Sepolicy: Allow otapreopt to mount logical partitions Logical partitions are handled through libdm. Allow access to device-mapper. Bug: 128867786 Test: m Change-Id: I6979487b91d24b7309c876f2bdc26a827e2fcd1e

commit: 1a5db599ce8aaacc49cc50543cc476a4f4e7b336 [log] [tgz]
author: Andreas Gampe <agampe@google.com> Fri Mar 22 12:13:05 2019 -0700
committer: Andreas Gampe <agampe@google.com> Fri Mar 22 12:13:05 2019 -0700
tree: a63c105a9e99e8574cf2f93553471138924bf4bb
parent: c848dee19cb208961232abd9a17849daa7ae4b15 [diff]
diff --git a/private/otapreopt_chroot.te b/private/otapreopt_chroot.te
index efde869..e2bc33e 100644
--- a/private/otapreopt_chroot.te
+++ b/private/otapreopt_chroot.te

@@ -11,6 +11,9 @@
 # APEX packages in /postinstall/apex.
 allow otapreopt_chroot block_device:dir search;
 allow otapreopt_chroot labeledfs:filesystem { mount unmount };
+# This is required for dynamic partitions.
+allow otapreopt_chroot dm_device:chr_file rw_file_perms;
+
 # This is required to unmount flattened APEX packages under
 # /postinstall/system/apex (which are bind-mounted in /postinstall/apex).
 allow otapreopt_chroot postinstall_file:filesystem unmount;
commit	1a5db599ce8aaacc49cc50543cc476a4f4e7b336	[log] [tgz]
author	Andreas Gampe <agampe@google.com>	Fri Mar 22 12:13:05 2019 -0700
committer	Andreas Gampe <agampe@google.com>	Fri Mar 22 12:13:05 2019 -0700
tree	a63c105a9e99e8574cf2f93553471138924bf4bb
parent	c848dee19cb208961232abd9a17849daa7ae4b15 [diff]