Allow reading loop device in update_engine_unittests. This fixes the following denies: type=1400 audit(0.0:4389): avc: denied { read } for path="/data/misc/update_engine/tmp/a_loop_file.W0j9ss" dev="mmcblk0p13" ino=24695 scontext=u:r:kernel:s0 tcontext=u:object_r:update_engine_data_file:s0 tclass=file permissive=0 type=1400 audit(0.0:30): avc: denied { read } for path="/data/nativetest/update_engine_unittests/gen/disk_ext2_unittest.img" dev="mmcblk0p13" ino=71 scontext=u:r:kernel:s0 tcontext=u:object_r:nativetest_data_file:s0 tclass=file permissive=0 Bug: 28319454 Test: setenforce 1 && ./update_engine_unittests Change-Id: I8d54709d4bda06b364b5420d196d75a4ecc011d3

commit: 2b267293b219217587809a303033577c27481487 [log] [tgz]
author: Sen Jiang <senj@google.com> Tue May 03 11:07:11 2016 -0700
committer: Sen Jiang <senj@google.com> Tue May 03 12:09:47 2016 -0700
tree: 606d89cbf92a3eaaf3872ddc4ca58ac459f9ae09
parent: e53d0b0bccf2fd58ce4b4ea3324891937056089a [diff]
diff --git a/kernel.te b/kernel.te
index 20b0c0a..05aaf83 100644
--- a/kernel.te
+++ b/kernel.te

@@ -63,6 +63,12 @@
 allow kernel app_data_file:file read;
 allow kernel asec_image_file:file read;
 
+# Allow reading loop device in update_engine_unittests. (b/28319454)
+userdebug_or_eng(`
+  allow kernel update_engine_data_file:file read;
+  allow kernel nativetest_data_file:file read;
+')
+
 domain_auto_trans(kernel, init_exec, init)
 
 ###
commit	2b267293b219217587809a303033577c27481487	[log] [tgz]
author	Sen Jiang <senj@google.com>	Tue May 03 11:07:11 2016 -0700
committer	Sen Jiang <senj@google.com>	Tue May 03 12:09:47 2016 -0700
tree	606d89cbf92a3eaaf3872ddc4ca58ac459f9ae09
parent	e53d0b0bccf2fd58ce4b4ea3324891937056089a [diff]