recovery_only(` | |
# recovery uses cache | |
allow recovery cache_file:dir mounton; | |
# look in /dev/dri/ | |
allow recovery gpu_device:chr_file rw_file_perms; | |
allow recovery host1x_device:chr_file rw_file_perms; | |
set_prop(recovery, ffs_prop) | |
# for operations in recovery/updater/flash_mtd.c | |
allow recovery mtd_device:dir search; | |
allow recovery mtd_device:chr_file rw_file_perms; | |
# for operations in recovery/update/flash_ec.c | |
allow recovery cros_ec_device:chr_file rw_file_perms; | |
') |