da1a9004f8
/storage is a tmpfs volume, and is where updater stores its zip when downloading updates. Devices with emmc partitions that are used as 'sdcard' volumes will end up with paths like: /storage/UUID/...../update.zip where UUID is the mount point for the partition and update.zip is the downloaded update. With this change, minivold can create the UUID folder and mount onto it, fixing the application of updates. Change-Id: I4fa84fd590f5ff0f91e38c49cef0c179728fdf43
53 lines
1.8 KiB
Text
53 lines
1.8 KiB
Text
recovery_only(`
|
|
|
|
# Secure adb (setup_adbd)
|
|
allow adbd adb_keys_file:dir search;
|
|
allow recovery adb_keys_file:dir r_dir_perms;
|
|
allow recovery adb_keys_file:file r_file_perms;
|
|
allow recovery shell_prop:property_service set;
|
|
|
|
# Recovery dialogs
|
|
unix_socket_connect(recovery, vold, vold)
|
|
allow recovery tmpfs:sock_file create_file_perms;
|
|
|
|
# Read packages.xml
|
|
allow recovery system_data_file:file r_file_perms;
|
|
|
|
# Manage fstab and /adb_keys
|
|
allow recovery rootfs:file create_file_perms;
|
|
allow recovery rootfs:file link;
|
|
allow recovery rootfs:dir { write create rmdir add_name remove_name };
|
|
|
|
# Read storage files and directories
|
|
allow recovery tmpfs:dir mounton;
|
|
allow recovery media_rw_data_file:dir r_dir_perms;
|
|
allow recovery media_rw_data_file:file r_file_perms;
|
|
allow recovery vfat:dir r_dir_perms;
|
|
allow recovery vfat:file r_file_perms;
|
|
allow recovery sdcard_posix:dir r_dir_perms;
|
|
allow recovery sdcard_posix:file r_file_perms;
|
|
|
|
# Control properties
|
|
allow recovery recovery_prop:property_service set;
|
|
|
|
# Set property sys.usb.ffs.ready
|
|
allow recovery ffs_prop:property_service set;
|
|
|
|
# recursive rm for wipes... :(
|
|
allow app_data_file self:filesystem associate;
|
|
allow recovery app_data_file:file { read open create write };
|
|
allow recovery app_data_file:filesystem { relabelto relabelfrom mount unmount };
|
|
|
|
allow recovery file_type:dir { rw_dir_perms rmdir };
|
|
allow recovery file_type:notdevfile_class_set { unlink getattr };
|
|
# wipe saves and restores the layout version
|
|
allow recovery install_data_file:file create_file_perms;
|
|
allow recovery system_data_file:file create_file_perms;
|
|
|
|
# /cache/recovery things: command and logs
|
|
allow recovery recovery_cache_file:dir create_dir_perms;
|
|
allow recovery recovery_cache_file:file create_file_perms;
|
|
|
|
# set system properties for various things
|
|
allow recovery system_prop:property_service set;
|
|
')
|