Merge "Give vold permission to wipe a block device" into main am: 0e7babefee
am: e1f3828901
am: 8b7a70aa67
am: 24a421ed7f
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2677935 Change-Id: Id601624b8cbb793141300ac90693b0989dbe3d95 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
commit
7c90ead73d
2 changed files with 10 additions and 0 deletions
|
@ -7,6 +7,10 @@ domain_auto_trans(vold, sgdisk_exec, sgdisk);
|
|||
domain_auto_trans(vold, sdcardd_exec, sdcardd);
|
||||
domain_auto_trans(vold, fuseblkd_untrusted_exec, fuseblkd_untrusted);
|
||||
|
||||
# Switch to e2fs domain when running mkfs.ext4 to format a partition
|
||||
domain_auto_trans(vold, e2fs_exec, e2fs);
|
||||
|
||||
|
||||
# For a handful of probing tools, we choose an even more restrictive
|
||||
# domain when working with untrusted block devices
|
||||
domain_trans(vold, blkid_exec, blkid);
|
||||
|
|
|
@ -9,6 +9,12 @@ allow e2fs userdata_block_device:blk_file rw_file_perms;
|
|||
allow e2fs metadata_block_device:blk_file rw_file_perms;
|
||||
allow e2fs dm_device:blk_file rw_file_perms;
|
||||
allow e2fs zoned_block_device:blk_file rw_file_perms;
|
||||
# Vold needs to capture mkfs.ext4's output
|
||||
allow e2fs vold:fd use;
|
||||
# Need to be able to format a partition
|
||||
allow e2fs sysfs_dm:dir r_dir_perms;
|
||||
allow e2fs sysfs_dm:file r_file_perms;
|
||||
|
||||
allowxperm e2fs { userdata_block_device metadata_block_device dm_device zoned_block_device }:blk_file ioctl {
|
||||
BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET BLKREPORTZONE BLKRESETZONE
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue