-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy path0001-Fix-storaged-access-to-sys-block-mmcblk0-stat-after-.patch
462 lines (448 loc) · 19.2 KB
/
0001-Fix-storaged-access-to-sys-block-mmcblk0-stat-after-.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
From 272cb97532742558676a38618b5a2b0fa0c4a6fa Mon Sep 17 00:00:00 2001
From: Vladimir Oltean <[email protected]>
Date: Tue, 25 Sep 2018 23:09:09 +0300
Subject: [PATCH 1/3] Fix storaged access to /sys/block/mmcblk0/stat after
48027a00
* Commit "storaged: remove access to sysfs_type" denied the storaged
daemon access to the sysfs node it needed to do its work.
* It also didn't provide any means necessary for adding the necessary
rules at a device level, since its sepolicy is private.
* Here we define a new sysfs_disk_stat security label, which device
maintainers are supposed to add to their genfs_contexts file. This is
similar to how hal_health_default and sysfs_batteryinfo is handled.
* What prevents the genfs_contexts from being added here directly is
that in a typical vendor implementation, these sysfs files are
actually symlinks and not a single, unified path SELinux-wise.
Change-Id: I13ca09cf2458b22ffb6c70b8a353e891e810c606
Signed-off-by: Vladimir Oltean <[email protected]>
(cherry picked from commit 2814cfc532d48f6224d6115ecb1e9fbd7b5ce96e)
---
prebuilts/api/29.0/private/compat/26.0/26.0.ignore.cil | 1 +
prebuilts/api/29.0/private/compat/27.0/27.0.ignore.cil | 1 +
prebuilts/api/29.0/private/compat/28.0/28.0.ignore.cil | 1 +
prebuilts/api/29.0/private/storaged.te | 5 +++++
prebuilts/api/29.0/public/file.te | 1 +
prebuilts/api/30.0/private/compat/26.0/26.0.ignore.cil | 1 +
prebuilts/api/30.0/private/compat/27.0/27.0.ignore.cil | 1 +
prebuilts/api/30.0/private/compat/28.0/28.0.ignore.cil | 1 +
prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil | 1 +
prebuilts/api/30.0/private/storaged.te | 5 +++++
prebuilts/api/30.0/public/file.te | 1 +
prebuilts/api/31.0/private/compat/26.0/26.0.ignore.cil | 1 +
prebuilts/api/31.0/private/compat/27.0/27.0.ignore.cil | 1 +
prebuilts/api/31.0/private/compat/28.0/28.0.ignore.cil | 1 +
prebuilts/api/31.0/private/compat/29.0/29.0.ignore.cil | 1 +
prebuilts/api/31.0/private/compat/30.0/30.0.ignore.cil | 1 +
prebuilts/api/31.0/private/storaged.te | 5 +++++
prebuilts/api/31.0/public/file.te | 1 +
prebuilts/api/32.0/private/compat/26.0/26.0.ignore.cil | 1 +
prebuilts/api/32.0/private/compat/27.0/27.0.ignore.cil | 1 +
prebuilts/api/32.0/private/compat/28.0/28.0.ignore.cil | 1 +
prebuilts/api/32.0/private/compat/29.0/29.0.ignore.cil | 1 +
prebuilts/api/32.0/private/compat/30.0/30.0.ignore.cil | 1 +
prebuilts/api/32.0/private/storaged.te | 5 +++++
prebuilts/api/32.0/public/file.te | 1 +
private/compat/26.0/26.0.ignore.cil | 1 +
private/compat/27.0/27.0.ignore.cil | 1 +
private/compat/28.0/28.0.ignore.cil | 1 +
private/compat/29.0/29.0.ignore.cil | 1 +
private/compat/30.0/30.0.ignore.cil | 1 +
private/storaged.te | 5 +++++
public/file.te | 1 +
32 files changed, 52 insertions(+)
diff --git a/prebuilts/api/29.0/private/compat/26.0/26.0.ignore.cil b/prebuilts/api/29.0/private/compat/26.0/26.0.ignore.cil
index 45e1dd9e8..fee29e9bc 100644
--- a/prebuilts/api/29.0/private/compat/26.0/26.0.ignore.cil
+++ b/prebuilts/api/29.0/private/compat/26.0/26.0.ignore.cil
@@ -158,6 +158,7 @@
statscompanion_service
storaged_data_file
super_block_device
+ sysfs_disk_stat
sysfs_fs_ext4_features
system_boot_reason_prop
system_bootstrap_lib_file
diff --git a/prebuilts/api/29.0/private/compat/27.0/27.0.ignore.cil b/prebuilts/api/29.0/private/compat/27.0/27.0.ignore.cil
index 0e830f82c..cdaa2e5f0 100644
--- a/prebuilts/api/29.0/private/compat/27.0/27.0.ignore.cil
+++ b/prebuilts/api/29.0/private/compat/27.0/27.0.ignore.cil
@@ -145,6 +145,7 @@
storaged_data_file
super_block_device
staging_data_file
+ sysfs_disk_stat
system_boot_reason_prop
system_bootstrap_lib_file
system_lmk_prop
diff --git a/prebuilts/api/29.0/private/compat/28.0/28.0.ignore.cil b/prebuilts/api/29.0/private/compat/28.0/28.0.ignore.cil
index ed3671f11..e96c241cb 100644
--- a/prebuilts/api/29.0/private/compat/28.0/28.0.ignore.cil
+++ b/prebuilts/api/29.0/private/compat/28.0/28.0.ignore.cil
@@ -122,6 +122,7 @@
simpleperf_app_runner_exec
su_tmpfs
super_block_device
+ sysfs_disk_stat
sysfs_fs_f2fs
system_bootstrap_lib_file
system_event_log_tags_file
diff --git a/prebuilts/api/29.0/private/storaged.te b/prebuilts/api/29.0/private/storaged.te
index 3ed24b233..a1351d938 100644
--- a/prebuilts/api/29.0/private/storaged.te
+++ b/prebuilts/api/29.0/private/storaged.te
@@ -7,6 +7,11 @@ init_daemon_domain(storaged)
# Read access to pseudo filesystems
r_dir_file(storaged, domain)
+# Allow read access to /sys/block/mmcblk0/stat or /sys/block/sda/stat.
