Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / fefc887edab6375dd46f6576c05fbcd6eb8a8ef6
commitfefc887edab6375dd46f6576c05fbcd6eb8a8ef6[log] [tgz]
authorNick Kralevich <nnk@google.com>Wed Nov 14 12:47:50 2018 -0800
committerNick Kralevich <nnk@google.com>Wed Nov 14 13:01:00 2018 -0800
tree21048afdd7f8cf717df618bbf0d2411c1966c197
parenta8dd89f80f135d63bc4ff6be281bb8dbf399b3d8 [diff]
vold: allow ioctls BLKDISCARD and BLKGETSIZE

BLKDISCARD is used by vold while wiping block devices
https://android.googlesource.com/platform/system/vold/+/b2455747a92957d109a050b8f3e394d87d085086/Utils.cpp#619

BLKGETSIZE is used to determine the size of the block device. Ideally
code should not be using this ioctl, as it fails for devices >= 2T in
size. Vold indirectly uses this when executing /system/bin/newfs_msdos.
Arguably this is a bug in newfs_msdos, as BLKGETSIZE64 should be used
instead.
Code: https://android.googlesource.com/platform/external/newfs_msdos/+/0c7e133c7fde67911efb7bd920d4f0ab0c269af8/mkfs_msdos.c#845

Addresses the following denials:

audit(0.0:24): avc: denied { ioctl } for comm="Binder:588_2" path="/dev/block/vold/public:7,9" dev="tmpfs" ino=106407 ioctlcmd=1277 scontext=u:r:vold:s0 tcontext=u:object_r:vold_device:s0 tclass=blk_file permissive=0
audit(0.0:25): avc: denied { ioctl } for comm="newfs_msdos" path="/dev/block/vold/public:7,9" dev="tmpfs" ino=106407 ioctlcmd=1260 scontext=u:r:vold:s0 tcontext=u:object_r:vold_device:s0 tclass=blk_file permissive=0

Test: policy compiles.
Bug: 119562530
Change-Id: Ib7198daf150d6f2578545a6a402e0313069ea2b4
1 file changed
tree: 21048afdd7f8cf717df618bbf0d2411c1966c197
  1. apex/
  2. build/
  3. prebuilts/
  4. private/
  5. public/
  6. reqd_mask/
  7. tests/
  8. tools/
  9. vendor/
  10. .gitignore
  11. Android.bp
  12. Android.mk
  13. CleanSpec.mk
  14. definitions.mk
  15. MODULE_LICENSE_PUBLIC_DOMAIN
  16. NOTICE
  17. OWNERS
  18. PREUPLOAD.cfg
  19. README
  20. treble_sepolicy_tests_for_release.mk