Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 00f089535768e7ecaddf6d799b86ce0cde62304d^1..00f089535768e7ecaddf6d799b86ce0cde62304d / .
commit00f089535768e7ecaddf6d799b86ce0cde62304d[log] [tgz]
authorNick Kralevich <nnk@google.com>Tue Nov 20 21:30:24 2018 -0800
committerandroid-build-merger <android-build-merger@google.com>Tue Nov 20 21:30:24 2018 -0800
tree81e46ebe838191eb75f0b39c15d7cf5319cda252
parentc3bc5c64ea14b0f748d8c5cdc76f11ad5784a087 [diff]
parentbacf448bdba09ff37ae918d85a26879d7d993523 [diff]
allow system_server BLKSECDISCARD BLKDISCARD
am: bacf448bdb

Change-Id: If1d3ba9c3b0e8db84b7bc8f40c864de6d8b477e3

diff --git a/private/system_server.te b/private/system_server.te
index 7104135..621385c 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -713,6 +713,7 @@
 # protection partition. This block device does not get wiped in a factory reset.
 allow system_server block_device:dir search;
 allow system_server frp_block_device:blk_file rw_file_perms;
+allowxperm system_server frp_block_device:blk_file ioctl { BLKSECDISCARD BLKDISCARD };
 
 # Clean up old cgroups
 allow system_server cgroup:dir { remove_name rmdir };