Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / fa3c138a9cbef0b74b68443e3181778172110d7d / . / public / fastbootd.te
blob: 82ae47bc5523329c2139ef62e9a587dba7f243c4 [file] [log] [blame]
Jerry Zhang0fd3ed32018-05-29 10:54:16 -0700[diff] [blame]1# fastbootd (used in recovery init.rc for /sbin/fastbootd)
2
3# Declare the domain unconditionally so we can always reference it
4# in neverallow rules.
5type fastbootd, domain;
6
7# But the allow rules are only included in the recovery policy.
8# Otherwise fastbootd is only allowed the domain rules.
9recovery_only(`
10 # fastbootd can only use HALs in passthrough mode
11 passthrough_hal_client_domain(fastbootd, hal_bootctl)
12
13 # Access /dev/usb-ffs/fastbootd/ep0
14 allow fastbootd functionfs:dir search;
15 allow fastbootd functionfs:file rw_file_perms;
16
17 # Log to serial
18 allow fastbootd kmsg_device:chr_file { open write };
19
20 # battery info
21 allow fastbootd sysfs_batteryinfo:file r_file_perms;
22
23 allow fastbootd device:dir r_dir_perms;
24
25 # Reboot the device
26 set_prop(fastbootd, powerctl_prop)
27
28 # Read serial number of the device from system properties
29 get_prop(fastbootd, serialno_prop)
30
31 # Set sys.usb.ffs.ready.
32 set_prop(fastbootd, ffs_prop)
33 set_prop(fastbootd, exported_ffs_prop)
34
35 unix_socket_connect(fastbootd, recovery, recovery)
36
37 # Required for flashing
38 allow fastbootd dm_device:chr_file rw_file_perms;
39 allow fastbootd dm_device:blk_file rw_file_perms;
40
41 allow fastbootd system_block_device:blk_file rw_file_perms;
42 allow fastbootd boot_block_device:blk_file rw_file_perms;
43
44 allow fastbootd misc_block_device:blk_file rw_file_perms;
45
46 allow fastbootd proc_cmdline:file r_file_perms;
47 allow fastbootd rootfs:dir r_dir_perms;
48 allow fastbootd sysfs_dt_firmware_android:file r_file_perms;
49')
50
51###
52### neverallow rules
53###
54
55# Write permission is required to wipe userdata
56# until recovery supports vold.
57neverallow fastbootd {
58 data_file_type
59}:file { no_x_file_perms };