Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 2f31d932c267f2060a331490781aebc0154e67f0^! / . / private / file.te
commit2f31d932c267f2060a331490781aebc0154e67f0[log] [tgz]
authorDavid Anderson <dvander@google.com>Wed Oct 02 20:22:17 2024 -0700
committerDavid Anderson <dvander@google.com>Fri Oct 18 13:22:44 2024 -0700
treef2a8874d2d87e426d3cf148d78bb9a68a13cb505
parentbbee00e4ba58be49d7545cd818da0f86b5bd9c5a [diff] [blame]
Add sepolicy for /metadata/tradeinmode.

This defines a new type, tradeinmode_metadata_file, which is applied to
/metadata/tradeinmode. This directory contains an indicator, written by
system_server, that a factory reset must be initiated. The indicator is
read by first-stage init.

A neverallow rule is included since we don't want random processes reading or writing to this directory.

Bug: 307713521
Test: adb shell tradeinmode enter
Change-Id: Icc3c815a77bbadc1d4b32b88226e55a5595f5388

diff --git a/private/file.te b/private/file.te
index 662d5cc..60aa5d5 100644
--- a/private/file.te
+++ b/private/file.te

@@ -218,6 +218,8 @@
 # /data/misc_ce/userId/storage_area_keys
 type storage_area_key_file, file_type, data_file_type, core_data_file_type;
 
+# /metadata/tradeinmode files
+type tradeinmode_metadata_file, file_type;
 
 # Types added in 202504 in public/file.te
 until_board_api(202504, `