15c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman# android recovery persistent log manager 25c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmantype recovery_persist, domain; 35c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmantype recovery_persist_exec, exec_type, file_type; 45c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 55c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanallow recovery_persist pstorefs:dir search; 65c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanallow recovery_persist pstorefs:file r_file_perms; 75c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 85c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanallow recovery_persist recovery_data_file:file create_file_perms; 95c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanallow recovery_persist recovery_data_file:dir create_dir_perms; 105c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 115c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman### 125c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman### Neverallow rules 135c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman### 145c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman### recovery_persist should NEVER do any of this 155c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 165c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman# Block device access. 175c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanneverallow recovery_persist dev_type:blk_file { read write }; 185c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 195c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman# ptrace any other app 205c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanneverallow recovery_persist domain:process ptrace; 215c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 225c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman# Write to /system. 235c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanneverallow recovery_persist system_file:dir_file_class_set write; 245c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 255c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman# Write to files in /data/data 265c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanneverallow recovery_persist { app_data_file system_data_file }:dir_file_class_set write; 275c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 28