PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Microdroid: Allow apexd again to access block device information

Browse Source 
This patch is the Microdroid equivalent of
https://android-review.googlesource.com/c/platform/system/sepolicy/+/1850655

Bug: 202520796
Tests: Treehugger
Change-Id: I3428934115a62f64390738b144fbb801fc595561
Signed-off-by: Bart Van Assche <bvanassche@google.com>
This commit is contained in:
Bart Van Assche 2021-10-14 15:36:05 -07:00
parent 7609e175c5
commit e475c8f1b5
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
microdroid/system/private/apexd.te
View File

@ -16,8 +16,9 @@ allowxperm apexd loop_device:blk_file ioctl {
BLKFLSBUF BLKFLSBUF
LOOP_CONFIGURE LOOP_CONFIGURE
}; };
# allow apexd to access /dev/block # Allow apexd to access /dev/block
allow apexd block_device:dir r_dir_perms; allow apexd dev_type:dir r_dir_perms;
allow apexd dev_type:blk_file getattr;
#allow apexd to access virtual disks #allow apexd to access virtual disks
allow apexd vd_device:blk_file r_file_perms; allow apexd vd_device:blk_file r_file_perms;
@ -56,6 +57,9 @@ allow apexd labeledfs:filesystem { mount unmount };
# /sys directory tree traversal # /sys directory tree traversal
allow apexd sysfs_type:dir search; allow apexd sysfs_type:dir search;
# Access to /sys/class/block
allow apexd sysfs_type:dir r_dir_perms;
allow apexd sysfs_type:file r_file_perms;
# Configure read-ahead of dm-verity and loop devices # Configure read-ahead of dm-verity and loop devices
# for dm-X # for dm-X
allow apexd sysfs_dm:dir r_dir_perms; allow apexd sysfs_dm:dir r_dir_perms;