+# Implementations typically have symlinks to vendor specific files.
+# Vendors should mark sysfs_disk_stat on all files read by storaged.
+r_dir_file(storaged, sysfs_disk_stat)
+
# Read /proc/uid_io/stats
allow storaged proc_uid_io_stats:file r_file_perms;
diff --git a/prebuilts/api/29.0/public/file.te b/prebuilts/api/29.0/public/file.te
index da990e306..e0aad876d 100644
--- a/prebuilts/api/29.0/public/file.te
+++ b/prebuilts/api/29.0/public/file.te
@@ -11,6 +11,7 @@ type proc_overcommit_memory, fs_type, proc_type;
type proc_min_free_order_shift, fs_type, proc_type;
# proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers.
type usermodehelper, fs_type, proc_type;
+type sysfs_disk_stat, fs_type, sysfs_type;
type sysfs_usermodehelper, fs_type, sysfs_type;
type proc_qtaguid_ctrl, fs_type, mlstrustedobject, proc_type;
type proc_qtaguid_stat, fs_type, mlstrustedobject, proc_type;
diff --git a/prebuilts/api/30.0/private/compat/26.0/26.0.ignore.cil b/prebuilts/api/30.0/private/compat/26.0/26.0.ignore.cil
index b395855af..4bb448c00 100644
--- a/prebuilts/api/30.0/private/compat/26.0/26.0.ignore.cil
+++ b/prebuilts/api/30.0/private/compat/26.0/26.0.ignore.cil
@@ -161,6 +161,7 @@
statscompanion_service
storaged_data_file
super_block_device
+ sysfs_disk_stat
sysfs_fs_ext4_features
system_boot_reason_prop
system_bootstrap_lib_file
diff --git a/prebuilts/api/30.0/private/compat/27.0/27.0.ignore.cil b/prebuilts/api/30.0/private/compat/27.0/27.0.ignore.cil
index cb500c9e0..b3607d385 100644
--- a/prebuilts/api/30.0/private/compat/27.0/27.0.ignore.cil
+++ b/prebuilts/api/30.0/private/compat/27.0/27.0.ignore.cil
@@ -148,6 +148,7 @@
storaged_data_file
super_block_device
staging_data_file
+ sysfs_disk_stat
system_boot_reason_prop
system_bootstrap_lib_file
system_lmk_prop
diff --git a/prebuilts/api/30.0/private/compat/28.0/28.0.ignore.cil b/prebuilts/api/30.0/private/compat/28.0/28.0.ignore.cil
index d24d12d25..fd17ce643 100644
--- a/prebuilts/api/30.0/private/compat/28.0/28.0.ignore.cil
+++ b/prebuilts/api/30.0/private/compat/28.0/28.0.ignore.cil
@@ -127,6 +127,7 @@
socket_hook_prop
su_tmpfs
super_block_device
+ sysfs_disk_stat
sysfs_fs_f2fs
system_bootstrap_lib_file
system_event_log_tags_file
diff --git a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil
index fdea691ea..cfdf55e27 100644
--- a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil
+++ b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil
@@ -100,6 +100,7 @@
staged_install_file
storage_config_prop
surfaceflinger_display_prop
+ sysfs_disk_stat
sysfs_dm_verity
system_adbd_prop
system_config_service
diff --git a/prebuilts/api/30.0/private/storaged.te b/prebuilts/api/30.0/private/storaged.te
index b7d4ae9ce..68fa04293 100644
--- a/prebuilts/api/30.0/private/storaged.te
+++ b/prebuilts/api/30.0/private/storaged.te
@@ -7,6 +7,11 @@ init_daemon_domain(storaged)
# Read access to pseudo filesystems
r_dir_file(storaged, domain)
+# Allow read access to /sys/block/mmcblk0/stat or /sys/block/sda/stat.
