Google Git
Sign in
android / device / google / gs201-sepolicy / 94995cd0d344b503b1d4a6b2ab646e0943bc56aa
commit94995cd0d344b503b1d4a6b2ab646e0943bc56aa[log] [tgz]
authorTommy Chiu <tommychiu@google.com>Fri Mar 04 16:50:01 2022 +0800
committerTreeHugger Robot <treehugger-gerrit@google.com>Mon Mar 07 00:24:55 2022 +0000
treea0f84b3445896a03bdd305444bda200736e873e9
parent9fe6aa97af4d094b1b00b21952857bc20cfd7ba2 [diff]
sepolicy: add permissions to let recovery wipe citadel

This gives recovery the ability to remove user data from citadel in the
same manner as issuing a `fastboot -w` does.  This doesn't allow for
resetting FRP data, just user data.

audit: type=1400 audit(1646379959.016:9): avc:  denied  { getattr } for
  pid=348 comm="recovery" path="/dev/gsc0" dev="tmpfs" ino=754
  scontext=u:r:recovery:s0 tcontext=u:object_r:citadel_device:s0
  tclass=chr_file permissive=0

Bug: 222005928
Change-Id: Ia6113999aecacbbbb31d7a8659a45c0e5a0db2c9
1 file changed
tree: a0f84b3445896a03bdd305444bda200736e873e9
  1. aoc/
  2. dauntless/
  3. edgetpu/
  4. gps/
  5. health/
  6. private/
  7. system_ext/
  8. tracking_denials/
  9. whitechapel_pro/
  10. widevine/
  11. gs201-sepolicy.mk
  12. OWNERS