From 558c1b8de5537bb2e97dcc550fa781a148596a44 Mon Sep 17 00:00:00 2001
From: Martijn Coenen <maco@google.com>
Date: Fri, 14 Dec 2018 10:33:01 +0100
Subject: [PATCH] Allow apexd to flush block devices.

To work around a kernel bug where pages that are read before changing
the loop device offset are not invalidated correctly.

Bug: 120853401
Test: apexd mounts APEX files on gphone_sdk_x86_64
Change-Id: I89f23f8f9d472e599f053553b73cc0618dcb3747
---
 private/apexd.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/private/apexd.te b/private/apexd.te
index 7a1e4e241..702ba57d4 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -21,6 +21,7 @@ allowxperm apexd loop_device:blk_file ioctl {
   LOOP_SET_BLOCK_SIZE
   LOOP_SET_DIRECT_IO
   LOOP_CLR_FD
+  BLKFLSBUF
 };
 # allow apexd to access /dev/block
 allow apexd block_device:dir r_dir_perms;
-- 
GitLab