commit 4de3228c461d54752a5ca0d011ffc13686e0a3cb
author Martijn Coenen <maco@google.com> Fri Jan 31 16:07:09 2020 +0100
committer Martijn Coenen <maco@google.com> Fri Jan 31 16:09:04 2020 +0100
tree fdb76c6464fbf781a40c4b2119941ac54b8253a5
parent 2b44078cacf34e2c31ba3df672af90243a5eceed

Allow toolbox to set project quota IDs.

These ioctls are required to set a default project quota ID on
/data/media.

Bug: 146419093
Test: verified chattr call from rootdir/init.rc
Change-Id: I0c9028e0a6502302fe81a73dfa087261a36d9863

public/toolbox.te

diff --git a/public/toolbox.te b/public/toolbox.te
index 2ff9d3d..1dd06f9 100644
--- a/public/toolbox.te
+++ b/public/toolbox.te
@@ -28,6 +28,11 @@
 allow toolbox system_data_file:dir { rmdir rw_dir_perms };
 allow toolbox system_data_file:file { getattr unlink };
 
-# chattr +F /data/media in init
+# chattr +F and chattr +P /data/media in init
 allow toolbox media_rw_data_file:dir { r_dir_perms };
-allowxperm toolbox media_rw_data_file:dir ioctl { FS_IOC_SETFLAGS FS_IOC_GETFLAGS };
+allowxperm toolbox media_rw_data_file:dir ioctl {
+  FS_IOC_FSGETXATTR
+  FS_IOC_FSSETXATTR
+  FS_IOC_GETFLAGS
+  FS_IOC_SETFLAGS
+};