allow init to run mke2fs tools to format partitions
Test: let fs_mgr format a damaged /data partition
Bug: 35219933
Change-Id: If92352ea7a70780e9d81ab10963d63e16b793792
(cherry picked from commit 5f573ab2aa
)
This commit is contained in:
parent
8a441b6a93
commit
4de505b6fb
14
private/e2fs.te
Normal file
14
private/e2fs.te
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
type e2fs, domain, coredomain;
|
||||||
|
|
||||||
|
allow e2fs block_device:blk_file getattr;
|
||||||
|
allow e2fs block_device:dir search;
|
||||||
|
allow e2fs userdata_block_device:blk_file rw_file_perms;
|
||||||
|
|
||||||
|
# access /proc/filesystems
|
||||||
|
allow e2fs proc:file r_file_perms;
|
||||||
|
|
||||||
|
# access /sys/fs/ext4/features
|
||||||
|
allow e2fs sysfs_fs_ext4_features:file r_file_perms;
|
||||||
|
|
||||||
|
# access sselinux context files
|
||||||
|
allow e2fs file_contexts_file:file { getattr open read };
|
@ -17,6 +17,8 @@
|
|||||||
/charger u:object_r:rootfs:s0
|
/charger u:object_r:rootfs:s0
|
||||||
/init u:object_r:init_exec:s0
|
/init u:object_r:init_exec:s0
|
||||||
/sbin(/.*)? u:object_r:rootfs:s0
|
/sbin(/.*)? u:object_r:rootfs:s0
|
||||||
|
/sbin/e2fsdroid u:object_r:e2fs_exec:s0
|
||||||
|
/sbin/mke2fs u:object_r:e2fs_exec:s0
|
||||||
|
|
||||||
# For kernel modules
|
# For kernel modules
|
||||||
/lib(/.*)? u:object_r:rootfs:s0
|
/lib(/.*)? u:object_r:rootfs:s0
|
||||||
|
@ -56,6 +56,7 @@ genfscon sysfs /devices/virtual/block/zram1 u:object_r:sysfs_zram:s0
|
|||||||
genfscon sysfs /devices/virtual/block/zram0/uevent u:object_r:sysfs_zram_uevent:s0
|
genfscon sysfs /devices/virtual/block/zram0/uevent u:object_r:sysfs_zram_uevent:s0
|
||||||
genfscon sysfs /devices/virtual/block/zram1/uevent u:object_r:sysfs_zram_uevent:s0
|
genfscon sysfs /devices/virtual/block/zram1/uevent u:object_r:sysfs_zram_uevent:s0
|
||||||
genfscon sysfs /devices/virtual/misc/hw_random u:object_r:sysfs_hwrandom:s0
|
genfscon sysfs /devices/virtual/misc/hw_random u:object_r:sysfs_hwrandom:s0
|
||||||
|
genfscon sysfs /fs/ext4/features u:object_r:sysfs_fs_ext4_features:s0
|
||||||
genfscon sysfs /power/wake_lock u:object_r:sysfs_wake_lock:s0
|
genfscon sysfs /power/wake_lock u:object_r:sysfs_wake_lock:s0
|
||||||
genfscon sysfs /power/wake_unlock u:object_r:sysfs_wake_lock:s0
|
genfscon sysfs /power/wake_unlock u:object_r:sysfs_wake_lock:s0
|
||||||
genfscon sysfs /kernel/uevent_helper u:object_r:usermodehelper:s0
|
genfscon sysfs /kernel/uevent_helper u:object_r:usermodehelper:s0
|
||||||
|
@ -6,6 +6,7 @@ tmpfs_domain(init)
|
|||||||
domain_trans(init, rootfs, charger)
|
domain_trans(init, rootfs, charger)
|
||||||
domain_trans(init, rootfs, healthd)
|
domain_trans(init, rootfs, healthd)
|
||||||
domain_trans(init, rootfs, slideshow)
|
domain_trans(init, rootfs, slideshow)
|
||||||
|
domain_auto_trans(init, e2fs_exec, e2fs)
|
||||||
recovery_only(`
|
recovery_only(`
|
||||||
domain_trans(init, rootfs, adbd)
|
domain_trans(init, rootfs, adbd)
|
||||||
domain_trans(init, rootfs, recovery)
|
domain_trans(init, rootfs, recovery)
|
||||||
|
1
public/e2fs.te
Normal file
1
public/e2fs.te
Normal file
@ -0,0 +1 @@
|
|||||||
|
type e2fs_exec, exec_type, file_type;
|
@ -42,6 +42,7 @@ type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
|
|||||||
type sysfs_wake_lock, fs_type, sysfs_type;
|
type sysfs_wake_lock, fs_type, sysfs_type;
|
||||||
type sysfs_mac_address, fs_type, sysfs_type;
|
type sysfs_mac_address, fs_type, sysfs_type;
|
||||||
type sysfs_usb, sysfs_type, file_type, mlstrustedobject;
|
type sysfs_usb, sysfs_type, file_type, mlstrustedobject;
|
||||||
|
type sysfs_fs_ext4_features, sysfs_type, fs_type;
|
||||||
type configfs, fs_type;
|
type configfs, fs_type;
|
||||||
# /sys/devices/system/cpu
|
# /sys/devices/system/cpu
|
||||||
type sysfs_devices_system_cpu, fs_type, sysfs_type;
|
type sysfs_devices_system_cpu, fs_type, sysfs_type;
|
||||||
|
Loading…
Reference in New Issue
Block a user