Make sure symlinks created by ueventd are correctly labeled
Bug: 391078491
Test: `ls -alZ /dev/block/by-name | grep "boot_[ab]"` in cuttlefish.
lrwxrwxrwx 1 root root u:object_r:boot_block_device:s0 15 2025-01-23 13:03 boot_a -> /dev/block/vda2
lrwxrwxrwx 1 root root u:object_r:boot_block_device:s0 15 2025-01-23 13:03 boot_b -> /dev/block/vda3
lrwxrwxrwx 1 root root u:object_r:boot_block_device:s0 15 2025-01-23 13:03 init_boot_a -> /dev/block/vda4
lrwxrwxrwx 1 root root u:object_r:boot_block_device:s0 15 2025-01-23 13:03 init_boot_b -> /dev/block/vda5
lrwxrwxrwx 1 root root u:object_r:boot_block_device:s0 15 2025-01-23 13:03 vendor_boot_a -> /dev/block/vda6
lrwxrwxrwx 1 root root u:object_r:boot_block_device:s0 15 2025-01-23 13:03 vendor_boot_b -> /dev/block/vda7
Previously it was
lrwxrwxrwx 1 root root u:object_r:boot_block_device:s0 15 2025-01-21 13:36 boot_a -> /dev/block/vda2
lrwxrwxrwx 1 root root u:object_r:block_device:s0 15 2025-01-21 13:36 boot_b -> /dev/block/vda3
lrwxrwxrwx 1 root root u:object_r:boot_block_device:s0 15 2025-01-21 13:36 init_boot_a -> /dev/block/vda4
lrwxrwxrwx 1 root root u:object_r:block_device:s0 15 2025-01-21 13:36 init_boot_b -> /dev/block/vda5
lrwxrwxrwx 1 root root u:object_r:boot_block_device:s0 15 2025-01-23 13:03 vendor_boot_a -> /dev/block/vda6
lrwxrwxrwx 1 root root u:object_r:block_device:s0 15 2025-01-23 13:03 vendor_boot_b -> /dev/block/vda7
Change-Id: I5bad867f085c4b9dcbca4d064296792d500b20c6
diff --git a/private/ueventd.te b/private/ueventd.te
index 7effa6d..654f861 100644
--- a/private/ueventd.te
+++ b/private/ueventd.te
@@ -75,6 +75,9 @@
# Allow ueventd to read apexd property
get_prop(ueventd, apexd_prop)
+# Allow ueventd to correctly label the symlinks it creates
+allow ueventd block_device:lnk_file relabelfrom;
+
#####
##### neverallow rules
#####