android_system_sepolicy/vendor/vendor_install_recovery.te

init_daemon_domain(vendor_install_recovery)

# service vendor_flash_recovery in
# bootable/recovery/applypatch/vendor_flash_recovery.rc
type vendor_install_recovery, domain;
type vendor_install_recovery_exec, vendor_file_type, exec_type, file_type;

# /vendor/bin/install-recovery.sh is a shell script.
# Needs to execute /vendor/bin/sh
allow vendor_install_recovery vendor_shell_exec:file rx_file_perms;

# Execute /vendor/bin/applypatch
allow vendor_install_recovery vendor_file:file rx_file_perms;
not_full_treble(`allow vendor_install_recovery vendor_file:file rx_file_perms;')

allow vendor_install_recovery vendor_toolbox_exec:file rx_file_perms;

# Update the recovery block device based off a diff of the boot block device
allow vendor_install_recovery block_device:dir search;
allow vendor_install_recovery boot_block_device:blk_file r_file_perms;
allow vendor_install_recovery recovery_block_device:blk_file rw_file_perms;

# Write to /proc/sys/vm/drop_caches
allow vendor_install_recovery proc_drop_caches:file w_file_perms;
Moving recovery resources from /system to /vendor This change is part of a topic that moves the recovery resources from the system partition to the vendor partition, if it exists, or the vendor directory on the system partition otherwise. The recovery resources are moving from the system image to the vendor partition so that a single system image may be used with either an A/B or a non-A/B vendor image. The topic removes a delta in the system image that prevented such reuse in the past. The recovery resources that are moving are involved with updating the recovery partition after an update. In a non-A/B configuration, the system boots from the recovery partition, updates the other partitions (system, vendor, etc.) Then, the next time the system boots normally, a script updates the recovery partition (if necessary). This script, the executables it invokes, and the data files that it uses were previously on the system partition. The resources that are moving include the following. * install-recovery.sh * applypatch * recovery-resource.dat (if present) * recovery-from-boot.p (if present) This change includes the sepolicy changes to move the recovery resources from system to vendor. The big change is renaming install_recovery.te to vendor_install_recovery.te to emphasize the move to vendor. Other changes follow from that. The net result is that the application of the recovery patch has the same permissions that it had when it lived in system. Bug: 68319577 Test: Ensure that recovery partition is updated correctly. Change-Id: If29cb22b2a7a5ce1b25d45ef8635e6cb81103327 2019-09-17 16:59:42 -07:00			`init_daemon_domain(vendor_install_recovery)`

			`# service vendor_flash_recovery in`
			`# bootable/recovery/applypatch/vendor_flash_recovery.rc`
			`type vendor_install_recovery, domain;`
			`type vendor_install_recovery_exec, vendor_file_type, exec_type, file_type;`

			`# /vendor/bin/install-recovery.sh is a shell script.`
			`# Needs to execute /vendor/bin/sh`
			`allow vendor_install_recovery vendor_shell_exec:file rx_file_perms;`

			`# Execute /vendor/bin/applypatch`
			`allow vendor_install_recovery vendor_file:file rx_file_perms;`
			not_full_treble(`allow vendor_install_recovery vendor_file:file rx_file_perms;')

			`allow vendor_install_recovery vendor_toolbox_exec:file rx_file_perms;`

			`# Update the recovery block device based off a diff of the boot block device`
			`allow vendor_install_recovery block_device:dir search;`
			`allow vendor_install_recovery boot_block_device:blk_file r_file_perms;`
			`allow vendor_install_recovery recovery_block_device:blk_file rw_file_perms;`

			`# Write to /proc/sys/vm/drop_caches`
			`allow vendor_install_recovery proc_drop_caches:file w_file_perms;`