sgdisk: devpts and reload partition tables.

Add rules to let sgdisk read/write to pts when forked from vold. avc: denied { read write } for path="/dev/pts/14" dev="devpts" ino=17 scontext=u:r:sgdisk:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file permissive=0 Also add rule to let it kick kernel to reload partition tables after we finish editing them. Without this capability, it leaves this message and violation: Warning: The kernel is still using the old partition table. The new table will be used at the next reboot. GPT data structures destroyed! You may now partition the disk using fdisk or other utilities. avc: denied { sys_admin } for capability=21 scontext=u:r:sgdisk:s0 tcontext=u:r:sgdisk:s0 tclass=capability permissive=0 Change-Id: If26a40f9fd3b1ab2c50156ae8bdb128676521b57

sgdisk: devpts and reload partition tables.
8188830e · Jeff Sharkey · 5a5b364c · 8188830e
Commit 8188830e authored 10 years ago by Jeff Sharkey
--- a/sgdisk.te
+++ b/sgdisk.te
@@ -6,10 +6,16 @@ type sgdisk_exec, exec_type, file_type;
 allow sgdisk block_device:dir search;
 allow sgdisk vold_device:blk_file rw_file_perms;
+# Inherit and use pty created by android_fork_execvp()
+allow sgdisk devpts:chr_file { read write ioctl getattr };
 # Allow stdin/out back to vold
 allow sgdisk vold:fd use;
 allow sgdisk vold:fifo_file { read write getattr };
+# Used to probe kernel to reload partition tables
+allow sgdisk self:capability sys_admin;
 # Only allow entry from vold
 neverallow { domain -vold } sgdisk:process transition;
 neverallow domain sgdisk:process dyntransition;