tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

vold does more than LOOP_GET_STATUS64.

Browse source 
Update the "allowxperm" to reflect the various ioctl() performed in
the vold source code.

Bug: 118437832
Test: atest android.os.storage.cts.StorageManagerTest
Change-Id: Ide3a09104d8b4ce7fa2b7e23e9b215139186f595
This commit is contained in:
Jeff Sharkey 2018-10-27 16:55:56 -06:00 committed by Jeff Sharkey
parent de8dfc752c
commit f2cad2d92b
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
public/vold.te
View file

@ -99,7 +99,13 @@ allow vold self:global_capability_class_set { net_admin dac_override dac_read_se
allow vold self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
allow vold loop_control_device:chr_file rw_file_perms;
allow vold loop_device:blk_file { create setattr unlink rw_file_perms };
allowxperm vold loop_device:blk_file ioctl LOOP_GET_STATUS64;
allowxperm vold loop_device:blk_file ioctl {
LOOP_CLR_FD
LOOP_CTL_GET_FREE
LOOP_GET_STATUS64
LOOP_SET_FD
LOOP_SET_STATUS64
};
allow vold vold_device:blk_file { create setattr unlink rw_file_perms };
allow vold dm_device:chr_file rw_file_perms;
allow vold dm_device:blk_file rw_file_perms;