path: root/non_plat/recovery.te

# ==============================================
# MTK Policy Rule
# ==============================================
# recovery console (used in recovery init.rc for /sbin/recovery)

# Date : WK15.13
# Operation : UT
# Purpose : Nand device policy
allow recovery mtd_device:dir search;
allow recovery mtd_device:chr_file rw_file_perms;
allow recovery self:capability sys_resource;

# Date : WK18.16
# Operation : UT
# Purpose : Refine policy
allow recovery misc_sd_device:chr_file rw_file_perms;
allow recovery vfat:dir r_dir_perms;
allow recovery vfat:file r_file_perms;
allow recovery sysfs_devices_block:dir r_dir_perms;
allow recovery sysfs_devices_block:file rw_file_perms;
allow recovery sysfs_devices_block:lnk_file r_file_perms;

# Date : WK18.25
# Operation : UT
# Purpose : Add policy for therm, gpu, battery, and boot_type
allow recovery sysfs:dir r_dir_perms;
allow recovery sysfs_batteryinfo:dir r_dir_perms;
allow recovery sysfs_boot_type:file r_file_perms;
allow recovery sysfs_therm:dir r_dir_perms;
allow recovery sysfs_therm:file r_file_perms;
allow recovery gpu_device:dir r_dir_perms;

# Date : WK18.09
# Operation : UT
# Purpose : Allow recovery can update boot partition
allow recovery tmpfs:lnk_file r_file_perms;

# Date : WK19.03
# Operation : UT
# Purpose : Android Migration
allow recovery bootdevice_block_device:blk_file rw_file_perms;
allow recovery self:capability { sys_rawio fsetid };
allowxperm recovery bootdevice_block_device:blk_file ioctl {
 MMC_IOCTLCMD
 UFS_IOCTLCMD
};
allow recovery block_device:blk_file ioctl;
allowxperm recovery block_device:blk_file ioctl {
 BLKIOMIN
 BLKALIGNOFF
};
allow recovery sysfs_dm:dir search;
allow recovery sysfs_dm:file r_file_perms;
allowxperm recovery tmpfs:file ioctl FS_IOC_FIEMAP;
allowxperm recovery cache_block_device:blk_file ioctl BLKPBSZGET;
allowxperm recovery nvdata_device:blk_file ioctl BLKPBSZGET;
allow recovery proc_filesystems:file r_file_perms;