From 1795b665bf89b2755b070bab43adfd521ab88ff4 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Fri, 7 Nov 2014 12:02:27 -0800
Subject: [PATCH] Allow recovery to create device nodes and modify rootfs

tilapia's OTA code for updating the radio image needs to
create files on rootfs and create a character device in /dev.
Add an exception for recovery the the various neverallow rules
blocking this behavior.

(cherrypick, with modifications, from 0055ea904aa42340d69e0bdfdf663c505f00a992)

Bug: 18281224
Change-Id: I5c57afe0a10b4598fea17f9c5c833bd39551907e
---
 domain.te | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/domain.te b/domain.te
index 48e2d1ac3..6cf7be34b 100644
--- a/domain.te
+++ b/domain.te
@@ -264,7 +264,7 @@ neverallow { domain -kernel -init -recovery -vold -uncrypt -install_recovery } b
 # Rather force a relabel to a more specific type.
 # init is exempt from this as there are character devices that only it uses.
 # ueventd is exempt from this, as it is managing these devices.
-neverallow { domain -init -ueventd } device:chr_file { open read write };
+neverallow { domain -init -ueventd -recovery } device:chr_file { open read write };
 
 # Limit what domains can mount filesystems or change their mount flags.
 # sdcard_type / vfat is exempt as a larger set of domains need
@@ -299,7 +299,7 @@ neverallow { domain -recovery } { system_file exec_type }:dir_file_class_set
     { create write setattr relabelfrom relabelto append unlink link rename };
 
 # Nothing should be writing to files in the rootfs.
-neverallow domain rootfs:file { create write setattr relabelto append unlink link rename };
+neverallow { domain -recovery } rootfs:file { create write setattr relabelto append unlink link rename };
 
 # Restrict context mounts to specific types marked with
 # the contextmount_type attribute.
-- 
GitLab