blob: f7dbcd5412d20c64cc95d138f4c56f01e15c59e8 [file] [log] [blame]
# Secure adb (setup_adbd)
r_dir_file(recovery, adb_keys_file)
set_prop(recovery, shell_prop)
# Manage fstab and /adb_keys
allow recovery rootfs:file create_file_perms;
allow recovery rootfs:file link;
allow recovery rootfs:dir create_dir_perms;
# Sideload cache
allow recovery proc_meminfo:file r_file_perms;
# Read storage files and directories
allow recovery tmpfs:dir mounton;
r_dir_file(recovery, media_rw_data_file)
r_dir_file(recovery, sdcard_type)
# Control properties
set_prop(recovery, ffs_prop)
set_prop(recovery, lineage_recovery_prop)
# Set system properties for various things
set_prop(recovery, system_prop)
set_prop(recovery, system_radio_prop)
# Switch to backuptool
allow recovery self:process setexec;
domain_trans(recovery, otapreopt_chroot_exec, backuptool)
# Some addons require this for A/B installation compatibility
allow recovery system_file:dir mounton;
# Volume manager
allow recovery block_device:dir create_dir_perms;
allow recovery block_device:blk_file { create rw_file_perms };
allow recovery self:capability mknod;
allow recovery proc_filesystems:file r_file_perms;
allow recovery self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
allow recovery sysfs:file w_file_perms; # writing to /sys/*/uevent during coldboot.
allow recovery tmpfs:file link;
# Read battery percentage
allow recovery sysfs_batteryinfo:dir search;
# Read fbe encryption info
r_dir_file(recovery, unencrypted_data_file)