allow init to run mke2fs tools to format partitions

Test: let fs_mgr format a damaged /data partition Bug: 35219933 Change-Id: If92352ea7a70780e9d81ab10963d63e16b793792

allow init to run mke2fs tools to format partitions
5f573ab2 · Jin Qian · e7db915a · 5f573ab2 · 5f573ab2 · 5f573ab2
Commit 5f573ab2 authored 7 years ago by Jin Qian
--- a/private/e2fs.te
+++ b/private/e2fs.te
+type e2fs, domain, coredomain;
+
+allow e2fs block_device:blk_file getattr;
+allow e2fs block_device:dir search;
+allow e2fs userdata_block_device:blk_file rw_file_perms;
+
+# access /proc/filesystems
+allow e2fs proc:file r_file_perms;
+
+# access /sys/fs/ext4/features
+allow e2fs sysfs_fs_ext4_features:file r_file_perms;
+
+# access sselinux context files
+allow e2fs file_contexts_file:file { getattr open read };
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -17,6 +17,8 @@
 /charger            u:object_r:rootfs:s0
 /init               u:object_r:init_exec:s0
 /sbin(/.*)?         u:object_r:rootfs:s0
+/sbin/e2fsdroid     u:object_r:e2fs_exec:s0
+/sbin/mke2fs        u:object_r:e2fs_exec:s0

 # For kernel modules
 /lib(/.*)?          u:object_r:rootfs:s0
@@ -450,6 +452,7 @@
 /sys/devices/virtual/block/zram\d+(/.*)?     u:object_r:sysfs_zram:s0
 /sys/devices/virtual/block/zram\d+/uevent    u:object_r:sysfs_zram_uevent:s0
 /sys/devices/virtual/misc/hw_random(/.*)?    u:object_r:sysfs_hwrandom:s0
+/sys/fs/ext4/features(/.*)?                  u:object_r:sysfs_fs_ext4_features:s0
 /sys/power/wake_lock -- u:object_r:sysfs_wake_lock:s0
 /sys/power/wake_unlock -- u:object_r:sysfs_wake_lock:s0
 /sys/kernel/uevent_helper --	u:object_r:usermodehelper:s0

--- a/private/init.te
+++ b/private/init.te
@@ -7,6 +7,7 @@ domain_trans(init, rootfs, adbd)
 domain_trans(init, rootfs, charger)
 domain_trans(init, rootfs, healthd)
 domain_trans(init, rootfs, slideshow)
+domain_auto_trans(init, e2fs_exec, e2fs)
 recovery_only(`
  domain_trans(init, rootfs, recovery)
 ')

--- a/public/e2fs.te
+++ b/public/e2fs.te
+type e2fs_exec, exec_type, file_type;
--- a/public/file.te
+++ b/public/file.te
@@ -41,6 +41,7 @@ type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
 type sysfs_wake_lock, fs_type, sysfs_type;
 type sysfs_mac_address, fs_type, sysfs_type;
 type sysfs_usb, sysfs_type, file_type, mlstrustedobject;
+type sysfs_fs_ext4_features, sysfs_type, fs_type;
 type configfs, fs_type;
 # /sys/devices/system/cpu
 type sysfs_devices_system_cpu, fs_type, sysfs_type;