Allow ueventd to access device-mapper. am: ae8817dc1e am: 53a4da9231

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23598602

Change-Id: Iac23c82d77207bb5d53c5f760556f9d0817f4015
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

microdroid/system/private/ueventd.te

@@ -46,6 +46,10 @@ allow ueventd self:global_capability_class_set sys_module;
 allow ueventd vendor_file:system module_load;
 allow ueventd kernel:key search;
 
+# Query device-mapper to extract name/uuid in response to uevents.
+allow ueventd dm_device:chr_file rw_file_perms;
+allow ueventd self:capability sys_admin;
+
 # ueventd is using bootstrap bionic
 use_bootstrap_libs(ueventd)
 

prebuilts/api/34.0/public/ueventd.te

@@ -65,6 +65,10 @@ use_bootstrap_libs(ueventd)
 # Allow ueventd to run shell scripts from vendor
 allow ueventd vendor_shell_exec:file execute;
 
+# Query device-mapper to extract name/uuid in response to uevents.
+allow ueventd dm_device:chr_file rw_file_perms;
+allow ueventd self:capability sys_admin;
+
 #####
 ##### neverallow rules
 #####

public/ueventd.te

@@ -65,6 +65,10 @@ use_bootstrap_libs(ueventd)
 # Allow ueventd to run shell scripts from vendor
 allow ueventd vendor_shell_exec:file execute;
 
+# Query device-mapper to extract name/uuid in response to uevents.
+allow ueventd dm_device:chr_file rw_file_perms;
+allow ueventd self:capability sys_admin;
+
 #####
 ##### neverallow rules
 #####