From 57a17d143405c400bc03b134af5af10959c53d76 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Mon, 20 Oct 2014 10:36:49 -0700
Subject: [PATCH] add support for fsck.f2fs

The Nexus 9 uses f2fs for /data. Make sure to properly label
/system/bin/fsck.f2fs so that the appropriate domain transition occurs.
Add support for getattr on devpts, required for fsck.f2fs.

Addresses the following denials:

  avc:  denied  { execute_no_trans } for  pid=172 comm="init" path="/system/bin/fsck.f2fs" dev="dm-0" ino=272 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0
  avc:  denied  { getattr } for  pid=170 comm="fsck.f2fs" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:fsck:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file permissive=1

Change-Id: I34b3f91374d1eb3fb4ba76abce14ff67db259f96
---
 file_contexts | 1 +
 fsck.te       | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/file_contexts b/file_contexts
index 4325cf3da..416d78396 100644
--- a/file_contexts
+++ b/file_contexts
@@ -126,6 +126,7 @@
 #
 /system(/.*)?		u:object_r:system_file:s0
 /system/bin/e2fsck	--	u:object_r:fsck_exec:s0
+/system/bin/fsck\.f2fs	--	u:object_r:fsck_exec:s0
 /system/bin/toolbox	--	u:object_r:toolbox_exec:s0
 /system/bin/logcat	--	u:object_r:logcat_exec:s0
 /system/bin/sh		--	u:object_r:shell_exec:s0
diff --git a/fsck.te b/fsck.te
index d25517532..dd696d51e 100644
--- a/fsck.te
+++ b/fsck.te
@@ -10,7 +10,7 @@ init_daemon_domain(fsck)
 allow fsck tmpfs:chr_file { read write ioctl };
 
 # Inherit and use pty created by android_fork_execvp_ext().
-allow fsck devpts:chr_file { read write ioctl };
+allow fsck devpts:chr_file { read write ioctl getattr };
 
 # Run e2fsck on block devices.
 # TODO:  Assign userdata and cache block device types to the corresponding
-- 
GitLab