Files
oxmc 22194ac50f recoveryboot: run the BCB watcher in vendor_misc_writer
private/domain.te neverallows misc_block_device access for all but a few
domains, and the check always compiles as a user build, so the custom
domain failed the sepolicy_neverallows gate. hal_bootctl_server (the other
exempt candidate) is out: hal_neverallows.te forbids HAL domains from
exec'ing vendor sh/toybox, and the chain-loader is a shell script. So use
AOSP's vendor_misc_writer — the domain built for vendor tools touching
misc — adding BCB read-back, vendor shell/toybox exec, the /metadata
attempt counter, sys.powerctl, and kmsg logging on top of the write
access system policy already grants.
2026-07-15 17:14:04 -07:00
..
2025-02-05 20:23:25 +02:00
2026-05-26 05:54:26 -07:00
2025-03-11 18:42:25 +02:00
2025-04-02 13:54:26 +03:00
2025-03-28 23:38:38 +02:00