recovery: Add new rules for recursive wipe

We now use a temporary context when mounting /data, so add permissions to do that, and add permissions necessary to do the recursive wipe. Change-Id: Ic925c70f1cf01c8b19a6ac48a9468d6eb9205321
author: Pat Erley <perley@cyngn.com> 2016-01-12 17:46:52 -0800
committer: Gerrit Code Review <gerrit@cyanogenmod.org> 2016-01-28 15:20:51 -0800
commit: db4fb0ee6b7396c31a016ae9975892d26ed719f3 (patch)
tree: e0b2bf45a0a4534bd8d535c30850ea013db4ce33 /sepolicy
parent: 86020c90661be88e09b1132fded7018ce259bd4d (diff)
download: vendor_replicant-db4fb0ee6b7396c31a016ae9975892d26ed719f3.zip
vendor_replicant-db4fb0ee6b7396c31a016ae9975892d26ed719f3.tar.gz
vendor_replicant-db4fb0ee6b7396c31a016ae9975892d26ed719f3.tar.bz2
1 files changed, 4 insertions, 0 deletions
diff --git a/sepolicy/recovery.te b/sepolicy/recovery.te
index e2efee4..76e7a62 100644
--- a/sepolicy/recovery.te
+++ b/sepolicy/recovery.te
@@ -30,6 +30,10 @@ allow recovery sdcard_posix:file r_file_perms;
 allow recovery recovery_prop:property_service set;
 
 # recursive rm for wipes... :(
+allow app_data_file self:filesystem associate;
+allow recovery app_data_file:file { read open create write };
+allow recovery app_data_file:filesystem { relabelto relabelfrom mount unmount };
+
 allow recovery file_type:dir { rw_dir_perms rmdir };
 allow recovery file_type:notdevfile_class_set { unlink getattr };
 # wipe saves and restores the layout version
author	Pat Erley <perley@cyngn.com>	2016-01-12 17:46:52 -0800
committer	Gerrit Code Review <gerrit@cyanogenmod.org>	2016-01-28 15:20:51 -0800
commit	db4fb0ee6b7396c31a016ae9975892d26ed719f3 (patch)
tree	e0b2bf45a0a4534bd8d535c30850ea013db4ce33 /sepolicy
parent	86020c90661be88e09b1132fded7018ce259bd4d (diff)
download	vendor_replicant-db4fb0ee6b7396c31a016ae9975892d26ed719f3.zip vendor_replicant-db4fb0ee6b7396c31a016ae9975892d26ed719f3.tar.gz vendor_replicant-db4fb0ee6b7396c31a016ae9975892d26ed719f3.tar.bz2