Home | History | Annotate | Download | only in sepolicy 
      1 # recovery console (used in recovery init.rc for /sbin/recovery)
      2 
      3 # Declare the domain unconditionally so we can always reference it
      4 # in neverallow rules.
      5 type recovery, domain;
      6 
      7 # But the allow rules are only included in the recovery policy.
      8 # Otherwise recovery is only allowed the domain rules.
      9 recovery_only(`
     10   allow recovery self:capability { chown dac_override fowner fsetid setfcap setuid setgid sys_admin sys_tty_config };
     11 
     12   # Set security contexts on files that are not known to the loaded policy.
     13   allow recovery self:capability2 mac_admin;
     14 
     15   # Run helpers from / or /system without changing domain.
     16   allow recovery rootfs:file execute_no_trans;
     17   allow recovery system_file:file execute_no_trans;
     18 
     19   # Mount filesystems.
     20   allow recovery rootfs:dir mounton;
     21   allow recovery fs_type:filesystem ~relabelto;
     22   allow recovery unlabeled:filesystem ~relabelto;
     23   allow recovery contextmount_type:filesystem relabelto;
     24 
     25   # Create and relabel files and directories under /system.
     26   allow recovery exec_type:{ file lnk_file } { create_file_perms relabelfrom relabelto };
     27   allow recovery system_file:{ file lnk_file } { create_file_perms relabelfrom relabelto };
     28   allow recovery system_file:dir { create_dir_perms relabelfrom relabelto };
     29 
     30   # We may be asked to set an SELinux label for a type not known to the
     31   # currently loaded policy. Allow it.
     32   allow recovery unlabeled:{ file lnk_file } { create_file_perms relabelfrom relabelto };
     33   allow recovery unlabeled:dir { create_dir_perms relabelfrom relabelto };
     34 
     35   # 0eb17d944704b3eb140bb9dded299d3be3aed77e in build/ added SELinux
     36   # support to OTAs. However, that code has a bug. When an update occurs,
     37   # some directories are inappropriately labeled as exec_type. This is
     38   # only transient, and subsequent steps in the OTA script correct this
     39   # mistake.
     40   # Allow this behavior for now until we can fix the underlying bug.
     41   # b/15575013
     42   allow recovery exec_type:dir { create_dir_perms relabelfrom relabelto };
     43   auditallow recovery exec_type:dir { create_dir_perms relabelfrom relabelto };
     44 
     45   # Write to /proc/sys/vm/drop_caches
     46   # TODO: create more specific label?
     47   allow recovery proc:file w_file_perms;
     48 
     49   # Write to /sys/class/android_usb/android0/enable.
     50   # TODO: create more specific label?
     51   allow recovery sysfs:file w_file_perms;
     52 
     53   # Access /dev/android_adb or /dev/usb-ffs/adb/ep0
     54   allow recovery adb_device:chr_file rw_file_perms;
     55   allow recovery functionfs:dir search;
     56   allow recovery functionfs:file rw_file_perms;
     57 
     58   # Required to e.g. wipe userdata/cache.
     59   allow recovery device:dir r_dir_perms;
     60   allow recovery block_device:dir r_dir_perms;
     61   allow recovery dev_type:blk_file rw_file_perms;
     62 
     63   # GUI
     64   allow recovery self:process execmem;
     65   allow recovery ashmem_device:chr_file execute;
     66   allow recovery graphics_device:chr_file rw_file_perms;
     67   allow recovery graphics_device:dir r_dir_perms;
     68   allow recovery input_device:dir r_dir_perms;
     69   allow recovery input_device:chr_file r_file_perms;
     70   allow recovery tty_device:chr_file rw_file_perms;
     71 
     72   # Create /tmp/recovery.log and execute /tmp/update_binary.
     73   allow recovery tmpfs:file { create_file_perms x_file_perms };
     74   allow recovery tmpfs:dir create_dir_perms;
     75 
     76   # Manage files on /cache
     77   allow recovery cache_file:dir create_dir_perms;
     78   allow recovery cache_file:file create_file_perms;
     79 
     80   # Reboot the device
     81   allow recovery powerctl_prop:property_service set;
     82   unix_socket_connect(recovery, property, init)
     83 
     84   # Start/stop adbd via ctl.start adbd
     85   allow recovery ctl_default_prop:property_service set;
     86 
     87   # Use setfscreatecon() to label files for OTA updates.
     88   allow recovery self:process setfscreate;
     89 
     90   # Allow recovery to create a fuse filesystem, and read files from it.
     91   allow recovery fuse_device:chr_file rw_file_perms;
     92   allow recovery fuse:dir r_dir_perms;
     93   allow recovery fuse:file r_file_perms;
     94 
     95   wakelock_use(recovery)
     96 
     97   # This line seems suspect, as it should not really need to
     98   # set scheduling parameters for a kernel domain task.
     99   allow recovery kernel:process setsched;
    100 ')
    101