Merge "Allow ueventd to access device-mapper."

2023-05-19 19:43:21 +00:00 · 2023-05-19 19:43:21 +00:00 · 73d18c2bfe
commit 73d18c2bfe
parent ae5be3dd8e e09c0eee36
2 changed files with 8 additions and 0 deletions
--- a/microdroid/system/private/ueventd.te
+++ b/microdroid/system/private/ueventd.te
@ -46,6 +46,10 @@ allow ueventd self:global_capability_class_set sys_module;
 allow ueventd vendor_file:system module_load;
 allow ueventd kernel:key search;

+# Query device-mapper to extract name/uuid in response to uevents.
+allow ueventd dm_device:chr_file rw_file_perms;
+allow ueventd self:capability sys_admin;
+
 # ueventd is using bootstrap bionic
 use_bootstrap_libs(ueventd)

--- a/public/ueventd.te
+++ b/public/ueventd.te
@ -65,6 +65,10 @@ use_bootstrap_libs(ueventd)
 # Allow ueventd to run shell scripts from vendor
 allow ueventd vendor_shell_exec:file execute;

+# Query device-mapper to extract name/uuid in response to uevents.
+allow ueventd dm_device:chr_file rw_file_perms;
+allow ueventd self:capability sys_admin;
+
 #####
 ##### neverallow rules
 #####