Allow recovery to create device nodes and modify rootfs

tilapia's OTA code for updating the radio image needs to create files on rootfs and create a character device in /dev. Allow it. Bug: 18281224 Change-Id: Ic408c2b28e16a40650f71efe2f17fb0c2e71f97f
author: Nick Kralevich <nnk@google.com> 2014-11-07 12:04:45 -0800
committer: Nick Kralevich <nnk@google.com> 2014-11-07 12:04:45 -0800
commit: de84e45d7e6f9dbd6ba8bfaf592130751d2ea853 (patch)
tree: 16d39e9052eda8c7006736276fcdc66445e9f8ef
parent: cce67e1f283eb417bea1bd9d65e0e5b035b1405f (diff)
download: grouper-de84e45d7e6f9dbd6ba8bfaf592130751d2ea853.tar.gz
2 files changed, 12 insertions, 0 deletions
diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk
index 27924d0..115844d 100644
--- a/BoardConfigCommon.mk
+++ b/BoardConfigCommon.mk
@@ -96,6 +96,7 @@ BOARD_SEPOLICY_UNION += \
         keystore.te \
         lmkd.te \
         mediaserver.te \
+        recovery.te \
         rild.te \
         sensors_config.te \
         surfaceflinger.te \
diff --git a/sepolicy/recovery.te b/sepolicy/recovery.te
new file mode 100644
index 0000000..6f20993
--- /dev/null
+++ b/sepolicy/recovery.te
@@ -0,0 +1,11 @@
+recovery_only(`
+  allow recovery ctl_rildaemon_prop:property_service set;
+  allow recovery device:dir rw_dir_perms;
+  allow recovery rootfs:dir rw_dir_perms;
+  allow recovery rootfs:file create_file_perms;
+  allow recovery sysfs_devices_system_cpu:file rw_file_perms;
+  allow recovery self:capability mknod;
+  allow recovery usbfs:dir rw_dir_perms;
+  allow recovery device:chr_file create_file_perms;
+')
+
author	Nick Kralevich <nnk@google.com>	2014-11-07 12:04:45 -0800
committer	Nick Kralevich <nnk@google.com>	2014-11-07 12:04:45 -0800
commit	de84e45d7e6f9dbd6ba8bfaf592130751d2ea853 (patch)
tree	16d39e9052eda8c7006736276fcdc66445e9f8ef
parent	cce67e1f283eb417bea1bd9d65e0e5b035b1405f (diff)
download	grouper-de84e45d7e6f9dbd6ba8bfaf592130751d2ea853.tar.gz