tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Give vold permission to wipe a block device" into main am: 0e7babefee am: e1f3828901 am: 8b7a70aa67

Browse source 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2677935

Change-Id: I869aea7b1b0cb3dec442bc53e384304823720334
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Kelvin Zhang 2023-08-03 01:42:08 +00:00 committed by Automerger Merge Worker
commit 24a421ed7f
2 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
private/vold.te
View file

@ -7,6 +7,10 @@ domain_auto_trans(vold, sgdisk_exec, sgdisk);
domain_auto_trans(vold, sdcardd_exec, sdcardd);
domain_auto_trans(vold, fuseblkd_untrusted_exec, fuseblkd_untrusted);
# Switch to e2fs domain when running mkfs.ext4 to format a partition
domain_auto_trans(vold, e2fs_exec, e2fs);
# For a handful of probing tools, we choose an even more restrictive
# domain when working with untrusted block devices
domain_trans(vold, blkid_exec, blkid);

6
public/e2fs.te
View file

@ -9,6 +9,12 @@ allow e2fs userdata_block_device:blk_file rw_file_perms;
allow e2fs metadata_block_device:blk_file rw_file_perms;
allow e2fs dm_device:blk_file rw_file_perms;
allow e2fs zoned_block_device:blk_file rw_file_perms;
# Vold needs to capture mkfs.ext4's output
allow e2fs vold:fd use;
# Need to be able to format a partition
allow e2fs sysfs_dm:dir r_dir_perms;
allow e2fs sysfs_dm:file r_file_perms;
allowxperm e2fs { userdata_block_device metadata_block_device dm_device zoned_block_device }:blk_file ioctl {
BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET BLKREPORTZONE BLKRESETZONE
};