From 945b222419df1c248e6f8000fb7a1c95d38c302d Mon Sep 17 00:00:00 2001
From: MY Chuang <my.chuang@mediatek.com>
Date: Sat, 18 Jan 2020 10:22:00 +0800
Subject: [PATCH] [ALPS04824757] mrdump: fix ioctl sepolicy

1. mrdump_tool was blocked by sepolicy by ioctl actions.
2. add 4 more items
   - FS_IOC_GETFLAGS
   - FS_IOC_SETFLAGS
   - F2FS_IOC_GET_PIN_FILE
   - F2FS_IOC_SET_PIN_FILE

MTK-Commit-Id: 926484c7b945397752926c9a605e3e2cd4b7ae19

Change-Id: Idadd2f3a2525a3cff8bd8a7b91c8dc76f2482546
CR-Id: ALPS04824757
Feature: Memory RAM Dump (MRDUMP)
(cherry picked from commit 81c51be3cfd29de37b3d4a02072813a4b4f25fa6)
---
 non_plat/aee_aedv.te   | 8 +++++++-
 r_non_plat/aee_aedv.te | 8 +++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/non_plat/aee_aedv.te b/non_plat/aee_aedv.te
index 267e358..864d5dd 100644
--- a/non_plat/aee_aedv.te
+++ b/non_plat/aee_aedv.te
@@ -306,8 +306,14 @@ allow aee_aedv metadata_file:dir search;
 allow aee_aedv self:capability linux_immutable;
 allow aee_aedv userdata_block_device:blk_file { read write open };
 allow aee_aedv para_block_device:blk_file rw_file_perms;
-allowxperm aee_aedv aee_dumpsys_vendor_file:file ioctl FS_IOC_FIEMAP;
 allow aee_aedv mrdump_device:blk_file rw_file_perms;
+allowxperm aee_aedv aee_dumpsys_vendor_file:file ioctl {
+  FS_IOC_GETFLAGS
+  FS_IOC_SETFLAGS
+  F2FS_IOC_GET_PIN_FILE
+  F2FS_IOC_SET_PIN_FILE
+  FS_IOC_FIEMAP
+};
 
 # Purpose: allow vendor aee read lowmemorykiller logs
 # file path: /sys/module/lowmemorykiller/parameters/
diff --git a/r_non_plat/aee_aedv.te b/r_non_plat/aee_aedv.te
index a54283f..13d96f4 100644
--- a/r_non_plat/aee_aedv.te
+++ b/r_non_plat/aee_aedv.te
@@ -305,8 +305,14 @@ allow aee_aedv metadata_file:dir search;
 allow aee_aedv self:capability linux_immutable;
 allow aee_aedv userdata_block_device:blk_file { read write open };
 allow aee_aedv para_block_device:blk_file rw_file_perms;
-allowxperm aee_aedv aee_dumpsys_vendor_file:file ioctl FS_IOC_FIEMAP;
 allow aee_aedv mrdump_device:blk_file rw_file_perms;
+allowxperm aee_aedv aee_dumpsys_vendor_file:file ioctl {
+  FS_IOC_GETFLAGS
+  FS_IOC_SETFLAGS
+  F2FS_IOC_GET_PIN_FILE
+  F2FS_IOC_SET_PIN_FILE
+  FS_IOC_FIEMAP
+};
 
 # Purpose: allow vendor aee read lowmemorykiller logs
 # file path: /sys/module/lowmemorykiller/parameters/