Encryptedstore/Selinux: Format the crypt device Add selinux policies required for formatting the crypt device. 1. Allow encryptedstore to execute mk2fs. 2. The execution will happen without domain transition - so add permissions related to formatting the device. 3. Allow encryptedstore to write on /dev/vd device - required to zero starting bits initially Test: Run vm with --storage & --storage-size option Bug: 241541860 Change-Id: I9766e3c67e47a58707beee8b3a156944e3b0a9ce

commit: c6ff74a2103b3af0f07ee6f29ca409ba5d78b23f [log] [tgz]
author: Shikha Panwar <shikhapanwar@google.com> Mon Nov 21 16:06:09 2022 +0000
committer: Shikha Panwar <shikhapanwar@google.com> Tue Nov 22 17:42:01 2022 +0000
tree: d311c356335e3f7e18735c41612e3ae5b062847a
parent: f447a0bf071793101c896583233b5278f7709276 [diff] [blame]
diff --git a/microdroid/system/private/file.te b/microdroid/system/private/file.te
index d15f9ba..b94571d 100644
--- a/microdroid/system/private/file.te
+++ b/microdroid/system/private/file.te

@@ -17,3 +17,6 @@
 # /dev/selinux/test - used to verify that apex sepolicy is loaded and
 # property labeled.
 type sepolicy_test_file, file_type;
+
+# /system/bin/mke2fs - used to format encryptedstore block device
+type e2fs_exec, system_file_type, exec_type, file_type;
commit	c6ff74a2103b3af0f07ee6f29ca409ba5d78b23f	[log] [tgz]
author	Shikha Panwar <shikhapanwar@google.com>	Mon Nov 21 16:06:09 2022 +0000
committer	Shikha Panwar <shikhapanwar@google.com>	Tue Nov 22 17:42:01 2022 +0000
tree	d311c356335e3f7e18735c41612e3ae5b062847a
parent	f447a0bf071793101c896583233b5278f7709276 [diff] [blame]