From 341476d4557822470808b6e910ee941d1cb668b6 Mon Sep 17 00:00:00 2001
From: Martijn Coenen <maco@google.com>
Date: Thu, 8 Nov 2018 12:57:12 +0100
Subject: [PATCH] Allow apexd to configure /sys/block/dm-

To configure readahead for APEX dm-verity devices.

Bug: 117823094
Test: apexd can change readahead
Change-Id: Ie0396d59ef758ad55f499f65957697d26a48aae9
---
 private/apexd.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/private/apexd.te b/private/apexd.te
index ab136eb3a..61e099bf9 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -43,6 +43,10 @@ allow apexd apex_mnt_dir:lnk_file create_file_perms;
 # Unmount and mount filesystems
 allow apexd labeledfs:filesystem { mount unmount };
 
+# Configure read-ahead of dm-verity devices
+allow apexd sysfs_dm:dir r_dir_perms;
+allow apexd sysfs_dm:file rw_file_perms;
+
 # Spawning a libbinder thread results in a dac_override deny,
 # /dev/cpuset/tasks is owned by system.
 #
-- 
GitLab