Alex Klyubin | f5446eb | 2017-03-23 14:27:32 -0700 | [diff] [blame] | 1 | typeattribute recovery coredomain; |
Inseob Kim | 55e5c9b | 2020-03-04 17:20:35 +0900 | [diff] [blame] | 2 | |
| 3 | # The allow rules are only included in the recovery policy. |
| 4 | # Otherwise recovery is only allowed the domain rules. |
| 5 | recovery_only(` |
| 6 | # Reboot the device |
| 7 | set_prop(recovery, powerctl_prop) |
| 8 | |
| 9 | # Read serial number of the device from system properties |
| 10 | get_prop(recovery, serialno_prop) |
| 11 | |
| 12 | # Set sys.usb.ffs.ready when starting minadbd for sideload. |
Inseob Kim | bfb3708 | 2020-04-27 23:49:15 +0900 | [diff] [blame] | 13 | get_prop(recovery, ffs_config_prop) |
| 14 | set_prop(recovery, ffs_control_prop) |
Inseob Kim | 55e5c9b | 2020-03-04 17:20:35 +0900 | [diff] [blame] | 15 | |
| 16 | # Set sys.usb.config when switching into fastboot. |
Inseob Kim | dc1e501 | 2020-04-27 21:13:01 +0900 | [diff] [blame] | 17 | set_prop(recovery, usb_control_prop) |
| 18 | set_prop(recovery, usb_prop) |
Inseob Kim | 55e5c9b | 2020-03-04 17:20:35 +0900 | [diff] [blame] | 19 | |
| 20 | # Read ro.boot.bootreason |
| 21 | get_prop(recovery, bootloader_boot_reason_prop) |
| 22 | |
Martijn Coenen | 01234d3 | 2020-04-10 14:11:49 +0200 | [diff] [blame] | 23 | # Read storage properties (for correctly formatting filesystems) |
| 24 | get_prop(recovery, storage_config_prop) |
| 25 | |
Inseob Kim | 55e5c9b | 2020-03-04 17:20:35 +0900 | [diff] [blame] | 26 | set_prop(recovery, gsid_prop) |
Hongguang Chen | 91a5f4e | 2020-04-23 23:43:13 -0700 | [diff] [blame] | 27 | |
| 28 | # These are needed to allow recovery to manage network |
| 29 | allow recovery self:netlink_route_socket { create write read nlmsg_readpriv nlmsg_read }; |
| 30 | allow recovery self:global_capability_class_set net_admin; |
| 31 | allow recovery self:tcp_socket { create ioctl }; |
| 32 | allowxperm recovery self:tcp_socket ioctl { SIOCGIFFLAGS SIOCSIFFLAGS }; |
| 33 | |
David Anderson | 8303577 | 2021-02-04 20:24:23 -0800 | [diff] [blame] | 34 | # Start snapuserd for merging VABC updates |
| 35 | set_prop(recovery, ctl_snapuserd_prop) |
| 36 | |
| 37 | # Needed to communicate with snapuserd to complete merges. |
| 38 | allow recovery snapuserd_socket:sock_file write; |
| 39 | allow recovery snapuserd:unix_stream_socket connectto; |
| 40 | allow recovery dm_user_device:dir r_dir_perms; |
David Anderson | 9e21df2 | 2021-07-27 18:51:18 -0700 | [diff] [blame] | 41 | get_prop(recovery, snapuserd_prop) |
David Anderson | 8303577 | 2021-02-04 20:24:23 -0800 | [diff] [blame] | 42 | |
Hongguang Chen | 91a5f4e | 2020-04-23 23:43:13 -0700 | [diff] [blame] | 43 | # Set fastbootd protocol property |
| 44 | set_prop(recovery, fastbootd_protocol_prop) |
Inseob Kim | b85a74f | 2020-06-16 19:18:24 +0900 | [diff] [blame] | 45 | |
| 46 | get_prop(recovery, recovery_config_prop) |
Devin Moore | da280b0 | 2021-06-23 13:43:42 -0700 | [diff] [blame] | 47 | |
| 48 | # Needed to read bootconfig parameters through libfs_mgr |
| 49 | allow recovery proc_bootconfig:file r_file_perms; |
Inseob Kim | 55e5c9b | 2020-03-04 17:20:35 +0900 | [diff] [blame] | 50 | ') |