From f2cad2d92b848f6dcae4706a92043214c162a305 Mon Sep 17 00:00:00 2001
From: Jeff Sharkey <jsharkey@android.com>
Date: Sat, 27 Oct 2018 16:55:56 -0600
Subject: [PATCH] vold does more than LOOP_GET_STATUS64.

Update the "allowxperm" to reflect the various ioctl() performed in
the vold source code.

Bug: 118437832
Test: atest android.os.storage.cts.StorageManagerTest
Change-Id: Ide3a09104d8b4ce7fa2b7e23e9b215139186f595
---
 public/vold.te | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/public/vold.te b/public/vold.te
index 350b6b783..236604fa0 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -99,7 +99,13 @@ allow vold self:global_capability_class_set { net_admin dac_override dac_read_se
 allow vold self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
 allow vold loop_control_device:chr_file rw_file_perms;
 allow vold loop_device:blk_file { create setattr unlink rw_file_perms };
-allowxperm vold loop_device:blk_file ioctl LOOP_GET_STATUS64;
+allowxperm vold loop_device:blk_file ioctl {
+  LOOP_CLR_FD
+  LOOP_CTL_GET_FREE
+  LOOP_GET_STATUS64
+  LOOP_SET_FD
+  LOOP_SET_STATUS64
+};
 allow vold vold_device:blk_file { create setattr unlink rw_file_perms };
 allow vold dm_device:chr_file rw_file_perms;
 allow vold dm_device:blk_file rw_file_perms;
-- 
GitLab