From b1072785ba5a99035b9c21f46f8e3eced2ac82b6 Mon Sep 17 00:00:00 2001
From: Jaegeuk Kim <jaegeuk@google.com>
Date: Sat, 25 Jan 2025 13:50:16 -0800
Subject: [PATCH] Allow write for restorecon

[ 8345.125689] type=1400 audit(1737841652.160:245): avc:  denied  { write } for  comm="kworker/u16:2" path="/dev/block/sda34" dev="tmpfs" ino=1060 scontext=u:r:kernel:s0 tcontext=u:object_r:userdata_exp_block_device:s0 tclass=blk_file permissive=0

Bug: 361093433
Flag: EXEMPT bugfix
Change-Id: Ia03cddd6eebe9b8875bdbd1a8eb3a67f51269032
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
---
 storage/sepolicy/kernel.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/storage/sepolicy/kernel.te b/storage/sepolicy/kernel.te
index 55882ed..b9712b1 100644
--- a/storage/sepolicy/kernel.te
+++ b/storage/sepolicy/kernel.te
@@ -1,3 +1,3 @@
 # for intelligence service
 
-allow kernel userdata_exp_block_device:blk_file read;
+allow kernel userdata_exp_block_device:blk_file { read write };