1# These are the permissions required to use the Boot Control HAL implemented 2# here: hardware/qcom/bootctrl/boot_control.c 3 4# Getting and setting GPT attributes for the bootloader iterates over all the 5# partition names in the block_device directory /dev/block/.../by-name 6allow hal_bootctl block_device:dir r_dir_perms; 7 8# Get attributes on all the A/B partitions. 9allow hal_bootctl { 10 custom_ab_block_device 11 xbl_block_device 12 boot_block_device 13 ssd_block_device 14 modem_block_device 15 system_block_device 16}:blk_file { getattr }; 17 18# Edit the attributes stored in the GPT. 19allow hal_bootctl gpt_block_device:blk_file rw_file_perms; 20 21# Access /dev/sgN devices (generic SCSI) to write the 22# A/B slot selection for the XBL partition. Allow also to issue a 23# UFS_IOCTL_QUERY ioctl. 24allow hal_bootctl sg_device:chr_file rw_file_perms; 25allow hal_bootctl self:capability sys_admin; 26 27# Read the sysfs to lookup what /dev/sgN device 28# corresponds to the XBL partitions. 29allow hal_bootctl sysfs_type:dir r_dir_perms; 30 31# Write to the XBL devices. 32allow hal_bootctl xbl_block_device:blk_file rw_file_perms; 33