From ae8817dc1e8f9810ef98c874d2e2293b18e5078b Mon Sep 17 00:00:00 2001
From: David Anderson <dvander@google.com>
Date: Tue, 16 May 2023 15:58:08 -0700
Subject: [PATCH] Allow ueventd to access device-mapper.

ueventd needs access to device-mapper to fix a race condition in symlink
creation. When device-mapper uevents are received, we historically read
the uuid and name from sysfs. However it turns out sysfs may not be
fully populated at that time. It is more reliable to read this
information directly from device-mapper.

Bug: 286011429
Test: libdm_test, treehugger
(cherry picked from https://android-review.googlesource.com/q/commit:e09c0eee36d58894bb0d30b9af4e33ee7dd7011c)
Merged-In: I36b9b460a0fa76a37950d3672bd21b1c885a5069
Change-Id: I36b9b460a0fa76a37950d3672bd21b1c885a5069

Change-Id: I1197d0051a9ce96b7edd87347b5db266b1643d30
---
 microdroid/system/private/ueventd.te | 4 ++++
 prebuilts/api/34.0/public/ueventd.te | 4 ++++
 public/ueventd.te                    | 4 ++++
 3 files changed, 12 insertions(+)

diff --git a/microdroid/system/private/ueventd.te b/microdroid/system/private/ueventd.te
index a855509d6..4bd55cfc9 100644
--- a/microdroid/system/private/ueventd.te
+++ b/microdroid/system/private/ueventd.te
@@ -46,6 +46,10 @@ allow ueventd self:global_capability_class_set sys_module;
 allow ueventd vendor_file:system module_load;
 allow ueventd kernel:key search;
 
+# Query device-mapper to extract name/uuid in response to uevents.
+allow ueventd dm_device:chr_file rw_file_perms;
+allow ueventd self:capability sys_admin;
+
 # ueventd is using bootstrap bionic
 use_bootstrap_libs(ueventd)
 
diff --git a/prebuilts/api/34.0/public/ueventd.te b/prebuilts/api/34.0/public/ueventd.te
index 4e3c7c205..094594b2c 100644
--- a/prebuilts/api/34.0/public/ueventd.te
+++ b/prebuilts/api/34.0/public/ueventd.te
@@ -65,6 +65,10 @@ use_bootstrap_libs(ueventd)
 # Allow ueventd to run shell scripts from vendor
 allow ueventd vendor_shell_exec:file execute;
 
+# Query device-mapper to extract name/uuid in response to uevents.
+allow ueventd dm_device:chr_file rw_file_perms;
+allow ueventd self:capability sys_admin;
+
 #####
 ##### neverallow rules
 #####
diff --git a/public/ueventd.te b/public/ueventd.te
index 4e3c7c205..094594b2c 100644
--- a/public/ueventd.te
+++ b/public/ueventd.te
@@ -65,6 +65,10 @@ use_bootstrap_libs(ueventd)
 # Allow ueventd to run shell scripts from vendor
 allow ueventd vendor_shell_exec:file execute;
 
+# Query device-mapper to extract name/uuid in response to uevents.
+allow ueventd dm_device:chr_file rw_file_perms;
+allow ueventd self:capability sys_admin;
+
 #####
 ##### neverallow rules
 #####