Allow apexd to write to sysfs loop device parameters.

To configure read-ahead on loop devices, eg. /sys/devices/virtual/block/loop0/queue/read_ahead_kb Bug: 120776455 Test: configuring read-ahead on loop devices works from apexd Change-Id: Ib25372358e8ca62fa634daf286e4b64e635fac58

Allow apexd to write to sysfs loop device parameters.
To configure read-ahead on loop devices, eg. /sys/devices/virtual/block/loop0/queue/read_ahead_kb Bug: 120776455 Test: configuring read-ahead on loop devices works from apexd Change-Id: Ib25372358e8ca62fa634daf286e4b64e635fac58
d7bf9218 · Martijn Coenen · 9ee4e3ae · d7bf9218 · d7bf9218 · d7bf9218
Commit d7bf9218 authored 6 years ago by Martijn Coenen
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -49,9 +49,13 @@ allow apexd apex_data_file:file relabelto;
 # Unmount and mount filesystems
 allow apexd labeledfs:filesystem { mount unmount };
-# Configure read-ahead of dm-verity devices
+# Configure read-ahead of dm-verity and loop devices
+# for dm-X
 allow apexd sysfs_dm:dir r_dir_perms;
 allow apexd sysfs_dm:file rw_file_perms;
+# for loopX
+allow apexd sysfs_loop:dir r_dir_perms;
+allow apexd sysfs_loop:file rw_file_perms;
 # Spawning a libbinder thread results in a dac_override deny,
 # /dev/cpuset/tasks is owned by system.

--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -623,6 +623,7 @@
    sysfs_dt_firmware_android
    sysfs_ipv4
    sysfs_kernel_notes
+    sysfs_loop
    sysfs_net
    sysfs_power
    sysfs_rtc

--- a/private/compat/27.0/27.0.cil
+++ b/private/compat/27.0/27.0.cil
@@ -1338,6 +1338,7 @@
    sysfs_dt_firmware_android
    sysfs_ipv4
    sysfs_kernel_notes
+    sysfs_loop
    sysfs_net
    sysfs_power
    sysfs_rtc

--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@@ -1535,7 +1535,9 @@
 (typeattributeset surfaceflinger_28_0 (surfaceflinger))
 (typeattributeset surfaceflinger_service_28_0 (surfaceflinger_service))
 (typeattributeset swap_block_device_28_0 (swap_block_device))
-(typeattributeset sysfs_28_0 (sysfs))
+(typeattributeset sysfs_28_0
+  ( sysfs
+    sysfs_loop))
 (typeattributeset sysfs_android_usb_28_0 (sysfs_android_usb))
 (typeattributeset sysfs_batteryinfo_28_0 (sysfs_batteryinfo))
 (typeattributeset sysfs_bluetooth_writable_28_0 (sysfs_bluetooth_writable))

--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -110,6 +110,7 @@ genfscon sysfs /class/switch                      u:object_r:sysfs_switch:s0
 genfscon sysfs /devices/platform/nfc-power/nfc_power u:object_r:sysfs_nfc_power_writable:s0
 genfscon sysfs /devices/virtual/android_usb     u:object_r:sysfs_android_usb:s0
 genfscon sysfs /devices/virtual/block/dm-       u:object_r:sysfs_dm:s0
+genfscon sysfs /devices/virtual/block/loop       u:object_r:sysfs_loop:s0
 genfscon sysfs /devices/virtual/block/zram0     u:object_r:sysfs_zram:s0
 genfscon sysfs /devices/virtual/block/zram1     u:object_r:sysfs_zram:s0
 genfscon sysfs /devices/virtual/block/zram0/uevent    u:object_r:sysfs_zram_uevent:s0

--- a/public/file.te
+++ b/public/file.te
@@ -77,6 +77,7 @@ type sysfs_dt_firmware_android, fs_type, sysfs_type;
 type sysfs_ipv4, fs_type, sysfs_type;
 type sysfs_kernel_notes, fs_type, sysfs_type, mlstrustedobject;
 type sysfs_leds, fs_type, sysfs_type;
+type sysfs_loop, fs_type, sysfs_type;
 type sysfs_hwrandom, fs_type, sysfs_type;
 type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
 type sysfs_wake_lock, fs_type, sysfs_type;

--- a/public/vold.te
+++ b/public/vold.te
@@ -10,6 +10,7 @@ allow vold cache_file:lnk_file r_file_perms;
 r_dir_file(vold, { sysfs_type -sysfs_batteryinfo })
 # XXX Label sysfs files with a specific type?
 allow vold sysfs:file w_file_perms; # writing to /sys/*/uevent during coldboot.
+allow vold sysfs_loop:file w_file_perms; # writing to /sys/block/loop*/uevent during coldboot.
 allow vold sysfs_dm:file w_file_perms;
 allow vold sysfs_usb:file w_file_perms;
 allow vold sysfs_zram_uevent:file w_file_perms;