commit 49b13bc0f37a19d631591964a135cf87fa00110d
author Treehugger Robot <treehugger-gerrit@google.com> Tue Aug 17 01:15:29 2021 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Aug 17 01:15:29 2021 +0000
tree d7d48cf43d4efe04b1215587f789bba6f4a84938
parent 4dcefe8898dc88f67fd0f5b6aa2a42b91a80deec
parent 9ef8696796745f624900c7e288dc3ca0640a7f45

Merge "Remove obsolete file contexts"

microdroid/system/private/compos.te

diff --git a/microdroid/system/private/compos.te b/microdroid/system/private/compos.te
index 05936a6..b8ad335 100644
--- a/microdroid/system/private/compos.te
+++ b/microdroid/system/private/compos.te
@@ -24,5 +24,9 @@
 # authfs_service.
 allow compos authfs_fuse:file { read write };
 
+# Allow getattr (in fact, getxattr) as a workaround to retrieve fs-verity
+# metadata. See b/196635431.
+allow compos authfs_fuse:file getattr;
+
 # Allow domain transition into dex2oat.
 domain_auto_trans(compos, dex2oat_exec, dex2oat)

microdroid/system/public/attributes

diff --git a/microdroid/system/public/attributes b/microdroid/system/public/attributes
index cf516dd..ffc2b3b 100644
--- a/microdroid/system/public/attributes
+++ b/microdroid/system/public/attributes
@@ -7,6 +7,9 @@
 # in tools/checkfc.c
 attribute dev_type;
 
+# Attribute for block devices.
+attribute bdev_type;
+
 # All types used for processes.
 attribute domain;
 

microdroid/system/public/device.te

diff --git a/microdroid/system/public/device.te b/microdroid/system/public/device.te
index 8d286a6..bdc3b28 100644
--- a/microdroid/system/public/device.te
+++ b/microdroid/system/public/device.te
@@ -1,7 +1,7 @@
 type ashmem_device, dev_type, mlstrustedobject;
 type ashmem_libcutils_device, dev_type, mlstrustedobject;
 type binder_device, dev_type, mlstrustedobject;
-type block_device, dev_type;
+type block_device, dev_type, bdev_type;
 type console_device, dev_type;
 type device, dev_type, fs_type;
 type dm_device, dev_type;