commit bacf448bdba09ff37ae918d85a26879d7d993523
author Nick Kralevich <nnk@google.com> Tue Nov 20 17:57:04 2018 -0800
committer Nick Kralevich <nnk@google.com> Tue Nov 20 17:57:04 2018 -0800
tree 81e46ebe838191eb75f0b39c15d7cf5319cda252
parent 6f324ffd226dc4d9326658ae85b400e74fd62a74

allow system_server BLKSECDISCARD BLKDISCARD

Used at:
https://android.googlesource.com/platform/frameworks/base/+/7271c452a945a629c39fe885058c14c4ad11204e/services/core/jni/com_android_server_PersistentDataBlockService.cpp#60

Addresses the following denials:
  audit(0.0:413): avc: denied { ioctl } for comm="Binder:1365_1C" path="/dev/block/sdg1" dev="tmpfs" ino=20555 ioctlcmd=127d scontext=u:r:system_server:s0 tcontext=u:object_r:frp_block_device:s0 tclass=blk_file permissive=0
  audit(0.0:410): avc: denied { ioctl } for comm="Binder:1365_3" path="/dev/block/sdg1" dev="tmpfs" ino=20555 ioctlcmd=1277 scontext=u:r:system_server:s0 tcontext=u:object_r:frp_block_device:s0 tclass=blk_file permissive=0

Test: policy compiles.
Change-Id: I7614b6269031b7912a7b93dc5307f5687458fba8