Revert "Remove the bdev_type and sysfs_block_type SELinux attributes"
This reverts commit 63930d3850b1592c3a0a84734777232e81228412.
Reason for revert: Broken build (https://android-build.googleplex.com/builds/submitted/7863094/aosp_raven-userdebug/latest/view/logs/error.log)
Change-Id: I1742d69d471e9b00359a2e7e654aa752513990df
diff --git a/microdroid/system/public/attributes b/microdroid/system/public/attributes
index cf516dd..ffc2b3b 100644
--- a/microdroid/system/public/attributes
+++ b/microdroid/system/public/attributes
@@ -7,6 +7,9 @@
# in tools/checkfc.c
attribute dev_type;
+# Attribute for block devices.
+attribute bdev_type;
+
# All types used for processes.
attribute domain;
diff --git a/microdroid/system/public/device.te b/microdroid/system/public/device.te
index c03fb4d..898224c 100644
--- a/microdroid/system/public/device.te
+++ b/microdroid/system/public/device.te
@@ -1,7 +1,7 @@
type ashmem_device, dev_type, mlstrustedobject;
type ashmem_libcutils_device, dev_type, mlstrustedobject;
type binder_device, dev_type, mlstrustedobject;
-type block_device, dev_type;
+type block_device, dev_type, bdev_type;
type console_device, dev_type;
type device, dev_type, fs_type;
type dm_device, dev_type;
@@ -34,7 +34,7 @@
type uhid_device, dev_type, mlstrustedobject;
type uio_device, dev_type;
type userdata_sysdev, dev_type;
-type vd_device, dev_type;
+type vd_device, dev_type, bdev_type;
type vndbinder_device, dev_type;
type vsock_device, dev_type;
type zero_device, dev_type, mlstrustedobject;
diff --git a/prebuilts/api/31.0/plat_pub_versioned.cil b/prebuilts/api/31.0/plat_pub_versioned.cil
index 480474a..3f2c0be 100644
--- a/prebuilts/api/31.0/plat_pub_versioned.cil
+++ b/prebuilts/api/31.0/plat_pub_versioned.cil
@@ -82,7 +82,6 @@
(type battery_service)
(type batteryproperties_service)
(type batterystats_service)
-(type bdev_type)
(type binder_cache_bluetooth_server_prop)
(type binder_cache_system_server_prop)
(type binder_cache_telephony_server_prop)
@@ -944,7 +943,6 @@
(type sysfs)
(type sysfs_android_usb)
(type sysfs_batteryinfo)
-(type sysfs_block_type)
(type sysfs_bluetooth_writable)
(type sysfs_devfreq_cur)
(type sysfs_devfreq_dir)
@@ -1854,7 +1852,6 @@
(typeattribute battery_service_31_0)
(typeattribute batteryproperties_service_31_0)
(typeattribute batterystats_service_31_0)
-(typeattribute bdev_type_31_0)
(typeattribute binder_cache_bluetooth_server_prop_31_0)
(typeattribute binder_cache_system_server_prop_31_0)
(typeattribute binder_cache_telephony_server_prop_31_0)
@@ -2971,7 +2968,6 @@
(typeattribute sysfs_31_0)
(typeattribute sysfs_android_usb_31_0)
(typeattribute sysfs_batteryinfo_31_0)
-(typeattribute sysfs_block_type_31_0)
(typeattribute sysfs_bluetooth_writable_31_0)
(typeattribute sysfs_devfreq_cur_31_0)
(typeattribute sysfs_devfreq_dir_31_0)
diff --git a/private/compat/31.0/31.0.cil b/private/compat/31.0/31.0.cil
index fd92b18..35059a9 100644
--- a/private/compat/31.0/31.0.cil
+++ b/private/compat/31.0/31.0.cil
@@ -91,7 +91,6 @@
(expandtypeattribute (battery_service_31_0) true)
(expandtypeattribute (batteryproperties_service_31_0) true)
(expandtypeattribute (batterystats_service_31_0) true)
-(expandtypeattribute (bdev_type_31_0) true)
(expandtypeattribute (binder_cache_bluetooth_server_prop_31_0) true)
(expandtypeattribute (binder_cache_system_server_prop_31_0) true)
(expandtypeattribute (binder_cache_telephony_server_prop_31_0) true)
@@ -953,7 +952,6 @@
(expandtypeattribute (sysfs_31_0) true)
(expandtypeattribute (sysfs_android_usb_31_0) true)
(expandtypeattribute (sysfs_batteryinfo_31_0) true)
