Define policy for "loop-control" device.
Per loop(4), this device is the preferred way of allocating new
loop devices since Linux 3.1.
avc: denied { read write } for name="loop-control" dev="tmpfs" ino=15221 scontext=u:r:vold:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0
Bug: 34903607
Change-Id: I1f5f62cf0a1c24c6f6453100004812af4b8e1503
diff --git a/private/file_contexts b/private/file_contexts
index d5cf3f7..bd111b8 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -92,6 +92,7 @@
/dev/keychord u:object_r:keychord_device:s0
/dev/kmem u:object_r:kmem_device:s0
/dev/log(/.*)? u:object_r:log_device:s0
+/dev/loop-control u:object_r:loop_control_device:s0
/dev/mem u:object_r:kmem_device:s0
/dev/modem.* u:object_r:radio_device:s0
/dev/mtd(/.*)? u:object_r:mtd_device:s0
diff --git a/public/device.te b/public/device.te
index 53414e2..4a3bec9 100644
--- a/public/device.te
+++ b/public/device.te
@@ -12,6 +12,7 @@
type camera_device, dev_type;
type dm_device, dev_type;
type keychord_device, dev_type;
+type loop_control_device, dev_type;
type loop_device, dev_type;
type pmsg_device, dev_type, mlstrustedobject;
type radio_device, dev_type;
diff --git a/public/vold.te b/public/vold.te
index 7e8be29..88de4fd 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -64,6 +64,7 @@
allow vold self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
allow vold app_data_file:dir search;
allow vold app_data_file:file rw_file_perms;
+allow vold loop_control_device:chr_file rw_file_perms;
allow vold loop_device:blk_file { create setattr unlink rw_file_perms };
allow vold vold_device:blk_file { create setattr unlink rw_file_perms };
allow vold dm_device:chr_file rw_file_perms;