad10479cf1ca3db09da7ada5663e
 2015-03-10 03:36:03 +00:00
Ricardo Cerqueira
c75446d072 sepolicy: Split off /cache/recovery's permissions 
/cache/recovery is used by 2 domains: recovery and updater apps. Separate
its perms from the rest of /cache and grant them to those 2 clients

Change-Id: Iacde60744c07423f9876c2f8e3da900543e38ddf
 2015-02-11 19:44:43 +00:00
Matt Mower
2806bc4f0c sepolicy: Additional filesystem perms for recovery 
Change-Id: I66c785de7256ea64302a258af7c33cb717530343
 2015-01-16 14:36:24 +00:00
Ricardo Cerqueira
c738cc26ca selinux: Allow recovery to do recursive deletes 
Our partial wipes (preserving media) require that recovery can
rmdir dirs and getattr files

Change-Id: I206f74131f9a37c5887ef30062adeabb58beaa3a
 2015-01-03 04:23:08 +00:00
Dan Pasanen
e33cc1d37d sepolicy: allow recovery read access to /data/media/ files and dirs 
Change-Id: I41173d72e86f9cf4d79f7c46166eeb71dc19d2f4
 2014-12-14 10:44:53 -06:00
Steve Kondik
06ec5853f3 sepolicy: More rules for recovery 
Change-Id: Ie50c04eb83cb9c62f679a1c1aa2ac482af159f7e
 2014-12-09 22:20:14 +00:00
Tom Marshall
39a4244c77 cm: sepolicy: Add contexts for cm recovery 
* Allow setup of secure adb (setup_adbd)

 * minivold in recovery

Change-Id: Id1243154f4016b59e54890404cadea46a2aad212
 2014-11-27 23:05:26 +00:00