Add sepolicy for /metadata/tradeinmode. This defines a new type, tradeinmode_metadata_file, which is applied to /metadata/tradeinmode. This directory contains an indicator, written by system_server, that a factory reset must be initiated. The indicator is read by first-stage init. A neverallow rule is included since we don't want random processes reading or writing to this directory. Bug: 307713521 Test: adb shell tradeinmode enter Change-Id: Icc3c815a77bbadc1d4b32b88226e55a5595f5388

commit: 2f31d932c267f2060a331490781aebc0154e67f0 [log] [tgz]
author: David Anderson <dvander@google.com> Wed Oct 02 20:22:17 2024 -0700
committer: David Anderson <dvander@google.com> Fri Oct 18 13:22:44 2024 -0700
tree: f2a8874d2d87e426d3cf148d78bb9a68a13cb505
parent: bbee00e4ba58be49d7545cd818da0f86b5bd9c5a [diff] [blame]
diff --git a/private/vendor_init.te b/private/vendor_init.te
index 84ec60e..0a2d62c 100644
--- a/private/vendor_init.te
+++ b/private/vendor_init.te

@@ -115,6 +115,7 @@
   -userspace_reboot_metadata_file
   -aconfig_storage_metadata_file
   -aconfig_storage_flags_metadata_file
+  -tradeinmode_metadata_file
   enforce_debugfs_restriction(`-debugfs_type')
 }:file { create getattr open read write setattr relabelfrom unlink map };
commit	2f31d932c267f2060a331490781aebc0154e67f0	[log] [tgz]
author	David Anderson <dvander@google.com>	Wed Oct 02 20:22:17 2024 -0700
committer	David Anderson <dvander@google.com>	Fri Oct 18 13:22:44 2024 -0700
tree	f2a8874d2d87e426d3cf148d78bb9a68a13cb505
parent	bbee00e4ba58be49d7545cd818da0f86b5bd9c5a [diff] [blame]