Allow recovery to create device nodes and modify rootfs
tilapia's OTA code for updating the radio image needs to
create files on rootfs and create a character device in /dev.
Allow it.
Bug: 18281224
Change-Id: Ic408c2b28e16a40650f71efe2f17fb0c2e71f97f
diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk
index 27924d0..115844d 100644
--- a/BoardConfigCommon.mk
+++ b/BoardConfigCommon.mk
@@ -96,6 +96,7 @@
keystore.te \
lmkd.te \
mediaserver.te \
+ recovery.te \
rild.te \
sensors_config.te \
surfaceflinger.te \
diff --git a/sepolicy/recovery.te b/sepolicy/recovery.te
new file mode 100644
index 0000000..6f20993
--- /dev/null
+++ b/sepolicy/recovery.te
@@ -0,0 +1,11 @@
+recovery_only(`
+ allow recovery ctl_rildaemon_prop:property_service set;
+ allow recovery device:dir rw_dir_perms;
+ allow recovery rootfs:dir rw_dir_perms;
+ allow recovery rootfs:file create_file_perms;
+ allow recovery sysfs_devices_system_cpu:file rw_file_perms;
+ allow recovery self:capability mknod;
+ allow recovery usbfs:dir rw_dir_perms;
+ allow recovery device:chr_file create_file_perms;
+')
+
