From 24ee023597d928881d60842311ca170c8bb06c94 Mon Sep 17 00:00:00 2001
From: Jaegeuk Kim <jaegeuk@google.com>
Date: Wed, 1 May 2024 17:13:52 -0700
Subject: [PATCH] Allow userdata_exp partitions

Bug: 336319772
Change-Id: I7f878f29d356df3992fb49b9df8f8a900a6f12b8
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
---
 storage/sepolicy/device.te     | 2 ++
 storage/sepolicy/e2fs.te       | 1 +
 storage/sepolicy/file_contexts | 1 +
 storage/sepolicy/fsck.te       | 1 +
 storage/sepolicy/vold.te       | 4 ++++
 5 files changed, 9 insertions(+)
 create mode 100644 storage/sepolicy/device.te
 create mode 100644 storage/sepolicy/e2fs.te
 create mode 100644 storage/sepolicy/fsck.te

diff --git a/storage/sepolicy/device.te b/storage/sepolicy/device.te
new file mode 100644
index 0000000..e0968f9
--- /dev/null
+++ b/storage/sepolicy/device.te
@@ -0,0 +1,2 @@
+# Userdata Exp block device.
+type userdata_exp_block_device, dev_type;
diff --git a/storage/sepolicy/e2fs.te b/storage/sepolicy/e2fs.te
new file mode 100644
index 0000000..c280cb7
--- /dev/null
+++ b/storage/sepolicy/e2fs.te
@@ -0,0 +1 @@
+allow e2fs userdata_exp_block_device:blk_file rw_file_perms;
diff --git a/storage/sepolicy/file_contexts b/storage/sepolicy/file_contexts
index ecca954..ff863db 100644
--- a/storage/sepolicy/file_contexts
+++ b/storage/sepolicy/file_contexts
@@ -3,3 +3,4 @@
 /dev/sg[0-9]                       u:object_r:sg_device:s0
 /data/vendor/storage(/.*)?         u:object_r:dump_storage_data_file:s0
 /vendor/bin/sg_read_buffer         u:object_r:sg_util_exec:s0
+/dev/block/by-name/userdata_exp.*  u:object_r:userdata_exp_block_device:s0
diff --git a/storage/sepolicy/fsck.te b/storage/sepolicy/fsck.te
new file mode 100644
index 0000000..2043199
--- /dev/null
+++ b/storage/sepolicy/fsck.te
@@ -0,0 +1 @@
+allow fsck userdata_exp_block_device:blk_file rw_file_perms;
diff --git a/storage/sepolicy/vold.te b/storage/sepolicy/vold.te
index 1d743b5..3d35589 100644
--- a/storage/sepolicy/vold.te
+++ b/storage/sepolicy/vold.te
@@ -1,4 +1,8 @@
 allow vold sysfs_scsi_devices_0000:file rw_file_perms;
 
+# Access userdata_exp block device.
+allow vold userdata_exp_block_device:blk_file rw_file_perms;
+allowxperm vold userdata_exp_block_device:blk_file ioctl BLKSECDISCARD;
+
 dontaudit vold dumpstate:fifo_file rw_file_perms;
 dontaudit vold dumpstate:fd use ;