-
Nick Kralevich authored
Allow BLKROGET and BLKROSET on the block devices underlying the /system and rootfs partitions. As part of the Android boot process, the system sets the block devices read-only to prevent accidental modification to these partitions. Update engine needs the ability to adjust the block device read-only flag in order to apply updates. Addresses the following denials: update_engine: type=1400 audit(0.0:96): avc: denied { ioctl } for path="/dev/block/sda33" dev="tmpfs" ino=15369 ioctlcmd=125e scontext=u:r:update_engine:s0 tcontext=u:object_r:system_block_device:s0 tclass=blk_file permissive=0 update_engine: type=1400 audit(0.0:97): avc: denied { ioctl } for path="/dev/block/sda33" dev="tmpfs" ino=15369 ioctlcmd=125d scontext=u:r:update_engine:s0 tcontext=u:object_r:system_block_device:s0 tclass=blk_file permissive=0 Test: policy compiles Bug: 118150702 Change-Id: I65a3d041b6d6b7955bcd901637a543524fc34a06Nick Kralevich authoredAllow BLKROGET and BLKROSET on the block devices underlying the /system and rootfs partitions. As part of the Android boot process, the system sets the block devices read-only to prevent accidental modification to these partitions. Update engine needs the ability to adjust the block device read-only flag in order to apply updates. Addresses the following denials: update_engine: type=1400 audit(0.0:96): avc: denied { ioctl } for path="/dev/block/sda33" dev="tmpfs" ino=15369 ioctlcmd=125e scontext=u:r:update_engine:s0 tcontext=u:object_r:system_block_device:s0 tclass=blk_file permissive=0 update_engine: type=1400 audit(0.0:97): avc: denied { ioctl } for path="/dev/block/sda33" dev="tmpfs" ino=15369 ioctlcmd=125d scontext=u:r:update_engine:s0 tcontext=u:object_r:system_block_device:s0 tclass=blk_file permissive=0 Test: policy compiles Bug: 118150702 Change-Id: I65a3d041b6d6b7955bcd901637a543524fc34a06
