Microdroid: Allow apexd again to access block device information
This patch is the Microdroid equivalent of https://android-review.googlesource.com/c/platform/system/sepolicy/+/1850655 Bug: 202520796 Tests: Treehugger Change-Id: I3428934115a62f64390738b144fbb801fc595561 Signed-off-by: Bart Van Assche <bvanassche@google.com>
This commit is contained in:
parent
7609e175c5
commit
e475c8f1b5
@ -16,8 +16,9 @@ allowxperm apexd loop_device:blk_file ioctl {
|
|||||||
BLKFLSBUF
|
BLKFLSBUF
|
||||||
LOOP_CONFIGURE
|
LOOP_CONFIGURE
|
||||||
};
|
};
|
||||||
# allow apexd to access /dev/block
|
# Allow apexd to access /dev/block
|
||||||
allow apexd block_device:dir r_dir_perms;
|
allow apexd dev_type:dir r_dir_perms;
|
||||||
|
allow apexd dev_type:blk_file getattr;
|
||||||
|
|
||||||
#allow apexd to access virtual disks
|
#allow apexd to access virtual disks
|
||||||
allow apexd vd_device:blk_file r_file_perms;
|
allow apexd vd_device:blk_file r_file_perms;
|
||||||
@ -56,6 +57,9 @@ allow apexd labeledfs:filesystem { mount unmount };
|
|||||||
|
|
||||||
# /sys directory tree traversal
|
# /sys directory tree traversal
|
||||||
allow apexd sysfs_type:dir search;
|
allow apexd sysfs_type:dir search;
|
||||||
|
# Access to /sys/class/block
|
||||||
|
allow apexd sysfs_type:dir r_dir_perms;
|
||||||
|
allow apexd sysfs_type:file r_file_perms;
|
||||||
# Configure read-ahead of dm-verity and loop devices
|
# Configure read-ahead of dm-verity and loop devices
|
||||||
# for dm-X
|
# for dm-X
|
||||||
allow apexd sysfs_dm:dir r_dir_perms;
|
allow apexd sysfs_dm:dir r_dir_perms;
|
||||||
|
Loading…
Reference in New Issue
Block a user