Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / ab85caaa567f8cf2c5c3bf52df405ea6d049dec4^! / .
commitab85caaa567f8cf2c5c3bf52df405ea6d049dec4[log] [tgz]
authorYifan Hong <elsk@google.com>Fri Mar 22 13:55:13 2019 -0700
committerYifan Hong <elsk@google.com>Thu Mar 28 18:08:19 2019 +0000
tree56a01b0fcec64b667009547a8c4686bab871ec52
parent7145b252265fa337166bd4ba1af49df9efc6ca2d [diff]
super_block_device -> super_block_device_type

Domains that access super_block_device should instead
access super_block_device_type, which includes appropriate
block devices for retrofit DAP devices.

Test: boots (sanity)
Test: manual OTA
Bug: 128991918
Change-Id: Ie025b1e3c17e82330042aaa4a3e2e4a02ec1265b

diff --git a/private/lpdumpd.te b/private/lpdumpd.te
index 9acd22b..458a8f1 100644
--- a/private/lpdumpd.te
+++ b/private/lpdumpd.te

@@ -10,12 +10,8 @@
 # Allow lpdumpd to find the super partition block device.
 allow lpdumpd block_device:dir r_dir_perms;
 
-# Allow lpdumpd to read super partition metadata. This may live on
-# super_block_device, or system_block_device (on retrofit devices).
-allow lpdumpd {
-   super_block_device
-   system_block_device
-}:blk_file r_file_perms;
+# Allow lpdumpd to read super partition metadata.
+allow lpdumpd super_block_device_type:blk_file r_file_perms;
 
 # Allow lpdumpd to read fstab.
 allow lpdumpd sysfs_dt_firmware_android:dir r_dir_perms;

diff --git a/public/fastbootd.te b/public/fastbootd.te
index d63af83..8ebe387 100644
--- a/public/fastbootd.te
+++ b/public/fastbootd.te

@@ -45,7 +45,7 @@
   allow fastbootd dm_device:chr_file rw_file_perms;
   allow fastbootd dm_device:blk_file rw_file_perms;
 
-  allow fastbootd super_block_device:blk_file rw_file_perms;
+  allow fastbootd super_block_device_type:blk_file rw_file_perms;
   allow fastbootd {
     boot_block_device
     metadata_block_device
@@ -60,10 +60,7 @@
   allow fastbootd gsi_metadata_file:dir r_dir_perms;
   allow fastbootd gsi_metadata_file:file rw_file_perms;
 
-  allowxperm fastbootd {
-    system_block_device
-    super_block_device
-  }:blk_file ioctl { BLKIOMIN BLKALIGNOFF };
+  allowxperm fastbootd super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF };
 
   allowxperm fastbootd {
     metadata_block_device

diff --git a/public/update_engine_common.te b/public/update_engine_common.te
index b55f4bc..a326d4c 100644
--- a/public/update_engine_common.te
+++ b/public/update_engine_common.te

@@ -63,13 +63,10 @@
 allow update_engine_common dm_device:blk_file rw_file_perms;
 
 # read / write metadata on super device to resize partitions
-allow update_engine_common super_block_device:blk_file rw_file_perms;
+allow update_engine_common super_block_device_type:blk_file rw_file_perms;
 
 # ioctl on super device to get block device alignment and alignment offset
-allowxperm update_engine_common {
-    system_block_device
-    super_block_device
-}:blk_file ioctl { BLKIOMIN BLKALIGNOFF };
+allowxperm update_engine_common super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF };
 
 # get physical block device to map logical partitions on device mapper
 allow update_engine_common block_device:dir r_dir_perms;