Sepolicy: Allow otapreopt to mount logical partitions

Logical partitions are handled through libdm. Allow access to device-mapper. Bug: 128867786 Test: m Change-Id: I6979487b91d24b7309c876f2bdc26a827e2fcd1e
2019-03-22 12:13:05 -07:00 · 2019-03-22 12:13:05 -07:00 · 1a5db599ce
commit 1a5db599ce
parent c848dee19c
1 changed files with 3 additions and 0 deletions
--- a/private/otapreopt_chroot.te
+++ b/private/otapreopt_chroot.te
@ -11,6 +11,9 @@ allow otapreopt_chroot self:global_capability_class_set { sys_admin sys_chroot }
 # APEX packages in /postinstall/apex.
 allow otapreopt_chroot block_device:dir search;
 allow otapreopt_chroot labeledfs:filesystem { mount unmount };
+# This is required for dynamic partitions.
+allow otapreopt_chroot dm_device:chr_file rw_file_perms;
+
 # This is required to unmount flattened APEX packages under
 # /postinstall/system/apex (which are bind-mounted in /postinstall/apex).
 allow otapreopt_chroot postinstall_file:filesystem unmount;