Allow apexd to configure /sys/block/dm- To configure readahead for APEX dm-verity devices. Bug: 117823094 Test: apexd can change readahead Change-Id: Ie0396d59ef758ad55f499f65957697d26a48aae9

commit: 341476d4557822470808b6e910ee941d1cb668b6 [log] [tgz]
author: Martijn Coenen <maco@google.com> Thu Nov 08 12:57:12 2018 +0100
committer: Martijn Coenen <maco@google.com> Thu Nov 08 13:58:41 2018 +0100
tree: bee6dc7810e3c42103ee84b30a4ee65690501b67
parent: ac2b2d44b313ecd226d1bce022f2e11725e99492 [diff]
diff --git a/private/apexd.te b/private/apexd.te
index ab136eb..61e099b 100644
--- a/private/apexd.te
+++ b/private/apexd.te

@@ -43,6 +43,10 @@
 # Unmount and mount filesystems
 allow apexd labeledfs:filesystem { mount unmount };
 
+# Configure read-ahead of dm-verity devices
+allow apexd sysfs_dm:dir r_dir_perms;
+allow apexd sysfs_dm:file rw_file_perms;
+
 # Spawning a libbinder thread results in a dac_override deny,
 # /dev/cpuset/tasks is owned by system.
 #
commit	341476d4557822470808b6e910ee941d1cb668b6	[log] [tgz]
author	Martijn Coenen <maco@google.com>	Thu Nov 08 12:57:12 2018 +0100
committer	Martijn Coenen <maco@google.com>	Thu Nov 08 13:58:41 2018 +0100
tree	bee6dc7810e3c42103ee84b30a4ee65690501b67
parent	ac2b2d44b313ecd226d1bce022f2e11725e99492 [diff]