From 53c90152eaed967a1f3583839211167b5e097fc9 Mon Sep 17 00:00:00 2001
From: Devin Moore <devinmoore@google.com>
Date: Wed, 23 Jun 2021 13:43:42 -0700
Subject: [PATCH] Fix recovery denials when reading /proc/bootconfig

These denials were found in the logs of a test failure that entered
recovery mode.
Recovery uses libfs_mgr which reads /proc/bootconfig.

Test: Boot device into recovery and check for "avd: denied" logs
Bug: 191904998
Bug: 191737840
Ignore-AOSP-First: Merged-In not used to allow the change in prebuilts to merge
Change-Id: I96ae514cfd68856717e143d295f2838a7d0eff14
---
 prebuilts/api/31.0/private/recovery.te | 3 +++
 private/recovery.te                    | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/prebuilts/api/31.0/private/recovery.te b/prebuilts/api/31.0/private/recovery.te
index 00d71328e..bba2a0db2 100644
--- a/prebuilts/api/31.0/private/recovery.te
+++ b/prebuilts/api/31.0/private/recovery.te
@@ -43,4 +43,7 @@ recovery_only(`
   set_prop(recovery, fastbootd_protocol_prop)
 
   get_prop(recovery, recovery_config_prop)
+
+  # Needed to read bootconfig parameters through libfs_mgr
+  allow recovery proc_bootconfig:file r_file_perms;
 ')
diff --git a/private/recovery.te b/private/recovery.te
index 00d71328e..bba2a0db2 100644
--- a/private/recovery.te
+++ b/private/recovery.te
@@ -43,4 +43,7 @@ recovery_only(`
   set_prop(recovery, fastbootd_protocol_prop)
 
   get_prop(recovery, recovery_config_prop)
+
+  # Needed to read bootconfig parameters through libfs_mgr
+  allow recovery proc_bootconfig:file r_file_perms;
 ')