Merge "Add permission context for resize2fs and e2fsck" into main
diff --git a/microdroid/system/private/encryptedstore.te b/microdroid/system/private/encryptedstore.te
index 61c89a1..aab6d98 100644
--- a/microdroid/system/private/encryptedstore.te
+++ b/microdroid/system/private/encryptedstore.te
@@ -21,6 +21,9 @@
# encryptedstore is forked from microdroid_manager
allow encryptedstore microdroid_manager:fd use;
+# encryptedstore runs e2fsck and resize2fs to expand encrypted storage device
+allow encryptedstore fsck_exec:file { rx_file_perms };
+
# For formatting encrypted storage device
allow encryptedstore e2fs_exec:file { rx_file_perms };
allowxperm encryptedstore dm_device:blk_file ioctl {
diff --git a/microdroid/system/private/file.te b/microdroid/system/private/file.te
index 82a5564..0d2e3e6 100644
--- a/microdroid/system/private/file.te
+++ b/microdroid/system/private/file.te
@@ -13,7 +13,8 @@
allow system_data_file tmpfs:filesystem associate;
type authfs_fuse, fs_type, contextmount_type;
-
+# /system/bin/e2fsck, /system/bin/resize2fs - used to expand encryptedstore block device
+type fsck_exec, system_file_type, exec_type, file_type;
# /system/bin/mke2fs - used to format encryptedstore block device
type e2fs_exec, system_file_type, exec_type, file_type;
diff --git a/microdroid/system/private/file_contexts b/microdroid/system/private/file_contexts
index 8416087..3962c7c 100644
--- a/microdroid/system/private/file_contexts
+++ b/microdroid/system/private/file_contexts
@@ -105,7 +105,9 @@
/system/bin/authfs u:object_r:authfs_exec:s0
/system/bin/authfs_service u:object_r:authfs_service_exec:s0
/system/bin/encryptedstore u:object_r:encryptedstore_exec:s0
-/system/bin/mke2fs u:object_r:e2fs_exec:s0
+/system/bin/e2fsck u:object_r:fsck_exec:s0
+/system/bin/mke2fs u:object_r:e2fs_exec:s0
+/system/bin/resize2fs u:object_r:fsck_exec:s0
/system/bin/kexec_load u:object_r:kexec_exec:s0
/system/bin/prng_seeder u:object_r:prng_seeder_exec:s0
/system/bin/atrace u:object_r:atrace_exec:s0