blob: 2dba93bb2622e208dbcbd8de7ab18987be7a3eda [file] [log] [blame]
Alex Klyubinf5446eb2017-03-23 14:27:32 -07001typeattribute recovery coredomain;
Inseob Kim55e5c9b2020-03-04 17:20:35 +09002
3# The allow rules are only included in the recovery policy.
4# Otherwise recovery is only allowed the domain rules.
5recovery_only(`
6 # Reboot the device
7 set_prop(recovery, powerctl_prop)
8
9 # Read serial number of the device from system properties
10 get_prop(recovery, serialno_prop)
11
12 # Set sys.usb.ffs.ready when starting minadbd for sideload.
Inseob Kimbfb37082020-04-27 23:49:15 +090013 get_prop(recovery, ffs_config_prop)
14 set_prop(recovery, ffs_control_prop)
Inseob Kim55e5c9b2020-03-04 17:20:35 +090015
16 # Set sys.usb.config when switching into fastboot.
Inseob Kimdc1e5012020-04-27 21:13:01 +090017 set_prop(recovery, usb_control_prop)
18 set_prop(recovery, usb_prop)
Inseob Kim55e5c9b2020-03-04 17:20:35 +090019
20 # Read ro.boot.bootreason
21 get_prop(recovery, bootloader_boot_reason_prop)
22
Martijn Coenen01234d32020-04-10 14:11:49 +020023 # Read storage properties (for correctly formatting filesystems)
24 get_prop(recovery, storage_config_prop)
25
Inseob Kim55e5c9b2020-03-04 17:20:35 +090026 set_prop(recovery, gsid_prop)
Hongguang Chen91a5f4e2020-04-23 23:43:13 -070027
28 # These are needed to allow recovery to manage network
29 allow recovery self:netlink_route_socket { create write read nlmsg_readpriv nlmsg_read };
30 allow recovery self:global_capability_class_set net_admin;
31 allow recovery self:tcp_socket { create ioctl };
32 allowxperm recovery self:tcp_socket ioctl { SIOCGIFFLAGS SIOCSIFFLAGS };
33
David Anderson83035772021-02-04 20:24:23 -080034 # Start snapuserd for merging VABC updates
35 set_prop(recovery, ctl_snapuserd_prop)
36
37 # Needed to communicate with snapuserd to complete merges.
38 allow recovery snapuserd_socket:sock_file write;
39 allow recovery snapuserd:unix_stream_socket connectto;
40 allow recovery dm_user_device:dir r_dir_perms;
David Anderson9e21df22021-07-27 18:51:18 -070041 get_prop(recovery, snapuserd_prop)
David Anderson83035772021-02-04 20:24:23 -080042
Hongguang Chen91a5f4e2020-04-23 23:43:13 -070043 # Set fastbootd protocol property
44 set_prop(recovery, fastbootd_protocol_prop)
Inseob Kimb85a74f2020-06-16 19:18:24 +090045
46 get_prop(recovery, recovery_config_prop)
Devin Mooreda280b02021-06-23 13:43:42 -070047
48 # Needed to read bootconfig parameters through libfs_mgr
49 allow recovery proc_bootconfig:file r_file_perms;
Inseob Kim55e5c9b2020-03-04 17:20:35 +090050')