The comment in the neverallow explains this nicely:
# Recovery should never touch /data.
#
# In particular, if /data is encrypted, it is not accessible
# to recovery anyway.
#
# For now, we only enforce write/execute restrictions, as domain.te
# contains a number of read-only rules that apply to all
# domains, including recovery.
#
# TODO: tighten this up further.
neverallow recovery data_file_type:file { no_w_file_perms no_x_file_perms };
neverallow recovery data_file_type:dir no_w_dir_perms;In a nutshell, what you want to do is unsupported and also how would you handle the encrypted case? Bill On Mon, Feb 1, 2016 at 3:50 PM, Brian Williams <[email protected]> wrote: > We're trying to add a recovery command that performs a filesystem clean on > the /data partition. We have some data that we don't want to delete on a > reset, so we don't want to use the existing unmount and reformat that is > done by the --wipe-data command. > > I'm in the process of trying to add rules for recovery to allow it to > recurse through the directory tree and delete files. But a recursive > delete by the recovery process runs afoul of a bunch of the selinux rules > for the data partition file types, and conflicts with a couple of never > allow rules for domain. > > Is there a clean approach to achieving the desired effect? > > --Brian > > _______________________________________________ > Seandroid-list mailing list > [email protected] > To unsubscribe, send email to [email protected]. > To get help, send an email containing "help" to > [email protected]. > -- Respectfully, William C Roberts
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
