From db4fb0ee6b7396c31a016ae9975892d26ed719f3 Mon Sep 17 00:00:00 2001
From: Pat Erley <perley@cyngn.com>
Date: Tue, 12 Jan 2016 17:46:52 -0800
Subject: [PATCH] recovery: Add new rules for recursive wipe

We now use a temporary context when mounting /data, so add permissions
to do that, and add permissions necessary to do the recursive wipe.

Change-Id: Ic925c70f1cf01c8b19a6ac48a9468d6eb9205321
---
 sepolicy/recovery.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/sepolicy/recovery.te b/sepolicy/recovery.te
index e2efee45..76e7a626 100644
--- a/sepolicy/recovery.te
+++ b/sepolicy/recovery.te
@@ -30,6 +30,10 @@ allow recovery sdcard_posix:file r_file_perms;
 allow recovery recovery_prop:property_service set;
 
 # recursive rm for wipes... :(
+allow app_data_file self:filesystem associate;
+allow recovery app_data_file:file { read open create write };
+allow recovery app_data_file:filesystem { relabelto relabelfrom mount unmount };
+
 allow recovery file_type:dir { rw_dir_perms rmdir };
 allow recovery file_type:notdevfile_class_set { unlink getattr };
 # wipe saves and restores the layout version