From c37747202b0720d140d5206ed8993685357cfa48 Mon Sep 17 00:00:00 2001
From: Hung-ying Tyan <tyanh@google.com>
Date: Thu, 28 Jan 2016 17:40:42 +0800
Subject: [PATCH] Allow init to mount /odm, /vendor early

Specifically we need init to relabel (/dev/device-mapper, /dev/block/dm-?)
and other files in /dev/block/* from tmpfs to dm_device and block_device
respectively.

BUG=27805372

Change-Id: I16af6e803f8e4150481137aba24d5406872f9c62
---
 init.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/init.te b/init.te
index 425aebc81..2b649531e 100644
--- a/init.te
+++ b/init.te
@@ -20,6 +20,11 @@ allow init properties_serial:file { write relabelto };
 allow init property_type:file { create_file_perms relabelto };
 # /dev/socket
 allow init { device socket_device }:dir relabelto;
+# /dev/device-mapper, /dev/block(/.*)?
+allow init tmpfs:{ chr_file blk_file } relabelfrom;
+allow init tmpfs:blk_file getattr;
+allow init block_device:{ dir blk_file } relabelto;
+allow init dm_device:{ chr_file blk_file } relabelto;
 
 # setrlimit
 allow init self:capability sys_resource;
-- 
GitLab