From 90a1f8048869ab478c66fc657a7ffd96809cb5f3 Mon Sep 17 00:00:00 2001
From: Jason Chiu <jasoncschiu@google.com>
Date: Thu, 20 Jul 2023 14:37:08 +0800
Subject: [PATCH] Add hal_bootctl_default read permission to rootfs in Recovery
 mode

Fix the following avc denial:
avc:  denied  { read } for  pid=485 comm="android.hardwar" name="bin" dev="rootfs" ino=9529 scontext=u:r:hal_bootctl_default:s0 tcontext=u:object_r:rootfs:s0 tclass=dir permissive=0

Bug: 282670401
Change-Id: I23ab086ba21d6ffea8b48b4208933c031effc4d4
Signed-off-by: Jason Chiu <jasoncschiu@google.com>
---
 vendor/hal_bootctl_default.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/vendor/hal_bootctl_default.te b/vendor/hal_bootctl_default.te
index 2db46512..2ffeb27f 100644
--- a/vendor/hal_bootctl_default.te
+++ b/vendor/hal_bootctl_default.te
@@ -2,3 +2,7 @@ allow hal_bootctl_default devinfo_block_device:blk_file rw_file_perms;
 allow hal_bootctl_default sda_block_device:blk_file rw_file_perms;
 allow hal_bootctl_default sysfs_ota:file rw_file_perms;
 allow hal_bootctl_default tee_device:chr_file rw_file_perms;
+
+recovery_only(`
+  allow hal_bootctl_default rootfs:dir r_dir_perms;
+')