Allow snapuserd interaction in recovery and fastbootd. This is needed to support VABC merges on data wipes and via "fastboot snapshot-update merge". Bug: 168258606 Test: fastboot snapshot-update merge data wipe during VABC merge Change-Id: I32770a2e74f2c2710e4964f65c42ae779c1a0b90

commit: 8303577f095487049269dc0f0c8c4180dbdc6f5f [log] [tgz]
author: David Anderson <dvander@google.com> Thu Feb 04 20:24:23 2021 -0800
committer: David Anderson <dvander@google.com> Thu Feb 04 22:48:55 2021 -0800
tree: 29e6c82e7a40984de4ee1da7a8709149f2cfcf3e
parent: 96acdc0b225a6be52f9e42b878a4ddef202b3b46 [diff] [blame]
diff --git a/private/fastbootd.te b/private/fastbootd.te
index f0ba02c..98eb23c 100644
--- a/private/fastbootd.te
+++ b/private/fastbootd.te

@@ -28,6 +28,14 @@
   allow fastbootd port:tcp_socket name_bind;
   allow fastbootd self:tcp_socket { create_socket_perms_no_ioctl listen accept };
 
+  # Start snapuserd for merging VABC updates
+  set_prop(fastbootd, ctl_snapuserd_prop)
+
+  # Needed to communicate with snapuserd to complete merges.
+  allow fastbootd snapuserd_socket:sock_file write;
+  allow fastbootd snapuserd:unix_stream_socket connectto;
+  allow fastbootd dm_user_device:dir r_dir_perms;
+
   # Get fastbootd protocol property
   get_prop(fastbootd, fastbootd_protocol_prop)
 ')
commit	8303577f095487049269dc0f0c8c4180dbdc6f5f	[log] [tgz]
author	David Anderson <dvander@google.com>	Thu Feb 04 20:24:23 2021 -0800
committer	David Anderson <dvander@google.com>	Thu Feb 04 22:48:55 2021 -0800
tree	29e6c82e7a40984de4ee1da7a8709149f2cfcf3e
parent	96acdc0b225a6be52f9e42b878a4ddef202b3b46 [diff] [blame]