Merge "Allow mkfs/fsck for zoned block device" am: 9b69f0de58 am: e6b7e8aebf

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2390134

Change-Id: I6b2df8708e10b79e9219a790006f7f3dd4a0cd3b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Treehugger Robot 2023-01-18 16:44:03 +00:00 committed by Automerger Merge Worker
commit 55c2af74a5
6 changed files with 10 additions and 0 deletions

View file

@ -50,4 +50,5 @@
hal_confirmationui_service
hal_fastboot_service
hal_can_controller_service
zoned_block_device
))

View file

@ -79,6 +79,7 @@
/dev/audio.* u:object_r:audio_device:s0
/dev/binder u:object_r:binder_device:s0
/dev/block(/.*)? u:object_r:block_device:s0
/dev/block/by-name/zoned_device u:object_r:zoned_block_device:s0
/dev/block/dm-[0-9]+ u:object_r:dm_device:s0
/dev/block/loop[0-9]* u:object_r:loop_device:s0
/dev/block/vd[a-z][0-9]* u:object_r:vd_device:s0

View file

@ -95,6 +95,9 @@ type boot_block_device, dev_type;
# Documented at https://source.android.com/devices/bootloader/partitions
type userdata_block_device, dev_type;
# Zoned block device.
type zoned_block_device, dev_type;
# Cache block device mounted on /cache.
# Documented at https://source.android.com/devices/bootloader/partitions
type cache_block_device, dev_type;

View file

@ -8,6 +8,7 @@ allow e2fs block_device:dir search;
allow e2fs userdata_block_device:blk_file rw_file_perms;
allow e2fs metadata_block_device:blk_file rw_file_perms;
allow e2fs dm_device:blk_file rw_file_perms;
allow e2fs zoned_block_device:blk_file rw_file_perms;
allowxperm e2fs { userdata_block_device metadata_block_device dm_device }:blk_file ioctl {
BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET BLKREPORTZONE BLKRESETZONE
};

View file

@ -17,6 +17,7 @@ allow fsck vold:fifo_file { read write getattr };
allow fsck userdata_block_device:blk_file rw_file_perms;
allow fsck cache_block_device:blk_file rw_file_perms;
allow fsck dm_device:blk_file rw_file_perms;
allow fsck zoned_block_device:blk_file rw_file_perms;
userdebug_or_eng(`
allow fsck system_block_device:blk_file rw_file_perms;
')

View file

@ -227,6 +227,9 @@ full_treble_only(`hal_client_domain(vold, hal_bootctl)')
allow vold userdata_block_device:blk_file rw_file_perms;
allowxperm vold userdata_block_device:blk_file ioctl BLKSECDISCARD;
# Access zoned block device.
allow vold zoned_block_device:blk_file rw_file_perms;
# Access metadata block device used for encryption meta-data.
allow vold metadata_block_device:blk_file rw_file_perms;
allowxperm vold metadata_block_device:blk_file ioctl BLKSECDISCARD;