Merge "Microdroid: Allow apexd again to access block device information"

2021-10-15 14:37:55 +00:00 · 2021-10-15 14:37:55 +00:00 · c080cea0a6
commit c080cea0a6
parent dcb9369554 e475c8f1b5
1 changed files with 6 additions and 2 deletions
--- a/microdroid/system/private/apexd.te
+++ b/microdroid/system/private/apexd.te
@ -16,8 +16,9 @@ allowxperm apexd loop_device:blk_file ioctl {
  BLKFLSBUF
  LOOP_CONFIGURE
 };
-# allow apexd to access /dev/block
+# Allow apexd to access /dev/block
-allow apexd block_device:dir r_dir_perms;
+allow apexd dev_type:dir r_dir_perms;
 allow apexd dev_type:blk_file getattr;
 #allow apexd to access virtual disks
 allow apexd vd_device:blk_file r_file_perms;
@ -56,6 +57,9 @@ allow apexd labeledfs:filesystem { mount unmount };
 # /sys directory tree traversal
 allow apexd sysfs_type:dir search;
 # Access to /sys/class/block
 allow apexd sysfs_type:dir r_dir_perms;
 allow apexd sysfs_type:file r_file_perms;
 # Configure read-ahead of dm-verity and loop devices
 # for dm-X
 allow apexd sysfs_dm:dir r_dir_perms;