Merge "Allow ueventd to access device-mapper." am: 73d18c2bfe am: 5f2482d0dd am: d223637c8a

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2591728 Change-Id: I76ff312e6d37a2abaf5b5144a6d13fcfc9c9421a Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-19 21:34:43 +00:00 · 2023-05-19 21:34:43 +00:00 · 465859abb7
commit 465859abb7
parent 7337112178 d223637c8a
2 changed files with 8 additions and 0 deletions
--- a/microdroid/system/private/ueventd.te
+++ b/microdroid/system/private/ueventd.te
@ -46,6 +46,10 @@ allow ueventd self:global_capability_class_set sys_module;
 allow ueventd vendor_file:system module_load;
 allow ueventd kernel:key search;

+# Query device-mapper to extract name/uuid in response to uevents.
+allow ueventd dm_device:chr_file rw_file_perms;
+allow ueventd self:capability sys_admin;
+
 # ueventd is using bootstrap bionic
 use_bootstrap_libs(ueventd)

--- a/public/ueventd.te
+++ b/public/ueventd.te
@ -65,6 +65,10 @@ use_bootstrap_libs(ueventd)
 # Allow ueventd to run shell scripts from vendor
 allow ueventd vendor_shell_exec:file execute;

+# Query device-mapper to extract name/uuid in response to uevents.
+allow ueventd dm_device:chr_file rw_file_perms;
+allow ueventd self:capability sys_admin;
+
 #####
 ##### neverallow rules
 #####