Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 1c996021a5ec83bf3c8aad0d72fa13f42d9aed01^1..1c996021a5ec83bf3c8aad0d72fa13f42d9aed01 / .
commit1c996021a5ec83bf3c8aad0d72fa13f42d9aed01[log] [tgz]
authorTreehugger Robot <treehugger-gerrit@google.com>Fri Apr 16 00:54:40 2021 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Fri Apr 16 00:54:40 2021 +0000
treed28f263d66cbaeaa45045be57069e35e2172a3ad
parent6a864fd0b5b87c022a283dcf6285d9ee545aebdd [diff]
parentb62be121760dba20484160dc677c5bd6277c9ba8 [diff]
Merge "Allow apexd to access a new dev_type: virtual disk"
diff --git a/private/apexd.te b/private/apexd.te
index b94970b..862bab9 100644
--- a/private/apexd.te
+++ b/private/apexd.te

@@ -52,6 +52,9 @@
 # allow apexd to access /dev/block
 allow apexd block_device:dir r_dir_perms;
 
+#allow apexd to access virtual disks
+allow apexd vd_device:blk_file r_file_perms;
+
 # allow apexd to access /dev/block/dm-* (device-mapper entries)
 allow apexd dm_device:chr_file rw_file_perms;
 allow apexd dm_device:blk_file rw_file_perms;

diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 3bf3a13..2b06fd8 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil

@@ -128,6 +128,7 @@
     userspace_reboot_metadata_file
     uwb_service
     vcn_management_service
+    vd_device
     vendor_kernel_modules
     vibrator_manager_service
     virtualization_service

diff --git a/private/file_contexts b/private/file_contexts
index 6a5fc60..7cb7f1c 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -88,6 +88,7 @@
 /dev/block(/.*)?	u:object_r:block_device:s0
 /dev/block/dm-[0-9]+	u:object_r:dm_device:s0
 /dev/block/loop[0-9]*	u:object_r:loop_device:s0
+/dev/block/vd[a-z][0-9]*  u:object_r:vd_device:s0
 /dev/block/vold/.+	u:object_r:vold_device:s0
 /dev/block/ram[0-9]*	u:object_r:ram_device:s0
 /dev/block/zram[0-9]*	u:object_r:ram_device:s0

diff --git a/private/init.te b/private/init.te
index 2627add..13d4900 100644
--- a/private/init.te
+++ b/private/init.te

@@ -66,6 +66,10 @@
 # Allow for libsnapshot's use of flock() on /metadata/ota.
 allow init ota_metadata_file:dir lock;
 
+# Allow init to restore contexts of vd_device(/dev/block/vd[..]) when labeling
+# /dev/block.
+allow init vd_device:blk_file relabelto;
+
 # Only init is allowed to set the sysprop indicating whether perf_event_open()
 # SELinux hooks were detected.
 set_prop(init, init_perf_lsm_hooks_prop)

diff --git a/public/device.te b/public/device.te
index 16cc492..686f955 100644
--- a/public/device.te
+++ b/public/device.te

@@ -17,6 +17,7 @@
 type radio_device, dev_type;
 type ram_device, dev_type;
 type rtc_device, dev_type;
+type vd_device, dev_type;
 type vold_device, dev_type;
 type console_device, dev_type;
 type fscklogs, dev_type;