Add the 'bdev_type' attribute to all block devices
The following patch iterates over all block devices:
https://android-review.googlesource.com/c/platform/system/core/+/1783847/9
The following patch grants 'init' and 'apexd' permission to iterate over
all block devices:
https://android-review.googlesource.com/c/platform/system/sepolicy/+/1783947
The above SELinux policy change requires to add the 'bdev_type'
attribute to all block devices. Hence this patch.
Bug: 194450129
Test: Untested.
Change-Id: I959bae6f9590b1867905d46e194c45b0ea4248df
Signed-off-by: Bart Van Assche <bvanassche@google.com>
diff --git a/microdroid/system/public/attributes b/microdroid/system/public/attributes
index cf516dd..ffc2b3b 100644
--- a/microdroid/system/public/attributes
+++ b/microdroid/system/public/attributes
@@ -7,6 +7,9 @@
# in tools/checkfc.c
attribute dev_type;
+# Attribute for block devices.
+attribute bdev_type;
+
# All types used for processes.
attribute domain;
diff --git a/microdroid/system/public/device.te b/microdroid/system/public/device.te
index 8d286a6..bdc3b28 100644
--- a/microdroid/system/public/device.te
+++ b/microdroid/system/public/device.te
@@ -1,7 +1,7 @@
type ashmem_device, dev_type, mlstrustedobject;
type ashmem_libcutils_device, dev_type, mlstrustedobject;
type binder_device, dev_type, mlstrustedobject;
-type block_device, dev_type;
+type block_device, dev_type, bdev_type;
type console_device, dev_type;
type device, dev_type, fs_type;
type dm_device, dev_type;