From 51373ec7a3ee3ad1ff6b2e247aa0e891358ff2ca Mon Sep 17 00:00:00 2001
From: Leo Liou <leoliou@google.com>
Date: Tue, 15 Jan 2019 20:38:32 +0800
Subject: [PATCH] Add selinux policy for ext4 fs-verity feature

avc: denied { read } for comm="init" name="verity" dev="sysfs" ino=44746
scontext=u:r:init:s0 tcontext=u:object_r:sysfs_fs_ext4_features:s0 tclass=file
permissive=0

Bug: 117437571
Test: bootable for phone projects
Change-Id: I4c53e03ec55c2064f1b23c0cbd0302de3f8aa38e
---
 public/init.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/public/init.te b/public/init.te
index 72c9c4367..baf5333e4 100644
--- a/public/init.te
+++ b/public/init.te
@@ -356,6 +356,7 @@ allow init {
 
 allow init {
   sysfs_dt_firmware_android
+  sysfs_fs_ext4_features
 }:file r_file_perms;
 
 allow init {
-- 
GitLab