From dfac4fce0ad1adf07e39e2970772c8e3fcc06044 Mon Sep 17 00:00:00 2001
From: Freddy Hsin <freddy.hsin@mediatek.com>
Date: Sat, 18 Jan 2020 10:15:30 +0800
Subject: [PATCH] [ALPS04658973] ota update: add recovery.te for basic project

add recovery.te to grant the permission under
recovery of basic function

MTK-Commit-Id: 5484785e1a1d5a45616e8b75b7bf42274314b042

Change-Id: I8bdfb2bc847154fb5b1c3ce4515541047c6df3b4
CR-Id: ALPS04658973
Feature: [Android Default] SIU (SD Image Update)
---
 non_plat/recovery.te | 57 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 non_plat/recovery.te

diff --git a/non_plat/recovery.te b/non_plat/recovery.te
new file mode 100644
index 0000000..a130f89
--- /dev/null
+++ b/non_plat/recovery.te
@@ -0,0 +1,57 @@
+# ==============================================
+# MTK Policy Rule
+# ==============================================
+# recovery console (used in recovery init.rc for /sbin/recovery)
+
+# Date : WK15.13
+# Operation : UT
+# Purpose : Nand device policy
+allow recovery mtd_device:dir search;
+allow recovery mtd_device:chr_file rw_file_perms;
+allow recovery self:capability sys_resource;
+
+# Date : WK18.16
+# Operation : UT
+# Purpose : Refine policy
+allow recovery misc_sd_device:chr_file rw_file_perms;
+allow recovery vfat:dir r_dir_perms;
+allow recovery vfat:file r_file_perms;
+allow recovery sysfs_mmcblk:dir r_dir_perms;
+allow recovery sysfs_mmcblk:file rw_file_perms;
+allow recovery sysfs_mmcblk:lnk_file r_file_perms;
+
+# Date : WK18.25
+# Operation : UT
+# Purpose : Add policy for therm, gpu, battery, and boot_type
+allow recovery sysfs:dir r_dir_perms;
+allow recovery sysfs_batteryinfo:dir r_dir_perms;
+allow recovery sysfs_boot_type:file r_file_perms;
+allow recovery sysfs_therm:dir r_dir_perms;
+allow recovery sysfs_therm:file r_file_perms;
+allow recovery gpu_device:dir r_dir_perms;
+
+# Date : WK18.09
+# Operation : UT
+# Purpose : Allow recovery can update boot partition
+allow recovery tmpfs:lnk_file r_file_perms;
+
+# Date : WK19.03
+# Operation : UT
+# Purpose : Android Migration
+allow recovery bootdevice_block_device:blk_file rw_file_perms;
+allow recovery self:capability { sys_rawio fsetid };
+allowxperm recovery bootdevice_block_device:blk_file ioctl {
+ MMC_IOCTLCMD
+ UFS_IOCTLCMD
+};
+allow recovery block_device:blk_file ioctl;
+allowxperm recovery block_device:blk_file ioctl {
+ BLKIOMIN
+ BLKALIGNOFF
+};
+allow recovery sysfs_dm:dir search;
+allow recovery sysfs_dm:file r_file_perms;
+allowxperm recovery tmpfs:file ioctl FS_IOC_FIEMAP;
+allowxperm recovery cache_block_device:blk_file ioctl BLKPBSZGET;
+allowxperm recovery nvdata_device:blk_file ioctl BLKPBSZGET;
+allow recovery proc_filesystems:file r_file_perms;