Allow recovery and fastbootd to interact with libfiemap. In normal Android, libsnapshot interacts with libfiemap over binder (via IGsid). There is no binder in recovery, so instead, we directly link to the library and therefore need appropriate sepolicy changes. Bug: 139154945 Test: no denials in recovery or fastbootd Change-Id: I356d7b5b906ac198e6f32c4d0cdd206c97faeb84

commit: b45bbe2e55c112d3afa06a8b4c1c32ffd22d3196 [log] [tgz]
author: David Anderson <dvander@google.com> Thu Oct 17 19:07:52 2019 -0700
committer: David Anderson <dvander@google.com> Wed Nov 13 18:46:57 2019 -0800
tree: b10554c6c7ba23f565ef8eb88c88bbf389cc1cec
parent: ec2f903d9bcd38aa64644cd1183634a4d98958f9 [diff] [blame]
diff --git a/private/gsid.te b/private/gsid.te
index cc255ca..306efb8 100644
--- a/private/gsid.te
+++ b/private/gsid.te

@@ -75,6 +75,8 @@
   -gsid
   -init
   -update_engine_common
+  -recovery
+  -fastbootd
 } gsid_prop:property_service set;
 
 # gsid needs to store images on /data, but cannot use file I/O. If it did, the
@@ -130,6 +132,7 @@
     -init
     -gsid
     -fastbootd
+    -recovery
     -vold
 } gsi_metadata_file:dir *;
commit	b45bbe2e55c112d3afa06a8b4c1c32ffd22d3196	[log] [tgz]
author	David Anderson <dvander@google.com>	Thu Oct 17 19:07:52 2019 -0700
committer	David Anderson <dvander@google.com>	Wed Nov 13 18:46:57 2019 -0800
tree	b10554c6c7ba23f565ef8eb88c88bbf389cc1cec
parent	ec2f903d9bcd38aa64644cd1183634a4d98958f9 [diff] [blame]