From a8e0f76c44af41cbdd5e452a976171ffe379d035 Mon Sep 17 00:00:00 2001
From: Jeff Sharkey <jsharkey@android.com>
Date: Sat, 25 Mar 2017 21:38:17 -0600
Subject: [PATCH] Define policy for "loop-control" device.

Per loop(4), this device is the preferred way of allocating new
loop devices since Linux 3.1.

avc: denied { read write } for name="loop-control" dev="tmpfs" ino=15221 scontext=u:r:vold:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0

Bug: 34903607
Change-Id: I1f5f62cf0a1c24c6f6453100004812af4b8e1503
---
 private/file_contexts | 1 +
 public/device.te      | 1 +
 public/vold.te        | 1 +
 3 files changed, 3 insertions(+)

diff --git a/private/file_contexts b/private/file_contexts
index d5cf3f781..bd111b808 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -92,6 +92,7 @@
 /dev/keychord   u:object_r:keychord_device:s0
 /dev/kmem		u:object_r:kmem_device:s0
 /dev/log(/.*)?		u:object_r:log_device:s0
+/dev/loop-control	u:object_r:loop_control_device:s0
 /dev/mem		u:object_r:kmem_device:s0
 /dev/modem.*		u:object_r:radio_device:s0
 /dev/mtd(/.*)?		u:object_r:mtd_device:s0
diff --git a/public/device.te b/public/device.te
index 53414e2cf..4a3bec91f 100644
--- a/public/device.te
+++ b/public/device.te
@@ -12,6 +12,7 @@ type block_device, dev_type;
 type camera_device, dev_type;
 type dm_device, dev_type;
 type keychord_device, dev_type;
+type loop_control_device, dev_type;
 type loop_device, dev_type;
 type pmsg_device, dev_type, mlstrustedobject;
 type radio_device, dev_type;
diff --git a/public/vold.te b/public/vold.te
index 7e8be29f6..88de4fda7 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -64,6 +64,7 @@ allow vold self:capability { net_admin dac_override mknod sys_admin chown fowner
 allow vold self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
 allow vold app_data_file:dir search;
 allow vold app_data_file:file rw_file_perms;
+allow vold loop_control_device:chr_file rw_file_perms;
 allow vold loop_device:blk_file { create setattr unlink rw_file_perms };
 allow vold vold_device:blk_file { create setattr unlink rw_file_perms };
 allow vold dm_device:chr_file rw_file_perms;
-- 
GitLab