sepolicy: allow fastbootd to operate devpts Recovery needs devpts permission to call liblogwrap to operate child_ptty for mke2fs. This fixes formatting the /metadata partition in fastbootd mode. Bug: 264489957 Test: rom flashing Change-Id: Ib94dbcb580c0a16395b48b8eeef6e431a637d235 Signed-off-by: Randall Huang <huangrandall@google.com>

commit: 194d712efb5915ca13e5c44dd6d6bac54333c703 [log] [tgz]
author: Randall Huang <huangrandall@google.com> Thu Apr 20 16:22:18 2023 +0800
committer: Michael Bestas <mkbestas@gmail.com> Tue Oct 15 17:45:43 2024 +0300
tree: 2dcadb77188e471174b206af336eb8b7cda164fc
parent: 0fbd29a64cd109c13392324ad2c27d205dbfd4d9 [diff]
diff --git a/private/fastbootd.te b/private/fastbootd.te
index 66dd2b1..a62cc47 100644
--- a/private/fastbootd.te
+++ b/private/fastbootd.te

@@ -159,6 +159,9 @@
   allow fastbootd gsi_metadata_file_type:dir search;
   allow fastbootd ota_metadata_file:dir rw_dir_perms;
   allow fastbootd ota_metadata_file:file create_file_perms;
+
+  # Fastbootd uses liblogwrap to write mke2fs logs to kmsg, liblogwrap requires devpts.
+  allow fastbootd devpts:chr_file rw_file_perms;
 ')
 
 # This capability allows fastbootd to circumvent memlock rlimits while using
commit	194d712efb5915ca13e5c44dd6d6bac54333c703	[log] [tgz]
author	Randall Huang <huangrandall@google.com>	Thu Apr 20 16:22:18 2023 +0800
committer	Michael Bestas <mkbestas@gmail.com>	Tue Oct 15 17:45:43 2024 +0300
tree	2dcadb77188e471174b206af336eb8b7cda164fc
parent	0fbd29a64cd109c13392324ad2c27d205dbfd4d9 [diff]