From 4de3228c461d54752a5ca0d011ffc13686e0a3cb Mon Sep 17 00:00:00 2001
From: Martijn Coenen <maco@google.com>
Date: Fri, 31 Jan 2020 16:07:09 +0100
Subject: [PATCH] Allow toolbox to set project quota IDs.

These ioctls are required to set a default project quota ID on
/data/media.

Bug: 146419093
Test: verified chattr call from rootdir/init.rc
Change-Id: I0c9028e0a6502302fe81a73dfa087261a36d9863
---
 public/toolbox.te | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/public/toolbox.te b/public/toolbox.te
index 2ff9d3dbc..1dd06f9f8 100644
--- a/public/toolbox.te
+++ b/public/toolbox.te
@@ -28,6 +28,11 @@ allow toolbox system_data_root_file:dir { remove_name write };
 allow toolbox system_data_file:dir { rmdir rw_dir_perms };
 allow toolbox system_data_file:file { getattr unlink };
 
-# chattr +F /data/media in init
+# chattr +F and chattr +P /data/media in init
 allow toolbox media_rw_data_file:dir { r_dir_perms };
-allowxperm toolbox media_rw_data_file:dir ioctl { FS_IOC_SETFLAGS FS_IOC_GETFLAGS };
+allowxperm toolbox media_rw_data_file:dir ioctl {
+  FS_IOC_FSGETXATTR
+  FS_IOC_FSSETXATTR
+  FS_IOC_GETFLAGS
+  FS_IOC_SETFLAGS
+};