# ==============================================
# MTK Policy Rule
# ==============================================
# recovery console (used in recovery init.rc for /sbin/recovery)

# special factory reset & backup/restore needs permissive mode
# permissive recovery;

# Date : WK14.38
# Operation : Migration 
# Purpose : for recovery operation 
allow recovery misc_device:chr_file *;
allow recovery platformblk_device:dir *;
allow recovery platformblk_device:blk_file *;
allow recovery vfat:dir *;
allow recovery misc_sd_device:chr_file *;

# Date : WK14.39
# Operation : Migration 
# Purpose : for CIP project access /custom partition 
allow recovery custom_file:dir *;
allow recovery rootfs:dir *;

# Date : WK14.41
# Operation : Migration 
# Purpose : Differential update
allow recovery bootimg_device:chr_file *;
allow recovery recovery_device:chr_file *;
allow recovery logo_device:chr_file *;
allow recovery preloader_device:chr_file *;
allow recovery uboot_device:chr_file *;
allow recovery init:dir *;
allow recovery init:file ~{ execute entrypoint };
allow recovery init:lnk_file *;
allow recovery kernel:dir *;
allow recovery kernel:file ~{ execute entrypoint };
allow recovery kernel:lnk_file *;


# Date : WK14.41
# Operation : Migration 
# Purpose : Block full update
allow recovery healthd:dir *;
allow recovery healthd:file ~{ execute entrypoint };
allow recovery healthd:lnk_file *;
dontaudit recovery self:capability sys_ptrace;
allow recovery ueventd:dir *;
allow recovery ueventd:file ~{ execute entrypoint };
allow recovery ueventd:lnk_file *;

# Date : WK14.42
# Operation : Migration 
# Purpose : for sepcial factory reset
allow recovery system_data_file:dir *;
allow recovery apk_data_file:dir *;

userdebug_or_eng(`
  allow recovery su:dir *;
  allow recovery su:file *;
  allow recovery su:lnk_file *;
')

# Date : WK14.43
# Operation : Migration 
# Purpose : JB to L differential OTA
#allow recovery unlabeled:lnk_file *;

# Date : WK14.45
# Operation : SQC
# Purpose : partition size changed
allow recovery pmt_device:chr_file *;
allow recovery tee_part_device:chr_file *;

# Date : WK14.45
# Operation : Migration 
# Purpose : KK->L->L legacy secure OTA
allow recovery proc_sysrq:file { write open };
allow recovery sec_device:chr_file { read ioctl open };
allow recovery sec_ro_device:chr_file { read open };
allow recovery seccfg_device:chr_file { read open };
allow recovery self:capability sys_boot;

# Date : WK14.46
# Operation : Migration 
# Purpose : FOTA upgrade
allow recovery app_data_file:dir { write create add_name };
allow recovery app_data_file:dir { read open };
allow recovery app_data_file:file { read write create open };
allow recovery mobicore_data_file:dir { write remove_name search add_name };
allow recovery mobicore_data_file:file { rename setattr read create write getattr unlink open };
allow recovery mobicore_data_file:file { relabelfrom relabelto };

# Date : WK14.47
# Operation : Migration 
# Purpose : Root Integrity Check
allow recovery md_ctrl:file { read getattr open };
allow recovery mobicore_data_file:dir { read open };