1# Allow minui access to /dev/dri/card0
2allow recovery gpu_device:dir search;
3allow recovery graphics_device:chr_file rw_file_perms;
4
5# Allow sideload from file pushed to fake /sdcard
6allow recovery appdomain_tmpfs:file r_file_perms;
7
8# Seen during 'Wipe data/factory reset'
9allow recovery cache_block_device:blk_file rw_file_perms;
10allow recovery devpts:chr_file rw_file_perms;
11allow recovery kmsg_device:chr_file { getattr w_file_perms };
12# Note: fsetid checks are triggered when creating a file in a directory with
13# the setgid bit set to determine if the file should inherit setgid. In this
14# case, setgid on the file is undesirable so we should just suppress the
15# denial.
16dontaudit recovery self:global_capability_class_set fsetid;
17