Give vold permission to wipe a block device
During mountFstab call, vold might need to wipe and re-format a device.
See code in system/vold/model/PublicVolume.cpp , PublicVolume::doFormat
Allow IOCTLs such as BLKDISCARDZEROES for wiping.
Test: th
Bug: 279808236
Change-Id: I0bebf850aa45ece6227fa5c3e9c3fdb38164f79e
diff --git a/private/vold.te b/private/vold.te
index 957e5d0..4256ac3 100644
--- a/private/vold.te
+++ b/private/vold.te
@@ -7,6 +7,10 @@
domain_auto_trans(vold, sdcardd_exec, sdcardd);
domain_auto_trans(vold, fuseblkd_untrusted_exec, fuseblkd_untrusted);
+# Switch to e2fs domain when running mkfs.ext4 to format a partition
+domain_auto_trans(vold, e2fs_exec, e2fs);
+
+
# For a handful of probing tools, we choose an even more restrictive
# domain when working with untrusted block devices
domain_trans(vold, blkid_exec, blkid);
diff --git a/public/e2fs.te b/public/e2fs.te
index 6bce10f..973abb9 100644
--- a/public/e2fs.te
+++ b/public/e2fs.te
@@ -9,6 +9,12 @@
allow e2fs metadata_block_device:blk_file rw_file_perms;
allow e2fs dm_device:blk_file rw_file_perms;
allow e2fs zoned_block_device:blk_file rw_file_perms;
+# Vold needs to capture mkfs.ext4's output
+allow e2fs vold:fd use;
+# Need to be able to format a partition
+allow e2fs sysfs_dm:dir r_dir_perms;
+allow e2fs sysfs_dm:file r_file_perms;
+
allowxperm e2fs { userdata_block_device metadata_block_device dm_device zoned_block_device }:blk_file ioctl {
BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET BLKREPORTZONE BLKRESETZONE
};