Merge "Allow vold to use FS_IOC_GET_ENCRYPTION_KEY_STATUS" am: a5df438a2a

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2451745 Change-Id: I131ca1785c4815a6d2fd7d4bd93c8f45ed88b345 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-02-24 08:30:59 +00:00 · 2023-02-24 08:30:59 +00:00 · fd4f3224bf
commit fd4f3224bf
parent 733344c1fd a5df438a2a
2 changed files with 3 additions and 1 deletions
--- a/public/ioctl_defines
+++ b/public/ioctl_defines
@ -827,6 +827,7 @@ define(`FS_IOC_ENABLE_VERITY', `0x6685')
 define(`FS_IOC_FIEMAP', `0xc020660b')
 define(`FS_IOC_FSGETXATTR', `0x801c581f')
 define(`FS_IOC_FSSETXATTR', `0x401c5820')
+define(`FS_IOC_GET_ENCRYPTION_KEY_STATUS', `0xc080661a')
 define(`FS_IOC_GET_ENCRYPTION_POLICY', `0x400c6615')
 define(`FS_IOC_GET_ENCRYPTION_POLICY_EX', `0xc0096616')
 define(`FS_IOC_GET_ENCRYPTION_PWSALT', `0x40106614')
--- a/public/vold.te
+++ b/public/vold.te
@ -51,6 +51,7 @@ allowxperm vold data_file_type:dir ioctl {
  FS_IOC_SET_ENCRYPTION_POLICY
  FS_IOC_ADD_ENCRYPTION_KEY
  FS_IOC_REMOVE_ENCRYPTION_KEY
+  FS_IOC_GET_ENCRYPTION_KEY_STATUS
 };

 # Only vold and init should ever set file-based encryption policies.
@ -65,7 +66,7 @@ neverallowxperm {
 neverallowxperm {
  domain
  -vold
-} data_file_type:dir ioctl { FS_IOC_ADD_ENCRYPTION_KEY FS_IOC_REMOVE_ENCRYPTION_KEY };
+} data_file_type:dir ioctl { FS_IOC_ADD_ENCRYPTION_KEY FS_IOC_REMOVE_ENCRYPTION_KEY FS_IOC_GET_ENCRYPTION_KEY_STATUS };

 # Allow securely erasing crypto key files. F2FS_IOC_SEC_TRIM_FILE is
 # tried first. Otherwise, FS_IOC_FIEMAP is needed to get the