From 5b8df30e47299607b1defb861986e9a81a5e74e7 Mon Sep 17 00:00:00 2001
From: Daniel Rosenberg <drosen@google.com>
Date: Wed, 29 Jan 2020 15:08:18 -0800
Subject: [PATCH] Add permissions for chattr

This allows init to call chattr to allow casefolding on /data/media

Test: lsattr on /data/media on device with casefolding support
Bug: 138322712
Change-Id: I5715484d872088517f67c62a78344a2d417dd77f
---
 public/toolbox.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/public/toolbox.te b/public/toolbox.te
index f4b164d78..2ff9d3dbc 100644
--- a/public/toolbox.te
+++ b/public/toolbox.te
@@ -27,3 +27,7 @@ neverallow toolbox { file_type fs_type -toolbox_exec}:file entrypoint;
 allow toolbox system_data_root_file:dir { remove_name write };
 allow toolbox system_data_file:dir { rmdir rw_dir_perms };
 allow toolbox system_data_file:file { getattr unlink };
+
+# chattr +F /data/media in init
+allow toolbox media_rw_data_file:dir { r_dir_perms };
+allowxperm toolbox media_rw_data_file:dir ioctl { FS_IOC_SETFLAGS FS_IOC_GETFLAGS };