From 590a77d53d4196141e068535d764f9a232cbe70c Mon Sep 17 00:00:00 2001
From: Aayush Gupta <aayushgupta219@gmail.com>
Date: Sun, 27 Dec 2020 15:19:51 +0530
Subject: [PATCH] non_plat: Allow vold to manage sysfs_mmcblk device

During init, vold needs rw permissions in order to manage block devices.
This change allows the required permissions.

Denial observed without this change:
[    7.574441] .(1)[397:logd.auditd]type=1400 audit(1608975791.836:9): avc: denied { write } for comm="Binder:379_2" name="uevent" dev="sysfs" ino=35884 scontext=u:r:vold:s0 tcontext=u:object_r:sysfs_mmcblk:s0 tclass=file permissive=1

Test: Boot and observe that denial has disappeared

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I3fa256cf5957f0af3fa2628833820f0f9fcf298b
---
 non_plat/vold.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/non_plat/vold.te b/non_plat/vold.te
index 8679bc7..68081dc 100644
--- a/non_plat/vold.te
+++ b/non_plat/vold.te
@@ -44,3 +44,5 @@ allow vold protect1_block_device:blk_file getattr;
 allow vold protect2_block_device:blk_file getattr;
 allow vold proc_swaps:file getattr;
 allow vold swap_block_device:blk_file getattr;
+
+allow vold sysfs_mmcblk:file rw_file_perms;