Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 8af2dcd05cf30635681e37fa021473e2deebb073^1..8af2dcd05cf30635681e37fa021473e2deebb073 / .
commit8af2dcd05cf30635681e37fa021473e2deebb073[log] [tgz]
authorSongchun Fan <schfan@google.com>Thu Aug 20 17:16:43 2020 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Thu Aug 20 17:16:43 2020 +0000
treef3d1753de1562bc0b523f4c9a752082ca71c9b47
parent3d0ebdc97cb499ff56ba9b7445c5bf7747033a58 [diff]
parent1d4f2221cd4e6505c43ce0af295eec45fb722ea4 [diff]
Merge "[selinux] allow system_server to call INCFS_IOC_GET_FILLED_BLOCKS ioctl" am: 1d4f2221cd

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1404978

Change-Id: Id571d508cb5f699f2970d1d53225c106cac8234c

diff --git a/prebuilts/api/30.0/private/system_server.te b/prebuilts/api/30.0/private/system_server.te
index 0082827..7968b79 100644
--- a/prebuilts/api/30.0/private/system_server.te
+++ b/prebuilts/api/30.0/private/system_server.te

@@ -29,7 +29,7 @@
 allowxperm system_server incremental_control_file:file ioctl { INCFS_IOCTL_CREATE_FILE INCFS_IOCTL_PERMIT_FILL };
 
 # To get signature of an APK installed on Incremental File System and fill in data blocks
-allowxperm system_server apk_data_file:file ioctl { INCFS_IOCTL_READ_SIGNATURE INCFS_IOCTL_FILL_BLOCKS };
+allowxperm system_server apk_data_file:file ioctl { INCFS_IOCTL_READ_SIGNATURE INCFS_IOCTL_FILL_BLOCKS INCFS_IOCTL_GET_FILLED_BLOCKS };
 
 # For art.
 allow system_server dalvikcache_data_file:dir r_dir_perms;

diff --git a/prebuilts/api/30.0/public/ioctl_defines b/prebuilts/api/30.0/public/ioctl_defines
index 558dd92..3c7758a 100644
--- a/prebuilts/api/30.0/public/ioctl_defines
+++ b/prebuilts/api/30.0/public/ioctl_defines

@@ -1059,6 +1059,7 @@
 define(`INCFS_IOCTL_READ_SIGNATURE', `0x0000671f')
 define(`INCFS_IOCTL_FILL_BLOCKS', `0x00006720')
 define(`INCFS_IOCTL_PERMIT_FILL', `0x00006721')
+define(`INCFS_IOCTL_GET_FILLED_BLOCKS', `0x00006722')
 define(`IOCTL_EVTCHN_BIND_INTERDOMAIN', `0x00084501')
 define(`IOCTL_EVTCHN_BIND_UNBOUND_PORT', `0x00044502')
 define(`IOCTL_EVTCHN_BIND_VIRQ', `0x00044500')

diff --git a/private/system_server.te b/private/system_server.te
index 26b728f..0067aa7 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -29,7 +29,7 @@
 allowxperm system_server incremental_control_file:file ioctl { INCFS_IOCTL_CREATE_FILE INCFS_IOCTL_PERMIT_FILL };
 
 # To get signature of an APK installed on Incremental File System and fill in data blocks
-allowxperm system_server apk_data_file:file ioctl { INCFS_IOCTL_READ_SIGNATURE INCFS_IOCTL_FILL_BLOCKS };
+allowxperm system_server apk_data_file:file ioctl { INCFS_IOCTL_READ_SIGNATURE INCFS_IOCTL_FILL_BLOCKS INCFS_IOCTL_GET_FILLED_BLOCKS };
 
 # For art.
 allow system_server dalvikcache_data_file:dir r_dir_perms;

diff --git a/public/ioctl_defines b/public/ioctl_defines
index 558dd92..3c7758a 100644
--- a/public/ioctl_defines
+++ b/public/ioctl_defines

@@ -1059,6 +1059,7 @@
 define(`INCFS_IOCTL_READ_SIGNATURE', `0x0000671f')
 define(`INCFS_IOCTL_FILL_BLOCKS', `0x00006720')
 define(`INCFS_IOCTL_PERMIT_FILL', `0x00006721')
+define(`INCFS_IOCTL_GET_FILLED_BLOCKS', `0x00006722')
 define(`IOCTL_EVTCHN_BIND_INTERDOMAIN', `0x00084501')
 define(`IOCTL_EVTCHN_BIND_UNBOUND_PORT', `0x00044502')
 define(`IOCTL_EVTCHN_BIND_VIRQ', `0x00044500')