Merge changes from topic "microdroid_selinux_denial_test"
* changes:
Suppress power_supply access inside microdroid
Add servicemanager's service to microdroid policy
Temporarily dontaudit ueventd->tmpfs access
diff --git a/private/snapuserd.te b/private/snapuserd.te
index 2956891..78f4d76 100644
--- a/private/snapuserd.te
+++ b/private/snapuserd.te
@@ -8,6 +8,18 @@
allow snapuserd kmsg_device:chr_file rw_file_perms;
+# Allow snapuserd to reach block devices in /dev/block.
+allow snapuserd block_device:dir search;
+
+# Read /sys/block to find all the DM directories like (/sys/block/dm-X).
+allow snapuserd sysfs:dir { open read };
+
+# Read /sys/block/dm-X/dm/name (which is a symlink to
+# /sys/devices/virtual/block/dm-X/dm/name) to identify the mapping between
+# dm-X and dynamic partitions.
+allow snapuserd sysfs_dm:dir { open read search };
+allow snapuserd sysfs_dm:file r_file_perms;
+
# Reading and writing to /dev/block/dm-* (device-mapper) nodes.
allow snapuserd block_device:dir r_dir_perms;
allow snapuserd dm_device:chr_file rw_file_perms;