Merge "[ALPS04658973] ota update: add recovery.te for basic project" into alps-trunk-q0.basic

Change-Id: I61159a559b59bd9d9c98c8a1596331d5907db8b6 MTK-Commit-Id: 5506bffaa6d98355fd7db32bd698fecec97a4074
2020-01-18 10:15:35 +08:00 · 2020-01-18 10:15:35 +08:00 · c5a06e5ce9
commit c5a06e5ce9
parent 62cf1a413a dfac4fce0a
1 changed files with 57 additions and 0 deletions
--- a/non_plat/recovery.te
+++ b/non_plat/recovery.te
@ -0,0 +1,57 @@
 # ==============================================
 # MTK Policy Rule
 # ==============================================
 # recovery console (used in recovery init.rc for /sbin/recovery)
 # Date : WK15.13
 # Operation : UT
 # Purpose : Nand device policy
 allow recovery mtd_device:dir search;
 allow recovery mtd_device:chr_file rw_file_perms;
 allow recovery self:capability sys_resource;
 # Date : WK18.16
 # Operation : UT
 # Purpose : Refine policy
 allow recovery misc_sd_device:chr_file rw_file_perms;
 allow recovery vfat:dir r_dir_perms;
 allow recovery vfat:file r_file_perms;
 allow recovery sysfs_mmcblk:dir r_dir_perms;
 allow recovery sysfs_mmcblk:file rw_file_perms;
 allow recovery sysfs_mmcblk:lnk_file r_file_perms;
 # Date : WK18.25
 # Operation : UT
 # Purpose : Add policy for therm, gpu, battery, and boot_type
 allow recovery sysfs:dir r_dir_perms;
 allow recovery sysfs_batteryinfo:dir r_dir_perms;
 allow recovery sysfs_boot_type:file r_file_perms;
 allow recovery sysfs_therm:dir r_dir_perms;
 allow recovery sysfs_therm:file r_file_perms;
 allow recovery gpu_device:dir r_dir_perms;
 # Date : WK18.09
 # Operation : UT
 # Purpose : Allow recovery can update boot partition
 allow recovery tmpfs:lnk_file r_file_perms;
 # Date : WK19.03
 # Operation : UT
 # Purpose : Android Migration
 allow recovery bootdevice_block_device:blk_file rw_file_perms;
 allow recovery self:capability { sys_rawio fsetid };
 allowxperm recovery bootdevice_block_device:blk_file ioctl {
 MMC_IOCTLCMD
 UFS_IOCTLCMD
 };
 allow recovery block_device:blk_file ioctl;
 allowxperm recovery block_device:blk_file ioctl {
 BLKIOMIN
 BLKALIGNOFF
 };
 allow recovery sysfs_dm:dir search;
 allow recovery sysfs_dm:file r_file_perms;
 allowxperm recovery tmpfs:file ioctl FS_IOC_FIEMAP;
 allowxperm recovery cache_block_device:blk_file ioctl BLKPBSZGET;
 allowxperm recovery nvdata_device:blk_file ioctl BLKPBSZGET;
 allow recovery proc_filesystems:file r_file_perms;