Allow apexd to write to sysfs loop device parameters.
To configure read-ahead on loop devices, eg.
/sys/devices/virtual/block/loop0/queue/read_ahead_kb
Bug: 120776455
Test: configuring read-ahead on loop devices works from apexd
Change-Id: Ib25372358e8ca62fa634daf286e4b64e635fac58
diff --git a/private/apexd.te b/private/apexd.te
index 702ba57..7b1c041 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -49,9 +49,13 @@
# Unmount and mount filesystems
allow apexd labeledfs:filesystem { mount unmount };
-# Configure read-ahead of dm-verity devices
+# Configure read-ahead of dm-verity and loop devices
+# for dm-X
allow apexd sysfs_dm:dir r_dir_perms;
allow apexd sysfs_dm:file rw_file_perms;
+# for loopX
+allow apexd sysfs_loop:dir r_dir_perms;
+allow apexd sysfs_loop:file rw_file_perms;
# Spawning a libbinder thread results in a dac_override deny,
# /dev/cpuset/tasks is owned by system.
diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index 187712e..abd5fc3 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -623,6 +623,7 @@
sysfs_dt_firmware_android
sysfs_ipv4
sysfs_kernel_notes
+ sysfs_loop
sysfs_net
sysfs_power
sysfs_rtc
diff --git a/private/compat/27.0/27.0.cil b/private/compat/27.0/27.0.cil
index 2a4f854..8bc2ca6 100644
--- a/private/compat/27.0/27.0.cil
+++ b/private/compat/27.0/27.0.cil
@@ -1338,6 +1338,7 @@
sysfs_dt_firmware_android
sysfs_ipv4
sysfs_kernel_notes
+ sysfs_loop
sysfs_net
sysfs_power
sysfs_rtc
diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index 323fb0a..d10ca35 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@@ -1535,7 +1535,9 @@
(typeattributeset surfaceflinger_28_0 (surfaceflinger))
(typeattributeset surfaceflinger_service_28_0 (surfaceflinger_service))
(typeattributeset swap_block_device_28_0 (swap_block_device))
-(typeattributeset sysfs_28_0 (sysfs))
+(typeattributeset sysfs_28_0
+ ( sysfs
+ sysfs_loop))
(typeattributeset sysfs_android_usb_28_0 (sysfs_android_usb))
(typeattributeset sysfs_batteryinfo_28_0 (sysfs_batteryinfo))
(typeattributeset sysfs_bluetooth_writable_28_0 (sysfs_bluetooth_writable))
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 5f7a042..88aca5b 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -110,6 +110,7 @@
genfscon sysfs /devices/platform/nfc-power/nfc_power u:object_r:sysfs_nfc_power_writable:s0
genfscon sysfs /devices/virtual/android_usb u:object_r:sysfs_android_usb:s0
genfscon sysfs /devices/virtual/block/dm- u:object_r:sysfs_dm:s0
+genfscon sysfs /devices/virtual/block/loop u:object_r:sysfs_loop:s0
genfscon sysfs /devices/virtual/block/zram0 u:object_r:sysfs_zram:s0
genfscon sysfs /devices/virtual/block/zram1 u:object_r:sysfs_zram:s0
genfscon sysfs /devices/virtual/block/zram0/uevent u:object_r:sysfs_zram_uevent:s0
diff --git a/public/file.te b/public/file.te
index 597204a..99a2c0d 100644
--- a/public/file.te
+++ b/public/file.te
@@ -77,6 +77,7 @@
type sysfs_ipv4, fs_type, sysfs_type;
type sysfs_kernel_notes, fs_type, sysfs_type, mlstrustedobject;
type sysfs_leds, fs_type, sysfs_type;
+type sysfs_loop, fs_type, sysfs_type;
type sysfs_hwrandom, fs_type, sysfs_type;
type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
type sysfs_wake_lock, fs_type, sysfs_type;
diff --git a/public/vold.te b/public/vold.te
index 5d5c44b..7e71f16 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -10,6 +10,7 @@
r_dir_file(vold, { sysfs_type -sysfs_batteryinfo })
# XXX Label sysfs files with a specific type?
allow vold sysfs:file w_file_perms; # writing to /sys/*/uevent during coldboot.
+allow vold sysfs_loop:file w_file_perms; # writing to /sys/block/loop*/uevent during coldboot.
allow vold sysfs_dm:file w_file_perms;
allow vold sysfs_usb:file w_file_perms;
allow vold sysfs_zram_uevent:file w_file_perms;