Allow userdata_exp partitions

Bug: 336319772 Change-Id: I7f878f29d356df3992fb49b9df8f8a900a6f12b8 Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
2024-05-01 17:13:52 -07:00 · 2024-05-01 17:13:52 -07:00 · 24ee023597
commit 24ee023597
parent 2b710d7dbb
5 changed files with 9 additions and 0 deletions
--- a/storage/sepolicy/device.te
+++ b/storage/sepolicy/device.te
@ -0,0 +1,2 @@
+# Userdata Exp block device.
+type userdata_exp_block_device, dev_type;
--- a/storage/sepolicy/e2fs.te
+++ b/storage/sepolicy/e2fs.te
@ -0,0 +1 @@
+allow e2fs userdata_exp_block_device:blk_file rw_file_perms;
--- a/storage/sepolicy/file_contexts
+++ b/storage/sepolicy/file_contexts
@ -3,3 +3,4 @@
 /dev/sg[0-9]                       u:object_r:sg_device:s0
 /data/vendor/storage(/.*)?         u:object_r:dump_storage_data_file:s0
 /vendor/bin/sg_read_buffer         u:object_r:sg_util_exec:s0
+/dev/block/by-name/userdata_exp.*  u:object_r:userdata_exp_block_device:s0
--- a/storage/sepolicy/fsck.te
+++ b/storage/sepolicy/fsck.te
@ -0,0 +1 @@
+allow fsck userdata_exp_block_device:blk_file rw_file_perms;
--- a/storage/sepolicy/vold.te
+++ b/storage/sepolicy/vold.te
@ -1,4 +1,8 @@
 allow vold sysfs_scsi_devices_0000:file rw_file_perms;

+# Access userdata_exp block device.
+allow vold userdata_exp_block_device:blk_file rw_file_perms;
+allowxperm vold userdata_exp_block_device:blk_file ioctl BLKSECDISCARD;
+
 dontaudit vold dumpstate:fifo_file rw_file_perms;
 dontaudit vold dumpstate:fd use ;
				`@ -0,0 +1 @@`
				`allow e2fs userdata_exp_block_device:blk_file rw_file_perms;`
				`@ -0,0 +1 @@`
				`allow fsck userdata_exp_block_device:blk_file rw_file_perms;`