From 173a1d9add2d74b58c0eccbee8b5cf454046c78a Mon Sep 17 00:00:00 2001
From: Jiyong Park <jiyong@google.com>
Date: Fri, 26 Oct 2018 21:32:44 +0900
Subject: [PATCH] Allow apexd more ioctl cmds for loop devices

apexd is using following additional ioctl cmds to mount the mini
filesystem inside APEXs:

 LOOP_SET_STATUS64
 LOOP_SET_FD
 LOOP_SET_BLOCK_SIZE
 LOOP_SET_DIRECT_IO
 LOOP_CLR_FD

Test: m; m apex.test; adb push <the_built_apex> /data/apex; adb reboot

/apex/com.android.example.apex exists

Change-Id: I68388cc4f323e4fcff370c8cdc0958cbd827e9cc
---
 private/apexd.te     | 9 ++++++++-
 public/ioctl_defines | 2 ++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/private/apexd.te b/private/apexd.te
index 3bfc3cdaf..d7a31732f 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -14,7 +14,14 @@ allow apexd apex_data_file:file rw_file_perms;
 allow apexd loop_control_device:chr_file rw_file_perms;
 # allow apexd to access loop devices
 allow apexd loop_device:blk_file rw_file_perms;
-allowxperm apexd loop_device:blk_file ioctl LOOP_GET_STATUS64;
+allowxperm apexd loop_device:blk_file ioctl {
+  LOOP_GET_STATUS64
+  LOOP_SET_STATUS64
+  LOOP_SET_FD
+  LOOP_SET_BLOCK_SIZE
+  LOOP_SET_DIRECT_IO
+  LOOP_CLR_FD
+};
 # allow apexd to access /dev/block
 allow apexd block_device:dir r_dir_perms;
 
diff --git a/public/ioctl_defines b/public/ioctl_defines
index a46302333..97869f9f9 100644
--- a/public/ioctl_defines
+++ b/public/ioctl_defines
@@ -1363,7 +1363,9 @@ define(`LOOP_CTL_GET_FREE', `0x00004c82')
 define(`LOOP_CTL_REMOVE', `0x00004c81')
 define(`LOOP_GET_STATUS', `0x00004c03')
 define(`LOOP_GET_STATUS64', `0x00004c05')
+define(`LOOP_SET_BLOCK_SIZE', `0x00004c09')
 define(`LOOP_SET_CAPACITY', `0x00004c07')
+define(`LOOP_SET_DIRECT_IO', `0x00004c08')
 define(`LOOP_SET_FD', `0x00004c00')
 define(`LOOP_SET_STATUS', `0x00004c02')
 define(`LOOP_SET_STATUS64', `0x00004c04')
-- 
GitLab