From 63a21044f232fa46fe7ce87a44f7b60864191999 Mon Sep 17 00:00:00 2001
From: Akilesh Kailash <akailash@google.com>
Date: Mon, 13 Feb 2023 16:30:40 -0800
Subject: [PATCH] Set sepolicy for ublk control device and block device

ublk-control device: /dev/ublk-control
ublk-block device: /dev/block/ublkbN where N is 0,1,2..

Bug: 269144965
Test: Verify sepolicy changes through kernel logs when user-space daemon
communicates with ublk driver

Change-Id: I10de557566e3c0628ea72fbbda4cff21e7cda68f
Signed-off-by: Akilesh Kailash <akailash@google.com>
---
 private/compat/33.0/33.0.ignore.cil | 2 ++
 private/file_contexts               | 2 ++
 public/device.te                    | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index 30a7e3550..401e110f8 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@@ -50,6 +50,8 @@
     timezone_metadata_prop
     tuner_config_prop
     tuner_server_ctl_prop
+    ublk_block_device
+    ublk_control_device
     usb_uvc_enabled_prop
     virtual_face_hal_prop
     virtual_fingerprint_hal_prop
diff --git a/private/file_contexts b/private/file_contexts
index 4c3f108d2..ced331a74 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -81,6 +81,7 @@
 /dev/block(/.*)?	u:object_r:block_device:s0
 /dev/block/by-name/zoned_device	u:object_r:zoned_block_device:s0
 /dev/block/dm-[0-9]+	u:object_r:dm_device:s0
+/dev/block/ublkb[0-9]+	u:object_r:ublk_block_device:s0
 /dev/block/loop[0-9]*	u:object_r:loop_device:s0
 /dev/block/vd[a-z][0-9]*  u:object_r:vd_device:s0
 /dev/block/vold/.+	u:object_r:vold_device:s0
@@ -95,6 +96,7 @@
 /dev/dma_heap/system-uncached    u:object_r:dmabuf_system_heap_device:s0
 /dev/dma_heap/system-secure(.*)	 u:object_r:dmabuf_system_secure_heap_device:s0
 /dev/dm-user(/.*)?	u:object_r:dm_user_device:s0
+/dev/ublk-control	u:object_r:ublk_control_device:s0
 /dev/device-mapper	u:object_r:dm_device:s0
 /dev/eac		u:object_r:audio_device:s0
 /dev/event-log-tags     u:object_r:runtime_event_log_tags_file:s0
diff --git a/public/device.te b/public/device.te
index ead7fbc1d..066600e8e 100644
--- a/public/device.te
+++ b/public/device.te
@@ -10,7 +10,9 @@ type block_device, dev_type;
 type bt_device, dev_type;
 type camera_device, dev_type;
 type dm_device, dev_type;
+type ublk_block_device, dev_type;
 type dm_user_device, dev_type;
+type ublk_control_device, dev_type;
 type keychord_device, dev_type;
 type loop_control_device, dev_type;
 type loop_device, dev_type;