-(expandtypeattribute (sysfs_block_type_31_0) true)
(expandtypeattribute (sysfs_bluetooth_writable_31_0) true)
(expandtypeattribute (sysfs_devfreq_cur_31_0) true)
(expandtypeattribute (sysfs_devfreq_dir_31_0) true)
@@ -1323,7 +1321,6 @@
(typeattributeset battery_service_31_0 (battery_service))
(typeattributeset batteryproperties_service_31_0 (batteryproperties_service))
(typeattributeset batterystats_service_31_0 (batterystats_service))
-(typeattributeset bdev_type_31_0 (bdev_type))
(typeattributeset binder_cache_bluetooth_server_prop_31_0 (binder_cache_bluetooth_server_prop))
(typeattributeset binder_cache_system_server_prop_31_0 (binder_cache_system_server_prop))
(typeattributeset binder_cache_telephony_server_prop_31_0 (binder_cache_telephony_server_prop))
@@ -2185,7 +2182,6 @@
(typeattributeset sysfs_31_0 (sysfs))
(typeattributeset sysfs_android_usb_31_0 (sysfs_android_usb))
(typeattributeset sysfs_batteryinfo_31_0 (sysfs_batteryinfo))
-(typeattributeset sysfs_block_type_31_0 (sysfs_block_type))
(typeattributeset sysfs_bluetooth_writable_31_0 (sysfs_bluetooth_writable))
(typeattributeset sysfs_devfreq_cur_31_0 (sysfs_devfreq_cur))
(typeattributeset sysfs_devfreq_dir_31_0 (sysfs_devfreq_dir))
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 8f82b5d..664a3b3 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -119,6 +119,7 @@
genfscon sysfs /devices/system/cpu u:object_r:sysfs_devices_system_cpu:s0
genfscon sysfs /class/android_usb u:object_r:sysfs_android_usb:s0
genfscon sysfs /class/extcon u:object_r:sysfs_extcon:s0
+genfscon sysfs /class/block u:object_r:sysfs_block:s0
genfscon sysfs /class/leds u:object_r:sysfs_leds:s0
genfscon sysfs /class/net u:object_r:sysfs_net:s0
genfscon sysfs /class/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
diff --git a/public/attributes b/public/attributes
index 35a3800..32fe98c 100644
--- a/public/attributes
+++ b/public/attributes
@@ -7,6 +7,9 @@
# in tools/checkfc.c
attribute dev_type;
+# Attribute for block devices.
+attribute bdev_type;
+
# All types used for processes.
attribute domain;
@@ -65,6 +68,9 @@
# All types used for sysfs files.
attribute sysfs_type;
+# Attribute for /sys/class/block files.
+attribute sysfs_block_type;
+
# All types use for debugfs files.
attribute debugfs_type;
diff --git a/public/device.te b/public/device.te
index 686f955..1a71a40 100644
--- a/public/device.te
+++ b/public/device.te
@@ -6,18 +6,18 @@
type binder_device, dev_type, mlstrustedobject;
type hwbinder_device, dev_type, mlstrustedobject;
type vndbinder_device, dev_type;
-type block_device, dev_type;
+type block_device, dev_type, bdev_type;
type camera_device, dev_type;
-type dm_device, dev_type;
-type dm_user_device, dev_type;
+type dm_device, dev_type, bdev_type;
+type dm_user_device, dev_type, bdev_type;
type keychord_device, dev_type;
type loop_control_device, dev_type;
-type loop_device, dev_type;
+type loop_device, dev_type, bdev_type;
type pmsg_device, dev_type, mlstrustedobject;
type radio_device, dev_type;
-type ram_device, dev_type;
+type ram_device, dev_type, bdev_type;
type rtc_device, dev_type;
-type vd_device, dev_type;
+type vd_device, dev_type, bdev_type;
type vold_device, dev_type;
type console_device, dev_type;
type fscklogs, dev_type;
@@ -73,51 +73,51 @@
type rpmsg_device, dev_type;
# Partition layout block device
-type root_block_device, dev_type;
+type root_block_device, dev_type, bdev_type;
# factory reset protection block device
-type frp_block_device, dev_type;
+type frp_block_device, dev_type, bdev_type;
