|
|
|
@ -11,12 +11,12 @@ unix_socket_connect(recovery, vold, vold)
|
|
|
|
|
allow recovery tmpfs:sock_file create_file_perms;
|
|
|
|
|
|
|
|
|
|
# Read packages.xml
|
|
|
|
|
allow recovery system_data_file:file r_file_perms;
|
|
|
|
|
#allow recovery system_data_file:file r_file_perms;
|
|
|
|
|
|
|
|
|
|
# Manage fstab and /adb_keys
|
|
|
|
|
allow recovery rootfs:file create_file_perms;
|
|
|
|
|
allow recovery rootfs:file link;
|
|
|
|
|
allow recovery rootfs:dir { write create rmdir add_name remove_name };
|
|
|
|
|
#allow recovery rootfs:file create_file_perms;
|
|
|
|
|
#allow recovery rootfs:file link;
|
|
|
|
|
#allow recovery rootfs:dir { write create rmdir add_name remove_name };
|
|
|
|
|
|
|
|
|
|
# Read storage files and directories
|
|
|
|
|
allow recovery tmpfs:dir mounton;
|
|
|
|
@ -34,19 +34,19 @@ allow recovery recovery_prop:property_service set;
|
|
|
|
|
allow recovery ffs_prop:property_service set;
|
|
|
|
|
|
|
|
|
|
# recursive rm for wipes... :(
|
|
|
|
|
allow app_data_file self:filesystem associate;
|
|
|
|
|
allow recovery app_data_file:file { read open create write };
|
|
|
|
|
allow recovery app_data_file:filesystem { relabelto relabelfrom mount unmount };
|
|
|
|
|
#allow app_data_file self:filesystem associate;
|
|
|
|
|
#allow recovery app_data_file:file { read open create write };
|
|
|
|
|
#allow recovery app_data_file:filesystem { relabelto relabelfrom mount unmount };
|
|
|
|
|
|
|
|
|
|
allow recovery file_type:dir { rw_dir_perms rmdir };
|
|
|
|
|
allow recovery file_type:notdevfile_class_set { unlink getattr };
|
|
|
|
|
#allow recovery file_type:dir { rw_dir_perms rmdir };
|
|
|
|
|
#allow recovery file_type:notdevfile_class_set { unlink getattr };
|
|
|
|
|
# wipe saves and restores the layout version
|
|
|
|
|
allow recovery install_data_file:file create_file_perms;
|
|
|
|
|
allow recovery system_data_file:file create_file_perms;
|
|
|
|
|
#allow recovery install_data_file:file create_file_perms;
|
|
|
|
|
#allow recovery system_data_file:file create_file_perms;
|
|
|
|
|
|
|
|
|
|
# /cache/recovery things: command and logs
|
|
|
|
|
allow recovery recovery_cache_file:dir create_dir_perms;
|
|
|
|
|
allow recovery recovery_cache_file:file create_file_perms;
|
|
|
|
|
allow recovery cache_recovery_file:dir create_dir_perms;
|
|
|
|
|
allow recovery cache_recovery_file:file create_file_perms;
|
|
|
|
|
|
|
|
|
|
# set system properties for various things
|
|
|
|
|
allow recovery system_prop:property_service set;
|
|
|
|
|