From d6ba7fad68261d667e385271a382861af13e5607 Mon Sep 17 00:00:00 2001
From: Randall Huang <huangrandall@google.com>
Date: Tue, 27 Aug 2024 11:09:18 +0800
Subject: [PATCH] storage: fix idle-maint avc denials.

avc: denied { getattr } for path="/dev/block/sda5" dev="tmpfs" ino=1039 scontext=u:r:vold:s0 tcontext=u:object_r:efs_block_device:s0 tclass=blk_file permissive=1
avc: denied { getattr } for path="/dev/block/sda7" dev="tmpfs" ino=1199 scontext=u:r:vold:s0 tcontext=u:object_r:modem_userdata_block_device:s0 tclass=blk_file permissive=1

Bug: 361093041
Test: run idle-maint run
Change-Id: Ie92ffa8b576c74e3a1cb127b265059ec76c14667
Signed-off-by: Randall Huang <huangrandall@google.com>
---
 storage/sepolicy/vold.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/storage/sepolicy/vold.te b/storage/sepolicy/vold.te
index 3d35589..87387a7 100644
--- a/storage/sepolicy/vold.te
+++ b/storage/sepolicy/vold.te
@@ -1,3 +1,4 @@
+# ufs hagc
 allow vold sysfs_scsi_devices_0000:file rw_file_perms;
 
 # Access userdata_exp block device.
@@ -6,3 +7,7 @@ allowxperm vold userdata_exp_block_device:blk_file ioctl BLKSECDISCARD;
 
 dontaudit vold dumpstate:fifo_file rw_file_perms;
 dontaudit vold dumpstate:fd use ;
+
+# fix idle-maint
+allow vold efs_block_device:blk_file { getattr };
+allow vold modem_userdata_block_device:blk_file { getattr };