073efc34e7
Metadata needs to be erased as part of fastboot flashall -w. Test: fastboot erase metadata Bug: 113648914 Change-Id: I38a0debd9face16cad9d9a13a48549f3f58652fa
76 lines
2 KiB
Text
76 lines
2 KiB
Text
# fastbootd (used in recovery init.rc for /sbin/fastbootd)
|
|
|
|
# Declare the domain unconditionally so we can always reference it
|
|
# in neverallow rules.
|
|
type fastbootd, domain;
|
|
|
|
# But the allow rules are only included in the recovery policy.
|
|
# Otherwise fastbootd is only allowed the domain rules.
|
|
recovery_only(`
|
|
# fastbootd can only use HALs in passthrough mode
|
|
passthrough_hal_client_domain(fastbootd, hal_bootctl)
|
|
|
|
# Access /dev/usb-ffs/fastbootd/ep0
|
|
allow fastbootd functionfs:dir search;
|
|
allow fastbootd functionfs:file rw_file_perms;
|
|
|
|
# Log to serial
|
|
allow fastbootd kmsg_device:chr_file { open write };
|
|
|
|
# battery info
|
|
allow fastbootd sysfs_batteryinfo:file r_file_perms;
|
|
|
|
allow fastbootd device:dir r_dir_perms;
|
|
|
|
# Reboot the device
|
|
set_prop(fastbootd, powerctl_prop)
|
|
|
|
# Read serial number of the device from system properties
|
|
get_prop(fastbootd, serialno_prop)
|
|
|
|
# Set sys.usb.ffs.ready.
|
|
set_prop(fastbootd, ffs_prop)
|
|
set_prop(fastbootd, exported_ffs_prop)
|
|
|
|
unix_socket_connect(fastbootd, recovery, recovery)
|
|
|
|
# Required for flashing
|
|
allow fastbootd dm_device:chr_file rw_file_perms;
|
|
allow fastbootd dm_device:blk_file rw_file_perms;
|
|
|
|
allow fastbootd super_block_device:blk_file rw_file_perms;
|
|
allow fastbootd {
|
|
boot_block_device
|
|
metadata_block_device
|
|
system_block_device
|
|
userdata_block_device
|
|
}:blk_file { w_file_perms getattr ioctl };
|
|
|
|
allowxperm fastbootd {
|
|
boot_block_device
|
|
metadata_block_device
|
|
system_block_device
|
|
userdata_block_device
|
|
}:blk_file ioctl { BLKGETSIZE64 };
|
|
|
|
allowxperm fastbootd {
|
|
metadata_block_device
|
|
userdata_block_device
|
|
}:blk_file ioctl { BLKSECDISCARD BLKDISCARD };
|
|
|
|
allow fastbootd misc_block_device:blk_file rw_file_perms;
|
|
|
|
allow fastbootd proc_cmdline:file r_file_perms;
|
|
allow fastbootd rootfs:dir r_dir_perms;
|
|
allow fastbootd sysfs_dt_firmware_android:file r_file_perms;
|
|
')
|
|
|
|
###
|
|
### neverallow rules
|
|
###
|
|
|
|
# Write permission is required to wipe userdata
|
|
# until recovery supports vold.
|
|
neverallow fastbootd {
|
|
data_file_type
|
|
}:file { no_x_file_perms };
|