From 315c48bc5f2b0d446482427f126a26f932f89e0f Mon Sep 17 00:00:00 2001
From: Denis Hsu <denis.hsu@mediatek.com>
Date: Sat, 18 Jan 2020 10:17:18 +0800
Subject: [PATCH] [ALPS04667690] Add policy for format as internal

add some policy to prevent form selinux violation
when formatting as internal.

MTK-Commit-Id: 11a1e82eea3751a833fdf92aea8b31012f948bdc

Change-Id: I44ea4c0b3eb2699a51d0cdf3881e2b4971c0c3cd
CR-Id: ALPS04667690
Feature: [Android Default] Download Manager
---
 non_plat/vold.te | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/non_plat/vold.te b/non_plat/vold.te
index d946bbc..8679bc7 100644
--- a/non_plat/vold.te
+++ b/non_plat/vold.te
@@ -31,3 +31,16 @@ dontaudit vold nvdata_file:dir r_dir_perms;
 dontaudit vold nvcfg_file:dir r_dir_perms;
 dontaudit vold protect_f_data_file:dir r_dir_perms;
 dontaudit vold protect_s_data_file:dir r_dir_perms;
+
+# execute mke2fs when format as internal
+allow vold cache_block_device:blk_file getattr;
+allowxperm vold dm_device:blk_file ioctl {
+  BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET
+};
+allow vold nvcfg_block_device:blk_file getattr;
+allow vold nvdata_device:blk_file getattr;
+allow vold proc_swaps:file r_file_perms;
+allow vold protect1_block_device:blk_file getattr;
+allow vold protect2_block_device:blk_file getattr;
+allow vold proc_swaps:file getattr;
+allow vold swap_block_device:blk_file getattr;