Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sepolicy: add permissions to let recovery wipe citadel

Browse source 
This gives recovery the ability to remove user data from citadel in the
same manner as issuing a `fastboot -w` does.  This doesn't allow for
resetting FRP data, just user data.

audit: type=1400 audit(1646379959.016:9): avc:  denied  { getattr } for
  pid=348 comm="recovery" path="/dev/gsc0" dev="tmpfs" ino=754
  scontext=u:r:recovery:s0 tcontext=u:object_r:citadel_device:s0
  tclass=chr_file permissive=0

Bug: 222005928
Change-Id: Ia6113999aecacbbbb31d7a8659a45c0e5a0db2c9
This commit is contained in:
Tommy Chiu 2022-03-04 16:50:01 +08:00 committed by TreeHugger Robot
parent 9fe6aa97af
commit 94995cd0d3
1 changed files with 1 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
whitechapel_pro/recovery.te
View file

@ -1,3 +1,4 @@
recovery_only(`
allow recovery sysfs_ota:file rw_file_perms;
allow recovery citadel_device:chr_file rw_file_perms;
')