From 51b33ac90b9049db6c3d257c83006c33f677750a Mon Sep 17 00:00:00 2001
From: Tao Bao <tbao@google.com>
Date: Wed, 20 May 2015 16:29:42 -0700
Subject: [PATCH] Allow system server and uncrypt to operate pipe file

System server and uncrypt need to communicate with a named pipe on the
/cache partition. It will be created and deleted by system server.

Bug: 20012567
Bug: 20949086
(cherry picked from commit 70c6dbf06cb06fc46d5143557ea960392849106d)
Change-Id: I4ddc523c2a0f4218877dae8f8a9b7fcf3f786625
---
 system_server.te | 1 +
 uncrypt.te       | 5 +++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/system_server.te b/system_server.te
index a2093ffe8..4cb0e8212 100644
--- a/system_server.te
+++ b/system_server.te
@@ -302,6 +302,7 @@ allow system_server system_ndebug_socket:sock_file create_file_perms;
 # Manage cache files.
 allow system_server cache_file:dir { relabelfrom create_dir_perms };
 allow system_server cache_file:file { relabelfrom create_file_perms };
+allow system_server cache_file:fifo_file create_file_perms;
 
 # Run system programs, e.g. dexopt.
 allow system_server system_file:file x_file_perms;
diff --git a/uncrypt.te b/uncrypt.te
index f701084e2..752124ddb 100644
--- a/uncrypt.te
+++ b/uncrypt.te
@@ -14,11 +14,12 @@ userdebug_or_eng(`
   r_dir_file(uncrypt, shell_data_file)
 ')
 
-# Create tmp file /cache/recovery/command.tmp
 # Read /cache/recovery/command
-# Rename /cache/recovery/command.tmp to /cache/recovery/command
+# Read /cache/recovery/uncrypt_file
+# Write to pipe file /cache/recovery/uncrypt_status
 allow uncrypt cache_file:dir rw_dir_perms;
 allow uncrypt cache_file:file create_file_perms;
+allow uncrypt cache_file:fifo_file w_file_perms;
 
 # Set a property to reboot the device.
 set_prop(uncrypt, powerctl_prop)
-- 
GitLab