Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 8303577f095487049269dc0f0c8c4180dbdc6f5f / . / private / fastbootd.te
blob: 98eb23c5d50155bcc932a4feb112ea41784fc91d [file] [log] [blame]
Jerry Zhang1d85efa2018-05-29 10:54:16 -0700[diff] [blame]1typeattribute fastbootd coredomain;
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]2
3# The allow rules are only included in the recovery policy.
4# Otherwise fastbootd is only allowed the domain rules.
5recovery_only(`
6 # Reboot the device
7 set_prop(fastbootd, powerctl_prop)
8
9 # Read serial number of the device from system properties
10 get_prop(fastbootd, serialno_prop)
11
12 # Set sys.usb.ffs.ready.
Inseob Kimbfb37082020-04-27 23:49:15 +0900[diff] [blame]13 get_prop(fastbootd, ffs_config_prop)
14 set_prop(fastbootd, ffs_control_prop)
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]15
16 userdebug_or_eng(`
17 get_prop(fastbootd, persistent_properties_ready_prop)
18 ')
19
20 set_prop(fastbootd, gsid_prop)
21
22 # Determine allocation scheme (whether B partitions needs to be
23 # at the second half of super.
24 get_prop(fastbootd, virtual_ab_prop)
Hongguang Chen91a5f4e2020-04-23 23:43:13 -0700[diff] [blame]25
26 # Needed for TCP protocol
27 allow fastbootd node:tcp_socket node_bind;
28 allow fastbootd port:tcp_socket name_bind;
29 allow fastbootd self:tcp_socket { create_socket_perms_no_ioctl listen accept };
30
David Anderson83035772021-02-04 20:24:23 -0800[diff] [blame^]31 # Start snapuserd for merging VABC updates
32 set_prop(fastbootd, ctl_snapuserd_prop)
33
34 # Needed to communicate with snapuserd to complete merges.
35 allow fastbootd snapuserd_socket:sock_file write;
36 allow fastbootd snapuserd:unix_stream_socket connectto;
37 allow fastbootd dm_user_device:dir r_dir_perms;
38
Hongguang Chen91a5f4e2020-04-23 23:43:13 -0700[diff] [blame]39 # Get fastbootd protocol property
40 get_prop(fastbootd, fastbootd_protocol_prop)
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]41')