Allow ueventd to access device-mapper. ueventd needs access to device-mapper to fix a race condition in symlink creation. When device-mapper uevents are received, we historically read the uuid and name from sysfs. However it turns out sysfs may not be fully populated at that time. It is more reliable to read this information directly from device-mapper. Bug: 270183812 Test: libdm_test, treehugger Change-Id: I36b9b460a0fa76a37950d3672bd21b1c885a5069

commit: e09c0eee36d58894bb0d30b9af4e33ee7dd7011c [log] [tgz]
author: David Anderson <dvander@google.com> Tue May 16 15:58:08 2023 -0700
committer: David Anderson <dvander@google.com> Wed May 17 11:07:19 2023 -0700
tree: 1c193bae74046ba86995c2a71b42a5bfd62ff90f
parent: 15ed575c9cec76bca045b101ee4e405dd53036a6 [diff] [blame]
diff --git a/microdroid/system/private/ueventd.te b/microdroid/system/private/ueventd.te
index a855509..4bd55cf 100644
--- a/microdroid/system/private/ueventd.te
+++ b/microdroid/system/private/ueventd.te

@@ -46,6 +46,10 @@
 allow ueventd vendor_file:system module_load;
 allow ueventd kernel:key search;
 
+# Query device-mapper to extract name/uuid in response to uevents.
+allow ueventd dm_device:chr_file rw_file_perms;
+allow ueventd self:capability sys_admin;
+
 # ueventd is using bootstrap bionic
 use_bootstrap_libs(ueventd)
commit	e09c0eee36d58894bb0d30b9af4e33ee7dd7011c	[log] [tgz]
author	David Anderson <dvander@google.com>	Tue May 16 15:58:08 2023 -0700
committer	David Anderson <dvander@google.com>	Wed May 17 11:07:19 2023 -0700
tree	1c193bae74046ba86995c2a71b42a5bfd62ff90f
parent	15ed575c9cec76bca045b101ee4e405dd53036a6 [diff] [blame]