1 # These are the permissions required to use the boot_control HAL implemented 2 # here: hardware/qcom/bootctrl/boot_control.c 3 4 # Getting and setting GPT attributes for the bootloader iterates over all the 5 # partition names in the block_device directory /dev/block/.../by-name 6 allow hal_bootctl block_device:dir r_dir_perms; 7 8 # Edit the attributes stored in the GPT. 9 allow hal_bootctl gpt_block_device:blk_file rw_file_perms; 10 allow hal_bootctl ab_block_device:blk_file getattr; 11 allow hal_bootctl boot_block_device:blk_file rw_file_perms; 12 allow hal_bootctl modem_block_device:blk_file getattr; 13 allow hal_bootctl system_block_device:blk_file getattr; 14 allow hal_bootctl misc_block_device:blk_file rw_file_perms; 15 16 # Access /dev/sgN devices (generic SCSI) to write the 17 # A/B slot selection for the XBL partition. Allow also to issue a 18 # UFS_IOCTL_QUERY ioctl. 19 allow hal_bootctl sg_device:chr_file rw_file_perms; 20 allow hal_bootctl self:capability sys_admin; 21 allow hal_bootctl tmpfs:lnk_file r_file_perms; 22 23 # Read the sysfs to lookup what /dev/sgN device 24 # corresponds to the XBL partitions. 25 allow hal_bootctl sysfs:dir r_dir_perms; 26 27 # Write to the XBL devices. 28 allow hal_bootctl xbl_block_device:blk_file rw_file_perms; 29 30 # Expose a socket for brokered boot message access for hal_oemlock. 31 allow hal_bootctl hal_bootctl_socket:sock_file create_file_perms; 32
