diff options
author | Pat Erley <perley@cyngn.com> | 2016-01-12 17:46:52 -0800 |
---|---|---|
committer | Gerrit Code Review <gerrit@cyanogenmod.org> | 2016-01-28 15:20:51 -0800 |
commit | db4fb0ee6b7396c31a016ae9975892d26ed719f3 (patch) | |
tree | e0b2bf45a0a4534bd8d535c30850ea013db4ce33 | |
parent | 86020c90661be88e09b1132fded7018ce259bd4d (diff) | |
download | vendor_replicant-db4fb0ee6b7396c31a016ae9975892d26ed719f3.zip vendor_replicant-db4fb0ee6b7396c31a016ae9975892d26ed719f3.tar.gz vendor_replicant-db4fb0ee6b7396c31a016ae9975892d26ed719f3.tar.bz2 |
recovery: Add new rules for recursive wipe
We now use a temporary context when mounting /data, so add permissions
to do that, and add permissions necessary to do the recursive wipe.
Change-Id: Ic925c70f1cf01c8b19a6ac48a9468d6eb9205321
-rw-r--r-- | sepolicy/recovery.te | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/sepolicy/recovery.te b/sepolicy/recovery.te index e2efee4..76e7a62 100644 --- a/sepolicy/recovery.te +++ b/sepolicy/recovery.te @@ -30,6 +30,10 @@ allow recovery sdcard_posix:file r_file_perms; allow recovery recovery_prop:property_service set; # recursive rm for wipes... :( +allow app_data_file self:filesystem associate; +allow recovery app_data_file:file { read open create write }; +allow recovery app_data_file:filesystem { relabelto relabelfrom mount unmount }; + allow recovery file_type:dir { rw_dir_perms rmdir }; allow recovery file_type:notdevfile_class_set { unlink getattr }; # wipe saves and restores the layout version |