From 35e50159ad8392362910a9e33d76047d22682f04 Mon Sep 17 00:00:00 2001
From: Paul Lawrence <paullawrence@google.com>
Date: Fri, 10 Apr 2015 07:42:32 -0700
Subject: [PATCH] DO NOT MERGE New ext4enc kernel switching from xattrs to
 ioctl

(cherry-picked from change f7163597f595435f90f4f50cfae38ef0dd01a21b)

This is one of three changes to enable this functionality:
  https://android-review.googlesource.com/#/c/146259/
  https://android-review.googlesource.com/#/c/146264/
  https://android-review.googlesource.com/#/c/146265/

Bug: 18151196

Change-Id: I6ce4bc977a548df93ea5c09430f93eef5ee1f9fa
---
 init.te     | 2 +-
 keystore.te | 2 +-
 vold.te     | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/init.te b/init.te
index 89ddac79e..3af01fbee 100644
--- a/init.te
+++ b/init.te
@@ -96,7 +96,7 @@ allow init rootfs:file relabelfrom;
 # init.<board>.rc files often include device-specific types, so
 # we just allow all file types except /system files here.
 allow init self:capability { chown fowner fsetid };
-allow init {file_type -system_file -exec_type -app_data_file}:dir { create search getattr open read setattr };
+allow init {file_type -system_file -exec_type -app_data_file}:dir { create search getattr open read setattr ioctl };
 allow init {file_type -system_file -exec_type -keystore_data_file -security_file -app_data_file -shell_data_file -vold_data_file}:dir { write add_name remove_name rmdir relabelfrom };
 allow init {file_type -system_file -exec_type -keystore_data_file -security_file -app_data_file -shell_data_file -vold_data_file}:file { create getattr open read write setattr relabelfrom unlink };
 allow init {file_type -system_file -exec_type -keystore_data_file -security_file -app_data_file -shell_data_file -vold_data_file}:{ sock_file fifo_file } { create getattr open read setattr relabelfrom unlink };
diff --git a/keystore.te b/keystore.te
index 3561fede7..83a0e8539 100644
--- a/keystore.te
+++ b/keystore.te
@@ -23,7 +23,7 @@ selinux_check_access(keystore)
 ### Protect ourself from others
 ###
 
-neverallow { domain -keystore } keystore_data_file:dir ~{ open create read getattr setattr search relabelto };
+neverallow { domain -keystore } keystore_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
 neverallow { domain -keystore } keystore_data_file:notdevfile_class_set ~{ relabelto getattr };
 
 neverallow { domain -keystore -init } keystore_data_file:dir *;
diff --git a/vold.te b/vold.te
index 6a8d82f0f..9ab00c711 100644
--- a/vold.te
+++ b/vold.te
@@ -155,7 +155,7 @@ allow vold vold_data_file:file create_file_perms;
 allow vold init:key { write search setattr };
 allow vold vold:key { write search setattr };
 
-neverallow { domain -vold } vold_data_file:dir ~{ open create read getattr setattr search relabelto };
+neverallow { domain -vold } vold_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
 neverallow { domain -vold } vold_data_file:notdevfile_class_set ~{ relabelto getattr };
 neverallow { domain -vold -init } vold_data_file:dir *;
 neverallow { domain -vold -init } vold_data_file:notdevfile_class_set *;
-- 
GitLab