# System block device mounted on /system.
# Documented at https://source.android.com/devices/bootloader/partitions-images
-type system_block_device, dev_type;
+type system_block_device, dev_type, bdev_type;
# Recovery block device.
# Documented at https://source.android.com/devices/bootloader/partitions-images
-type recovery_block_device, dev_type;
+type recovery_block_device, dev_type, bdev_type;
# boot block device.
# Documented at https://source.android.com/devices/bootloader/partitions-images
-type boot_block_device, dev_type;
+type boot_block_device, dev_type, bdev_type;
# Userdata block device mounted on /data.
# Documented at https://source.android.com/devices/bootloader/partitions-images
-type userdata_block_device, dev_type;
+type userdata_block_device, dev_type, bdev_type;
# Cache block device mounted on /cache.
# Documented at https://source.android.com/devices/bootloader/partitions-images
-type cache_block_device, dev_type;
+type cache_block_device, dev_type, bdev_type;
# Block device for any swap partition.
-type swap_block_device, dev_type;
+type swap_block_device, dev_type, bdev_type;
# Metadata block device used for encryption metadata.
# Assign this type to the partition specified by the encryptable=
# mount option in your fstab file in the entry for userdata.
# Documented at https://source.android.com/devices/bootloader/partitions-images
-type metadata_block_device, dev_type;
+type metadata_block_device, dev_type, bdev_type;
# The 'misc' partition used by recovery and A/B.
# Documented at https://source.android.com/devices/bootloader/partitions-images
-type misc_block_device, dev_type;
+type misc_block_device, dev_type, bdev_type;
# 'super' partition to be used for logical partitioning.
-type super_block_device, super_block_device_type, dev_type;
+type super_block_device, super_block_device_type, dev_type, bdev_type;
# sdcard devices; normally vold uses the vold_block_device label and creates a
# separate device node. gsid, however, accesses the original devide node
# created through uevents, so we use a separate label.
-type sdcard_block_device, dev_type;
+type sdcard_block_device, dev_type, bdev_type;
# Userdata device file for filesystem tunables
type userdata_sysdev, dev_type;
diff --git a/public/file.te b/public/file.te
index ffcfd2b..0b94e2e 100644
--- a/public/file.te
+++ b/public/file.te
@@ -88,10 +88,11 @@
type sysfs_android_usb, fs_type, sysfs_type;
type sysfs_uio, sysfs_type, fs_type;
type sysfs_batteryinfo, fs_type, sysfs_type;
+type sysfs_block, fs_type, sysfs_type, sysfs_block_type;
type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
type sysfs_devfreq_cur, fs_type, sysfs_type;
type sysfs_devfreq_dir, fs_type, sysfs_type;
-type sysfs_devices_block, fs_type, sysfs_type;
+type sysfs_devices_block, fs_type, sysfs_type, sysfs_block_type;
type sysfs_dm, fs_type, sysfs_type;
type sysfs_dm_verity, fs_type, sysfs_type;
type sysfs_dma_heap, fs_type, sysfs_type;
diff --git a/public/shell.te b/public/shell.te
index 7751d63..5fd9079 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -157,6 +157,9 @@
allow shell sysfs_batteryinfo:dir r_dir_perms;
allow shell sysfs_batteryinfo:file r_file_perms;
+# allow shell to list /sys/class/block/ to get storage type for CTS
+allow shell sysfs_block:dir r_dir_perms;
+
# Allow access to ion memory allocation device.
allow shell ion_device:chr_file rw_file_perms;