Give fastbootd permission to mount and write to /metadata/gsi. This is needed to check for the presence of certain bits, like, snapshots, a scratch partition, or a DSU installation, as well as to create status files (which libfiemap uses to track state). Bug: 134949511 Test: adb remount; fastboot flash system Change-Id: I50c10647a5793e4c0f35c3dd32de0bc036921914

commit: 11a741961a377ec919beed314269ea22b118bcf9 [log] [tgz]
author: David Anderson <dvander@google.com> Tue Dec 17 21:34:09 2019 -0800
committer: David Anderson <dvander@google.com> Wed Dec 18 15:08:24 2019 -0800
tree: 51c348abae321342e9ea83d0f6c59f462ef590df
parent: 4c78a608f9de64627d102f9bfa9a1b507df45a7a [diff]
diff --git a/public/fastbootd.te b/public/fastbootd.te
index f08885a..3ab489b 100644
--- a/public/fastbootd.te
+++ b/public/fastbootd.te

@@ -53,12 +53,13 @@
     userdata_block_device
   }:blk_file { w_file_perms getattr ioctl };
 
-  # For disabling/wiping GSI.
+  # For disabling/wiping GSI, and for modifying/deleting files created via
+  # libfiemap.
   allow fastbootd metadata_block_device:blk_file r_file_perms;
   allow fastbootd {rootfs tmpfs}:dir mounton;
-  allow fastbootd metadata_file:dir search;
-  allow fastbootd gsi_metadata_file:dir r_dir_perms;
-  allow fastbootd gsi_metadata_file:file rw_file_perms;
+  allow fastbootd metadata_file:dir { search getattr };
+  allow fastbootd gsi_metadata_file:dir rw_dir_perms;
+  allow fastbootd gsi_metadata_file:file create_file_perms;
 
   allowxperm fastbootd super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF };
commit	11a741961a377ec919beed314269ea22b118bcf9	[log] [tgz]
author	David Anderson <dvander@google.com>	Tue Dec 17 21:34:09 2019 -0800
committer	David Anderson <dvander@google.com>	Wed Dec 18 15:08:24 2019 -0800
tree	51c348abae321342e9ea83d0f6c59f462ef590df
parent	4c78a608f9de64627d102f9bfa9a1b507df45a7a [diff]