Allow reading loop device in update_engine_unittests.

This fixes the following denies: type=1400 audit(0.0:4389): avc: denied { read } for path="/data/misc/update_engine/tmp/a_loop_file.W0j9ss" dev="mmcblk0p13" ino=24695 scontext=u:r:kernel:s0 tcontext=u:object_r:update_engine_data_file:s0 tclass=file permissive=0 type=1400 audit(0.0:30): avc: denied { read } for path="/data/nativetest/update_engine_unittests/gen/disk_ext2_unittest.img" dev="mmcblk0p13" ino=71 scontext=u:r:kernel:s0 tcontext=u:object_r:nativetest_data_file:s0 tclass=file permissive=0 Bug: 28319454 Test: setenforce 1 && ./update_engine_unittests Change-Id: I8d54709d4bda06b364b5420d196d75a4ecc011d3

Allow reading loop device in update_engine_unittests.
2b267293 · Sen Jiang · e53d0b0b · 2b267293
Commit 2b267293 authored 8 years ago by Sen Jiang
--- a/kernel.te
+++ b/kernel.te
@@ -63,6 +63,12 @@ allow kernel vold:fd use;
 allow kernel app_data_file:file read;
 allow kernel asec_image_file:file read;
+# Allow reading loop device in update_engine_unittests. (b/28319454)
+userdebug_or_eng(`
+  allow kernel update_engine_data_file:file read;
+  allow kernel nativetest_data_file:file read;
+')
 domain_auto_trans(kernel, init_exec, init)
 ###