aboutsummaryrefslogtreecommitdiffstats
path: root/recovery.te
diff options
context:
space:
mode:
Diffstat (limited to 'recovery.te')
-rw-r--r--recovery.te11
1 files changed, 6 insertions, 5 deletions
diff --git a/recovery.te b/recovery.te
index 8576356..8d6fd62 100644
--- a/recovery.te
+++ b/recovery.te
@@ -41,8 +41,7 @@ recovery_only(`
allow recovery exec_type:dir { create_dir_perms relabelfrom relabelto };
# Write to /proc/sys/vm/drop_caches
- # TODO: create more specific label?
- allow recovery proc:file w_file_perms;
+ allow recovery proc_drop_caches:file w_file_perms;
# Write to /sys/class/android_usb/android0/enable.
# TODO: create more specific label?
@@ -77,12 +76,14 @@ recovery_only(`
allow recovery cache_file:dir create_dir_perms;
allow recovery cache_file:file create_file_perms;
+ # Read files on /oem.
+ r_dir_file(recovery, oemfs);
+
# Reboot the device
- allow recovery powerctl_prop:property_service set;
- unix_socket_connect(recovery, property, init)
+ set_prop(recovery, powerctl_prop)
# Start/stop adbd via ctl.start adbd
- allow recovery ctl_default_prop:property_service set;
+ set_prop(recovery, ctl_default_prop)
# Use setfscreatecon() to label files for OTA updates.
allow recovery self:process setfscreate;
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-23 04:54:31 +0000