Support TCP based fastbootd in recovery mode.
The IPv6 link-local address is used to avoid expose device to out of
network segment.
BUG: 155198345
Test: manual test.
Change-Id: I0ce8c12de9976c01e57a6433c7fb50235e907dc5
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index e4719f5..40e91e2 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -43,6 +43,7 @@
device_config_configuration_prop
emergency_affordance_service
exported_camera_prop
+ fastbootd_protocol_prop
file_integrity_service
fwk_automotive_display_hwservice
gmscore_app
diff --git a/private/fastbootd.te b/private/fastbootd.te
index 1655f00..f0ba02c 100644
--- a/private/fastbootd.te
+++ b/private/fastbootd.te
@@ -22,4 +22,12 @@
# Determine allocation scheme (whether B partitions needs to be
# at the second half of super.
get_prop(fastbootd, virtual_ab_prop)
+
+ # Needed for TCP protocol
+ allow fastbootd node:tcp_socket node_bind;
+ allow fastbootd port:tcp_socket name_bind;
+ allow fastbootd self:tcp_socket { create_socket_perms_no_ioctl listen accept };
+
+ # Get fastbootd protocol property
+ get_prop(fastbootd, fastbootd_protocol_prop)
')
diff --git a/private/property.te b/private/property.te
index fd8ea3b..aee676c 100644
--- a/private/property.te
+++ b/private/property.te
@@ -4,6 +4,7 @@
system_internal_prop(device_config_sys_traced_prop)
system_internal_prop(device_config_window_manager_native_boot_prop)
system_internal_prop(device_config_configuration_prop)
+system_internal_prop(fastbootd_protocol_prop)
system_internal_prop(gsid_prop)
system_internal_prop(init_perf_lsm_hooks_prop)
system_internal_prop(init_svc_debug_prop)
diff --git a/private/property_contexts b/private/property_contexts
index cfcfd5e..c4eb3aa 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -94,6 +94,9 @@
sys.lmk. u:object_r:system_lmk_prop:s0
sys.trace. u:object_r:system_trace_prop:s0
+# Fastbootd protocol control property
+fastbootd.protocol u:object_r:fastbootd_protocol_prop:s0 exact enum usb tcp
+
# Boolean property set by system server upon boot indicating
# if device is fully owned by organization instead of being
# a personal device.
diff --git a/private/recovery.te b/private/recovery.te
index bb22914..47547e3 100644
--- a/private/recovery.te
+++ b/private/recovery.te
@@ -24,4 +24,13 @@
get_prop(recovery, storage_config_prop)
set_prop(recovery, gsid_prop)
+
+ # These are needed to allow recovery to manage network
+ allow recovery self:netlink_route_socket { create write read nlmsg_readpriv nlmsg_read };
+ allow recovery self:global_capability_class_set net_admin;
+ allow recovery self:tcp_socket { create ioctl };
+ allowxperm recovery self:tcp_socket ioctl { SIOCGIFFLAGS SIOCSIFFLAGS };
+
+ # Set fastbootd protocol property
+ set_prop(recovery, fastbootd_protocol_prop)
')