Set sepolicy for ublk control device and block device
ublk-control device: /dev/ublk-control
ublk-block device: /dev/block/ublkbN where N is 0,1,2..
Bug: 269144965
Test: Verify sepolicy changes through kernel logs when user-space daemon
communicates with ublk driver
Change-Id: I10de557566e3c0628ea72fbbda4cff21e7cda68f
Signed-off-by: Akilesh Kailash <akailash@google.com>
diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index 30a7e35..401e110 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@@ -50,6 +50,8 @@
timezone_metadata_prop
tuner_config_prop
tuner_server_ctl_prop
+ ublk_block_device
+ ublk_control_device
usb_uvc_enabled_prop
virtual_face_hal_prop
virtual_fingerprint_hal_prop
diff --git a/private/file_contexts b/private/file_contexts
index 4c3f108..ced331a 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -81,6 +81,7 @@
/dev/block(/.*)? u:object_r:block_device:s0
/dev/block/by-name/zoned_device u:object_r:zoned_block_device:s0
/dev/block/dm-[0-9]+ u:object_r:dm_device:s0
+/dev/block/ublkb[0-9]+ u:object_r:ublk_block_device:s0
/dev/block/loop[0-9]* u:object_r:loop_device:s0
/dev/block/vd[a-z][0-9]* u:object_r:vd_device:s0
/dev/block/vold/.+ u:object_r:vold_device:s0
@@ -95,6 +96,7 @@
/dev/dma_heap/system-uncached u:object_r:dmabuf_system_heap_device:s0
/dev/dma_heap/system-secure(.*) u:object_r:dmabuf_system_secure_heap_device:s0
/dev/dm-user(/.*)? u:object_r:dm_user_device:s0
+/dev/ublk-control u:object_r:ublk_control_device:s0
/dev/device-mapper u:object_r:dm_device:s0
/dev/eac u:object_r:audio_device:s0
/dev/event-log-tags u:object_r:runtime_event_log_tags_file:s0