Allow apexd to call f2fs-compression related ioctls on staging_data_file

apexd needs to call the following two ioctls: * FS_COMPR_FL - to check if fs supports compression. * F2FS_IOC_RELEASE_COMPRESS_BLOCKS - to release compressed blocks. Bug: 188859167 Test: m Change-Id: Ia105d3dbcd64286cc33d1e996b2d2b85c09eae7a Merged-In: Ia105d3dbcd64286cc33d1e996b2d2b85c09eae7a (cherry picked from commit a12ba8a439)
2021-06-08 15:11:57 +01:00 · 2021-06-08 15:11:57 +01:00 · c96305f62b
commit c96305f62b
parent 111c57970f
2 changed files with 12 additions and 0 deletions
--- a/prebuilts/api/31.0/private/apexd.te
+++ b/prebuilts/api/31.0/private/apexd.te
@ -166,6 +166,12 @@ allow apexd file_contexts_file:file r_file_perms;
 # Allow apexd to execute toybox for snapshot & restore
 allow apexd toolbox_exec:file rx_file_perms;

+# Allow apexd to release compressed blocks in case /data is f2fs-compressed fs.
+allowxperm apexd staging_data_file:file ioctl {
+  FS_IOC_GETFLAGS
+  F2FS_IOC_RELEASE_COMPRESS_BLOCKS
+};
+
 # Allow apexd to read ro.cold_boot_done prop.
 # apexd uses it to decide whether it needs to keep retrying polling for loop device.
 get_prop(apexd, cold_boot_done_prop)
--- a/private/apexd.te
+++ b/private/apexd.te
@ -166,6 +166,12 @@ allow apexd file_contexts_file:file r_file_perms;
 # Allow apexd to execute toybox for snapshot & restore
 allow apexd toolbox_exec:file rx_file_perms;

+# Allow apexd to release compressed blocks in case /data is f2fs-compressed fs.
+allowxperm apexd staging_data_file:file ioctl {
+  FS_IOC_GETFLAGS
+  F2FS_IOC_RELEASE_COMPRESS_BLOCKS
+};
+
 # Allow apexd to read ro.cold_boot_done prop.
 # apexd uses it to decide whether it needs to keep retrying polling for loop device.
 get_prop(apexd, cold_boot_done_prop)