label /persist block device and allow fsck access

Addresses the following denials:

  avc:  denied  { getattr } for  pid=236 comm="e2fsck" path="/dev/block/mmcblk0p26" dev="tmpfs" ino=9031 scontext=u:r:fsck:s0 tcontext=u:object_r:block_device:s0 tclass=blk_file permissive=1
  avc:  denied  { read } for  pid=236 comm="e2fsck" name="mmcblk0p26" dev="tmpfs" ino=9031 scontext=u:r:fsck:s0 tcontext=u:object_r:block_device:s0 tclass=blk_file permissive=1
  avc:  denied  { open } for  pid=236 comm="e2fsck" path="/dev/block/mmcblk0p26" dev="tmpfs" ino=9031 scontext=u:r:fsck:s0 tcontext=u:object_r:block_device:s0 tclass=blk_file permissive=1
  avc:  denied  { write } for  pid=236 comm="e2fsck" name="mmcblk0p26" dev="tmpfs" ino=9031 scontext=u:r:fsck:s0 tcontext=u:object_r:block_device:s0 tclass=blk_file permissive=1
  avc:  denied  { ioctl } for  pid=236 comm="e2fsck" path="/dev/block/mmcblk0p26" dev="tmpfs" ino=9031 scontext=u:r:fsck:s0 tcontext=u:object_r:block_device:s0 tclass=blk_file permissive=1

Change-Id: I729637820d1e47a420978ff1a21dbc0ddccfec00
diff --git a/BoardConfig.mk b/BoardConfig.mk
index 00cb314..f361c9f 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -116,6 +116,7 @@
         device.te \
         domain.te \
         file.te \
+        fsck.te \
         gsiffd.te \
         init.te \
         irsc_util.te \
diff --git a/sepolicy/device.te b/sepolicy/device.te
index b3210f9..6b425c8 100644
--- a/sepolicy/device.te
+++ b/sepolicy/device.te
@@ -12,6 +12,7 @@
 type ramdump_device, dev_type;
 type modem_hob_block_device, dev_type;
 type cid_block_device, dev_type;
+type persist_block_device, dev_type;
 
 # Real Time Clock
 type rtc, dev_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 43ee1ae..97354e9 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -35,6 +35,9 @@
 # factory reset protection partition
 /dev/block/platform/msm_sdcc\.1/by-name/frp           u:object_r:frp_block_device:s0
 
+# /persist
+/dev/block/platform/msm_sdcc\.1/by-name/persist   u:object_r:persist_block_device:s0
+
 # mdm1hob, mdm1dhob
 /dev/block/platform/msm_sdcc.1/by-name/mdm1hob   u:object_r:modem_hob_block_device:s0
 /dev/block/platform/msm_sdcc.1/by-name/mdm1dhob  u:object_r:modem_hob_block_device:s0
diff --git a/sepolicy/fsck.te b/sepolicy/fsck.te
new file mode 100644
index 0000000..1500b5f
--- /dev/null
+++ b/sepolicy/fsck.te
@@ -0,0 +1 @@
+allow fsck persist_block_device:blk_file rw_file_perms;