| Jerry Zhang | 1d85efa | 2018-05-29 10:54:16 -0700 | [diff] [blame] | 1 | typeattribute fastbootd coredomain; |
| Inseob Kim | 55e5c9b | 2020-03-04 17:20:35 +0900 | [diff] [blame] | 2 | |
| 3 | # The allow rules are only included in the recovery policy. |
| 4 | # Otherwise fastbootd is only allowed the domain rules. |
| 5 | recovery_only(` |
| 6 | # Reboot the device |
| 7 | set_prop(fastbootd, powerctl_prop) |
| 8 | |
| 9 | # Read serial number of the device from system properties |
| 10 | get_prop(fastbootd, serialno_prop) |
| 11 | |
| 12 | # Set sys.usb.ffs.ready. |
| Inseob Kim | bfb3708 | 2020-04-27 23:49:15 +0900 | [diff] [blame] | 13 | get_prop(fastbootd, ffs_config_prop) |
| 14 | set_prop(fastbootd, ffs_control_prop) |
| Inseob Kim | 55e5c9b | 2020-03-04 17:20:35 +0900 | [diff] [blame] | 15 | |
| 16 | userdebug_or_eng(` |
| 17 | get_prop(fastbootd, persistent_properties_ready_prop) |
| 18 | ') |
| 19 | |
| 20 | set_prop(fastbootd, gsid_prop) |
| 21 | |
| 22 | # Determine allocation scheme (whether B partitions needs to be |
| 23 | # at the second half of super. |
| 24 | get_prop(fastbootd, virtual_ab_prop) |
| David Anderson | 9e21df2 | 2021-07-27 18:51:18 -0700 | [diff] [blame] | 25 | get_prop(fastbootd, snapuserd_prop) |
| Hongguang Chen | 91a5f4e | 2020-04-23 23:43:13 -0700 | [diff] [blame] | 26 | |
| 27 | # Needed for TCP protocol |
| 28 | allow fastbootd node:tcp_socket node_bind; |
| 29 | allow fastbootd port:tcp_socket name_bind; |
| 30 | allow fastbootd self:tcp_socket { create_socket_perms_no_ioctl listen accept }; |
| 31 | |
| David Anderson | 8303577 | 2021-02-04 20:24:23 -0800 | [diff] [blame] | 32 | # Start snapuserd for merging VABC updates |
| 33 | set_prop(fastbootd, ctl_snapuserd_prop) |
| 34 | |
| 35 | # Needed to communicate with snapuserd to complete merges. |
| 36 | allow fastbootd snapuserd_socket:sock_file write; |
| 37 | allow fastbootd snapuserd:unix_stream_socket connectto; |
| 38 | allow fastbootd dm_user_device:dir r_dir_perms; |
| 39 | |
| Hongguang Chen | 91a5f4e | 2020-04-23 23:43:13 -0700 | [diff] [blame] | 40 | # Get fastbootd protocol property |
| 41 | get_prop(fastbootd, fastbootd_protocol_prop) |
| David Anderson | 018004d | 2021-05-05 16:33:48 -0700 | [diff] [blame] | 42 | |
| 43 | # Mount /metadata to interact with Virtual A/B snapshots. |
| 44 | allow fastbootd labeledfs:filesystem { mount unmount }; |
| David Anderson | 08a08ab | 2021-06-07 18:38:53 -0700 | [diff] [blame] | 45 | |
| 46 | # Needed for reading boot properties. |
| 47 | allow fastbootd proc_bootconfig:file r_file_perms; |
| Inseob Kim | 55e5c9b | 2020-03-04 17:20:35 +0900 | [diff] [blame] | 48 | ') |