sepolicy: Add domain for mkfs binaries

The init binary must transition to another domain when calling out to executables. Create the mkfs domain for mkfs.f2fs such that init can transition to it when formatting userdata/cache partitions if the "formattable" flag is set. Change-Id: I1046782386d171a59b1a3c5441ed265dc0824977
author: Keith Mok <kmok@cyngn.com> 2015-12-15 13:24:34 -0800
committer: Ethan Chen <intervigil@gmail.com> 2015-12-16 10:40:28 -0800
commit: fcfc13ac6f2893ac055a58459aeb704b2500607c (patch)
tree: b61b845cfd4224850f2c84c7edfc36d25c2b6913 /sepolicy/mkfs.te
parent: aa40255d7744991970d4ee0efab084d3e291c743 (diff)
download: vendor_replicant-fcfc13ac6f2893ac055a58459aeb704b2500607c.tar.gz
vendor_replicant-fcfc13ac6f2893ac055a58459aeb704b2500607c.tar.bz2
vendor_replicant-fcfc13ac6f2893ac055a58459aeb704b2500607c.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/sepolicy/mkfs.te b/sepolicy/mkfs.te
new file mode 100644
index 00000000..fe7c61bb
--- /dev/null
+++ b/sepolicy/mkfs.te
@@ -0,0 +1,9 @@
+type mkfs, domain;
+type mkfs_exec, exec_type, file_type;
+
+init_daemon_domain(mkfs)
+
+# Allow formatting userdata or cache partitions
+allow mkfs block_device:dir search;
+allow mkfs userdata_block_device:blk_file rw_file_perms;
+allow mkfs cache_block_device:blk_file rw_file_perms;
author	Keith Mok <kmok@cyngn.com>	2015-12-15 13:24:34 -0800
committer	Ethan Chen <intervigil@gmail.com>	2015-12-16 10:40:28 -0800
commit	fcfc13ac6f2893ac055a58459aeb704b2500607c (patch)
tree	b61b845cfd4224850f2c84c7edfc36d25c2b6913 /sepolicy/mkfs.te
parent	aa40255d7744991970d4ee0efab084d3e291c743 (diff)
download	vendor_replicant-fcfc13ac6f2893ac055a58459aeb704b2500607c.tar.gz vendor_replicant-fcfc13ac6f2893ac055a58459aeb704b2500607c.tar.bz2 vendor_replicant-fcfc13ac6f2893ac055a58459aeb704b2500607c.zip