sepolicy: recovery: allow mounting of internal storage Change-Id: I93baf0d9ce9348d59dee2bd4ef764ed8386fabb7

commit: b9f79b336981b031b25d45f92469596d1d786aad [log] [tgz]
author: Alessandro <ales.astone@gmail.com> Mon Apr 13 14:28:56 2020 +0200
committer: Alessandro <ales.astone@gmail.com> Mon Apr 13 14:28:56 2020 +0200
tree: 3badecd6c23b682a7826da895dda4f7467dbbc56
parent: fb92a029448d2fc2ad0e701e4e9430a53fd8f0eb [diff]
diff --git a/common/private/recovery.te b/common/private/recovery.te
index 007b8ba..83ce43f 100644
--- a/common/private/recovery.te
+++ b/common/private/recovery.te

@@ -6,9 +6,12 @@
 # Volume manager
 allow recovery block_device:dir create_dir_perms;
 allow recovery block_device:blk_file create_file_perms;
-allow recovery self:capability mknod;
+allow recovery self:capability { mknod fsetid };
 allow recovery proc_filesystems:file r_file_perms;
 allow recovery self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
 allow recovery sysfs:file w_file_perms; # writing to /sys/*/uevent during coldboot.
 allow recovery tmpfs:file link;
+allow recovery rootfs:dir w_dir_perms;
+allow recovery rootfs:file { create_file_perms link };
+allow recovery media_rw_data_file:dir r_dir_perms;
 ')
commit	b9f79b336981b031b25d45f92469596d1d786aad	[log] [tgz]
author	Alessandro <ales.astone@gmail.com>	Mon Apr 13 14:28:56 2020 +0200
committer	Alessandro <ales.astone@gmail.com>	Mon Apr 13 14:28:56 2020 +0200
tree	3badecd6c23b682a7826da895dda4f7467dbbc56
parent	fb92a029448d2fc2ad0e701e4e9430a53fd8f0eb [diff]