From 1a2a5be613eb85fa934efb715ed4fd087bfba93b Mon Sep 17 00:00:00 2001 From: hmz007 Date: Thu, 5 May 2022 15:10:40 +0800 Subject: [PATCH] rockchip: sepolicy: Add support for exfat utils Signed-off-by: hmz007 --- device/rockchip/common/sepolicy/vendor/file_contexts | 4 ++++ device/rockchip/common/sepolicy/vendor/fsck.te | 10 ++++++++++ device/rockchip/common/sepolicy/vendor/vold.te | 4 ++++ 3 files changed, 18 insertions(+) diff --git a/device/rockchip/common/sepolicy/vendor/file_contexts b/device/rockchip/common/sepolicy/vendor/file_contexts index ac9fea6daab..e506508bf15 100644 --- a/device/rockchip/common/sepolicy/vendor/file_contexts +++ b/device/rockchip/common/sepolicy/vendor/file_contexts @@ -49,6 +49,10 @@ # sysfs_rtc /sys/devices/platform/rtc-fake/rtc -- u:object_r:sysfs_rtc:s0 +#for vold +/system/bin/mkfs.exfat u:object_r:vold_exec:s0 +/system/bin/mkntfs u:object_r:vold_exec:s0 + #for media /sys/firmware/devicetree/base/compatible u:object_r:sysfs_dev:s0 diff --git a/device/rockchip/common/sepolicy/vendor/fsck.te b/device/rockchip/common/sepolicy/vendor/fsck.te index 9322f9e2c03..fbb98636954 100644 --- a/device/rockchip/common/sepolicy/vendor/fsck.te +++ b/device/rockchip/common/sepolicy/vendor/fsck.te @@ -1,3 +1,13 @@ allow fsck e2fsck_oem_block_device:blk_file rw_file_perms; allow fsck e2fsck_cache_block_device:blk_file rw_file_perms; allow fsck e2fsck_frp_block_device:blk_file rw_file_perms; + +allow fsck media_rw_data_file:dir getattr; + +allowxperm fsck vold_device:blk_file ioctl { + BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET +}; + +allowxperm fsck_untrusted vold_device:blk_file ioctl { + BLKDISCARD BLKGETSIZE BLKROGET +}; diff --git a/device/rockchip/common/sepolicy/vendor/vold.te b/device/rockchip/common/sepolicy/vendor/vold.te index dafea4f52bb..a67213dcaa0 100644 --- a/device/rockchip/common/sepolicy/vendor/vold.te +++ b/device/rockchip/common/sepolicy/vendor/vold.te @@ -15,3 +15,7 @@ allow vold sysfs_mmc:file rw_file_perms; allow vold self:capability sys_module; allow vold vendor_incremental_module:file r_file_perms; allow vold vendor_incremental_module:system module_load; + +allowxperm vold vold_device:blk_file ioctl { + BLKDISCARD BLKGETSIZE BLKROGET +};