sepolicy: allow to play f2fs-compression for odex/vdex files This patch adds some ioctls for odex/vdex files. Bug: 205257122 Test: Manual. Code runs. Signed-off-by: Ken Bian <kenjc.bian@rock-chips.com> Change-Id: Ibf7890f0910ed04e0355bef9c0bfb21b406fb7eb

commit: 851c11b2cb09943b8fd9db5b65888bbc87beb5bd [log] [tgz]
author: Ken <kenjc.bian@rock-chips.com> Sat Nov 06 07:17:04 2021 +0000
committer: Ken <kenjc.bian@rock-chips.com> Tue Nov 09 03:13:46 2021 +0000
tree: af4a7e1b56b4ed8567f6cbed37dd13a4a85dc318
parent: 28fc30ebc1e6316fa70a273c7cab245f46285704 [diff]
diff --git a/private/system_server.te b/private/system_server.te
index 4c87b3f..b001bb0 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -70,6 +70,12 @@
 allow system_server { apex_art_data_file dalvikcache_data_file }:dir r_dir_perms;
 allow system_server { apex_art_data_file dalvikcache_data_file }:file r_file_perms;
 
+# For release odex/vdex compress blocks
+allowxperm system_server dalvikcache_data_file:file ioctl {
+  F2FS_IOC_RELEASE_COMPRESS_BLOCKS
+  FS_IOC_GETFLAGS
+};
+
 # When running system server under --invoke-with, we'll try to load the boot image under the
 # system server domain, following links to the system partition.
 with_asan(`allow system_server dalvikcache_data_file:lnk_file r_file_perms;')
commit	851c11b2cb09943b8fd9db5b65888bbc87beb5bd	[log] [tgz]
author	Ken <kenjc.bian@rock-chips.com>	Sat Nov 06 07:17:04 2021 +0000
committer	Ken <kenjc.bian@rock-chips.com>	Tue Nov 09 03:13:46 2021 +0000
tree	af4a7e1b56b4ed8567f6cbed37dd13a4a85dc318
parent	28fc30ebc1e6316fa70a273c7cab245f46285704 [diff]