1*e4a36f41SAndroid Build Coastguard Workertypeattribute fastbootd coredomain; 2*e4a36f41SAndroid Build Coastguard Worker 3*e4a36f41SAndroid Build Coastguard Worker# The allow rules are only included in the recovery policy. 4*e4a36f41SAndroid Build Coastguard Worker# Otherwise fastbootd is only allowed the domain rules. 5*e4a36f41SAndroid Build Coastguard Workerrecovery_only(` 6*e4a36f41SAndroid Build Coastguard Worker # Reboot the device 7*e4a36f41SAndroid Build Coastguard Worker set_prop(fastbootd, powerctl_prop) 8*e4a36f41SAndroid Build Coastguard Worker 9*e4a36f41SAndroid Build Coastguard Worker # Read serial number of the device from system properties 10*e4a36f41SAndroid Build Coastguard Worker get_prop(fastbootd, serialno_prop) 11*e4a36f41SAndroid Build Coastguard Worker 12*e4a36f41SAndroid Build Coastguard Worker # Set sys.usb.ffs.ready. 13*e4a36f41SAndroid Build Coastguard Worker get_prop(fastbootd, ffs_config_prop) 14*e4a36f41SAndroid Build Coastguard Worker set_prop(fastbootd, ffs_control_prop) 15*e4a36f41SAndroid Build Coastguard Worker 16*e4a36f41SAndroid Build Coastguard Worker userdebug_or_eng(` 17*e4a36f41SAndroid Build Coastguard Worker get_prop(fastbootd, persistent_properties_ready_prop) 18*e4a36f41SAndroid Build Coastguard Worker ') 19*e4a36f41SAndroid Build Coastguard Worker 20*e4a36f41SAndroid Build Coastguard Worker set_prop(fastbootd, gsid_prop) 21*e4a36f41SAndroid Build Coastguard Worker 22*e4a36f41SAndroid Build Coastguard Worker # Determine allocation scheme (whether B partitions needs to be 23*e4a36f41SAndroid Build Coastguard Worker # at the second half of super. 24*e4a36f41SAndroid Build Coastguard Worker get_prop(fastbootd, virtual_ab_prop) 25*e4a36f41SAndroid Build Coastguard Worker 26*e4a36f41SAndroid Build Coastguard Worker # Needed for TCP protocol 27*e4a36f41SAndroid Build Coastguard Worker allow fastbootd node:tcp_socket node_bind; 28*e4a36f41SAndroid Build Coastguard Worker allow fastbootd port:tcp_socket name_bind; 29*e4a36f41SAndroid Build Coastguard Worker allow fastbootd self:tcp_socket { create_socket_perms_no_ioctl listen accept }; 30*e4a36f41SAndroid Build Coastguard Worker 31*e4a36f41SAndroid Build Coastguard Worker # Start snapuserd for merging VABC updates 32*e4a36f41SAndroid Build Coastguard Worker set_prop(fastbootd, ctl_snapuserd_prop) 33*e4a36f41SAndroid Build Coastguard Worker 34*e4a36f41SAndroid Build Coastguard Worker # Needed to communicate with snapuserd to complete merges. 35*e4a36f41SAndroid Build Coastguard Worker allow fastbootd snapuserd_socket:sock_file write; 36*e4a36f41SAndroid Build Coastguard Worker allow fastbootd snapuserd:unix_stream_socket connectto; 37*e4a36f41SAndroid Build Coastguard Worker allow fastbootd dm_user_device:dir r_dir_perms; 38*e4a36f41SAndroid Build Coastguard Worker 39*e4a36f41SAndroid Build Coastguard Worker # Get fastbootd protocol property 40*e4a36f41SAndroid Build Coastguard Worker get_prop(fastbootd, fastbootd_protocol_prop) 41*e4a36f41SAndroid Build Coastguard Worker 42*e4a36f41SAndroid Build Coastguard Worker # Mount /metadata to interact with Virtual A/B snapshots. 43*e4a36f41SAndroid Build Coastguard Worker allow fastbootd labeledfs:filesystem { mount unmount }; 44*e4a36f41SAndroid Build Coastguard Worker 45*e4a36f41SAndroid Build Coastguard Worker # Needed for reading boot properties. 46*e4a36f41SAndroid Build Coastguard Worker allow fastbootd proc_bootconfig:file r_file_perms; 47*e4a36f41SAndroid Build Coastguard Worker') 48