Merge "Allow mkfs/fsck for zoned block device" am: 9b69f0de58
am: e6b7e8aebf
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2390134 Change-Id: I6b2df8708e10b79e9219a790006f7f3dd4a0cd3b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
commit
55c2af74a5
6 changed files with 10 additions and 0 deletions
|
@ -50,4 +50,5 @@
|
|||
hal_confirmationui_service
|
||||
hal_fastboot_service
|
||||
hal_can_controller_service
|
||||
zoned_block_device
|
||||
))
|
||||
|
|
|
@ -79,6 +79,7 @@
|
|||
/dev/audio.* u:object_r:audio_device:s0
|
||||
/dev/binder u:object_r:binder_device:s0
|
||||
/dev/block(/.*)? u:object_r:block_device:s0
|
||||
/dev/block/by-name/zoned_device u:object_r:zoned_block_device:s0
|
||||
/dev/block/dm-[0-9]+ u:object_r:dm_device:s0
|
||||
/dev/block/loop[0-9]* u:object_r:loop_device:s0
|
||||
/dev/block/vd[a-z][0-9]* u:object_r:vd_device:s0
|
||||
|
|
|
@ -95,6 +95,9 @@ type boot_block_device, dev_type;
|
|||
# Documented at https://source.android.com/devices/bootloader/partitions
|
||||
type userdata_block_device, dev_type;
|
||||
|
||||
# Zoned block device.
|
||||
type zoned_block_device, dev_type;
|
||||
|
||||
# Cache block device mounted on /cache.
|
||||
# Documented at https://source.android.com/devices/bootloader/partitions
|
||||
type cache_block_device, dev_type;
|
||||
|
|
|
@ -8,6 +8,7 @@ allow e2fs block_device:dir search;
|
|||
allow e2fs userdata_block_device:blk_file rw_file_perms;
|
||||
allow e2fs metadata_block_device:blk_file rw_file_perms;
|
||||
allow e2fs dm_device:blk_file rw_file_perms;
|
||||
allow e2fs zoned_block_device:blk_file rw_file_perms;
|
||||
allowxperm e2fs { userdata_block_device metadata_block_device dm_device }:blk_file ioctl {
|
||||
BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET BLKREPORTZONE BLKRESETZONE
|
||||
};
|
||||
|
|
|
@ -17,6 +17,7 @@ allow fsck vold:fifo_file { read write getattr };
|
|||
allow fsck userdata_block_device:blk_file rw_file_perms;
|
||||
allow fsck cache_block_device:blk_file rw_file_perms;
|
||||
allow fsck dm_device:blk_file rw_file_perms;
|
||||
allow fsck zoned_block_device:blk_file rw_file_perms;
|
||||
userdebug_or_eng(`
|
||||
allow fsck system_block_device:blk_file rw_file_perms;
|
||||
')
|
||||
|
|
|
@ -227,6 +227,9 @@ full_treble_only(`hal_client_domain(vold, hal_bootctl)')
|
|||
allow vold userdata_block_device:blk_file rw_file_perms;
|
||||
allowxperm vold userdata_block_device:blk_file ioctl BLKSECDISCARD;
|
||||
|
||||
# Access zoned block device.
|
||||
allow vold zoned_block_device:blk_file rw_file_perms;
|
||||
|
||||
# Access metadata block device used for encryption meta-data.
|
||||
allow vold metadata_block_device:blk_file rw_file_perms;
|
||||
allowxperm vold metadata_block_device:blk_file ioctl BLKSECDISCARD;
|
||||
|
|
Loading…
Reference in a new issue