allow init to run mke2fs tools to format partitions
Test: let fs_mgr format a damaged /data partition
Bug: 35219933
Change-Id: If92352ea7a70780e9d81ab10963d63e16b793792
diff --git a/private/e2fs.te b/private/e2fs.te
new file mode 100644
index 0000000..add1cc2
--- /dev/null
+++ b/private/e2fs.te
@@ -0,0 +1,14 @@
+type e2fs, domain, coredomain;
+
+allow e2fs block_device:blk_file getattr;
+allow e2fs block_device:dir search;
+allow e2fs userdata_block_device:blk_file rw_file_perms;
+
+# access /proc/filesystems
+allow e2fs proc:file r_file_perms;
+
+# access /sys/fs/ext4/features
+allow e2fs sysfs_fs_ext4_features:file r_file_perms;
+
+# access sselinux context files
+allow e2fs file_contexts_file:file { getattr open read };
diff --git a/private/file_contexts b/private/file_contexts
index c46ba59..36066df 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -17,6 +17,8 @@
/charger u:object_r:rootfs:s0
/init u:object_r:init_exec:s0
/sbin(/.*)? u:object_r:rootfs:s0
+/sbin/e2fsdroid u:object_r:e2fs_exec:s0
+/sbin/mke2fs u:object_r:e2fs_exec:s0
# For kernel modules
/lib(/.*)? u:object_r:rootfs:s0
@@ -450,6 +452,7 @@
/sys/devices/virtual/block/zram\d+(/.*)? u:object_r:sysfs_zram:s0
/sys/devices/virtual/block/zram\d+/uevent u:object_r:sysfs_zram_uevent:s0
/sys/devices/virtual/misc/hw_random(/.*)? u:object_r:sysfs_hwrandom:s0
+/sys/fs/ext4/features(/.*)? u:object_r:sysfs_fs_ext4_features:s0
/sys/power/wake_lock -- u:object_r:sysfs_wake_lock:s0
/sys/power/wake_unlock -- u:object_r:sysfs_wake_lock:s0
/sys/kernel/uevent_helper -- u:object_r:usermodehelper:s0
diff --git a/private/init.te b/private/init.te
index f84d87e..49da9d3 100644
--- a/private/init.te
+++ b/private/init.te
@@ -7,6 +7,7 @@
domain_trans(init, rootfs, charger)
domain_trans(init, rootfs, healthd)
domain_trans(init, rootfs, slideshow)
+domain_auto_trans(init, e2fs_exec, e2fs)
recovery_only(`
domain_trans(init, rootfs, recovery)
')