39 lines
1.2 KiB
Plaintext
39 lines
1.2 KiB
Plaintext
recovery_only(`
|
|
|
|
# Secure adb (setup_adbd)
|
|
allow adbd adb_keys_file:dir search;
|
|
allow recovery adb_keys_file:dir r_dir_perms;
|
|
allow recovery adb_keys_file:file r_file_perms;
|
|
allow recovery shell_prop:property_service set;
|
|
|
|
# Recovery dialogs
|
|
unix_socket_connect(recovery, vold, vold)
|
|
allow recovery tmpfs:sock_file create_file_perms;
|
|
|
|
# Read packages.xml
|
|
allow recovery system_data_file:file r_file_perms;
|
|
|
|
# Manage fstab and /adb_keys
|
|
allow recovery rootfs:file create_file_perms;
|
|
allow recovery rootfs:dir { write create rmdir add_name remove_name };
|
|
|
|
# Read storage files and directories
|
|
allow recovery media_rw_data_file:dir r_dir_perms;
|
|
allow recovery media_rw_data_file:file r_file_perms;
|
|
allow recovery vfat:dir r_dir_perms;
|
|
allow recovery vfat:file r_file_perms;
|
|
allow recovery sdcard_posix:dir r_dir_perms;
|
|
allow recovery sdcard_posix:file r_file_perms;
|
|
|
|
# Control properties
|
|
allow recovery recovery_prop:property_service set;
|
|
|
|
# recursive rm for wipes... :(
|
|
allow recovery file_type:dir { rw_dir_perms rmdir };
|
|
allow recovery file_type:notdevfile_class_set { unlink getattr };
|
|
# wipe saves and restores the layout version
|
|
allow recovery install_data_file:file create_file_perms;
|
|
allow recovery system_data_file:file create;
|
|
|
|
')
|