sepolicy: recovery: allow reading fbe key version * We use this to detect fbe encryption Change-Id: I29355790068b78437aba11390bdf3efd22e229bc

commit: 177e4ade33da34ff1b08f302a64aedef5532c475 [log] [tgz]
author: Alessandro <ales.astone@gmail.com> Mon Apr 13 13:21:41 2020 +0200
committer: Alessandro <ales.astone@gmail.com> Mon Apr 13 14:29:00 2020 +0200
tree: e4da42198864d88ac71c64bd8397aec59d5ae724
parent: b9f79b336981b031b25d45f92469596d1d786aad [diff]
diff --git a/common/private/recovery.te b/common/private/recovery.te
index 83ce43f..314d643 100644
--- a/common/private/recovery.te
+++ b/common/private/recovery.te

@@ -14,4 +14,7 @@
 allow recovery rootfs:dir w_dir_perms;
 allow recovery rootfs:file { create_file_perms link };
 allow recovery media_rw_data_file:dir r_dir_perms;
+
+# Read fbe encryption info
+r_dir_file(recovery, unencrypted_data_file)
 ')
commit	177e4ade33da34ff1b08f302a64aedef5532c475	[log] [tgz]
author	Alessandro <ales.astone@gmail.com>	Mon Apr 13 13:21:41 2020 +0200
committer	Alessandro <ales.astone@gmail.com>	Mon Apr 13 14:29:00 2020 +0200
tree	e4da42198864d88ac71c64bd8397aec59d5ae724
parent	b9f79b336981b031b25d45f92469596d1d786aad [diff]