+# Implementations typically have symlinks to vendor specific files.
+# Vendors should mark sysfs_disk_stat on all files read by storaged.
+r_dir_file(storaged, sysfs_disk_stat)
+
# Read /proc/uid_io/stats
allow storaged proc_uid_io_stats:file r_file_perms;
diff --git a/prebuilts/api/30.0/public/file.te b/prebuilts/api/30.0/public/file.te
index 91257e237..06c972bdc 100644
--- a/prebuilts/api/30.0/public/file.te
+++ b/prebuilts/api/30.0/public/file.te
@@ -15,6 +15,7 @@ type proc_min_free_order_shift, fs_type, proc_type;
type proc_kpageflags, fs_type, proc_type;
# proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers.
type usermodehelper, fs_type, proc_type;
+type sysfs_disk_stat, fs_type, sysfs_type;
type sysfs_usermodehelper, fs_type, sysfs_type;
type proc_qtaguid_ctrl, fs_type, mlstrustedobject, proc_type;
type proc_qtaguid_stat, fs_type, mlstrustedobject, proc_type;
diff --git a/prebuilts/api/31.0/private/compat/26.0/26.0.ignore.cil b/prebuilts/api/31.0/private/compat/26.0/26.0.ignore.cil
index 98d5840f6..db46f76dd 100644
--- a/prebuilts/api/31.0/private/compat/26.0/26.0.ignore.cil
+++ b/prebuilts/api/31.0/private/compat/26.0/26.0.ignore.cil
@@ -166,6 +166,7 @@
super_block_device
surfaceflinger_color_prop
surfaceflinger_prop
+ sysfs_disk_stat
sysfs_fs_ext4_features
system_boot_reason_prop
system_bootstrap_lib_file
diff --git a/prebuilts/api/31.0/private/compat/27.0/27.0.ignore.cil b/prebuilts/api/31.0/private/compat/27.0/27.0.ignore.cil
index 427f4d4d1..dbbe58573 100644
--- a/prebuilts/api/31.0/private/compat/27.0/27.0.ignore.cil
+++ b/prebuilts/api/31.0/private/compat/27.0/27.0.ignore.cil
@@ -187,6 +187,7 @@
surfaceflinger_prop
staging_data_file
storagemanager_config_prop
+ sysfs_disk_stat
system_boot_reason_prop
system_bootstrap_lib_file
system_lmk_prop
diff --git a/prebuilts/api/31.0/private/compat/28.0/28.0.ignore.cil b/prebuilts/api/31.0/private/compat/28.0/28.0.ignore.cil
index e7ddf4805..fa6204cbd 100644
--- a/prebuilts/api/31.0/private/compat/28.0/28.0.ignore.cil
+++ b/prebuilts/api/31.0/private/compat/28.0/28.0.ignore.cil
@@ -128,6 +128,7 @@
socket_hook_prop
su_tmpfs
super_block_device
+ sysfs_disk_stat
sysfs_fs_f2fs
system_bootstrap_lib_file
system_event_log_tags_file
diff --git a/prebuilts/api/31.0/private/compat/29.0/29.0.ignore.cil b/prebuilts/api/31.0/private/compat/29.0/29.0.ignore.cil
index 10790468f..9c3a1d5bd 100644
--- a/prebuilts/api/31.0/private/compat/29.0/29.0.ignore.cil
+++ b/prebuilts/api/31.0/private/compat/29.0/29.0.ignore.cil
@@ -100,6 +100,7 @@
staged_install_file
storage_config_prop
surfaceflinger_display_prop
+ sysfs_disk_stat
sysfs_dm_verity
system_adbd_prop
system_config_service
diff --git a/prebuilts/api/31.0/private/compat/30.0/30.0.ignore.cil b/prebuilts/api/31.0/private/compat/30.0/30.0.ignore.cil
index 0c36aed13..8a579b18e 100644
--- a/prebuilts/api/31.0/private/compat/30.0/30.0.ignore.cil
+++ b/prebuilts/api/31.0/private/compat/30.0/30.0.ignore.cil
@@ -128,6 +128,7 @@
sysfs_devfreq_cur
sysfs_devfreq_dir
sysfs_devices_cs_etm
+ sysfs_disk_stat
sysfs_dma_heap
sysfs_dmabuf_stats
sysfs_uhid
diff --git a/prebuilts/api/31.0/private/storaged.te b/prebuilts/api/31.0/private/storaged.te
index bb39e5b73..8b6beed36 100644
--- a/prebuilts/api/31.0/private/storaged.te
+++ b/prebuilts/api/31.0/private/storaged.te
@@ -7,6 +7,11 @@ init_daemon_domain(storaged)
# Read access to pseudo filesystems
r_dir_file(storaged, domain)
+# Allow read access to /sys/block/mmcblk0/stat or /sys/block/sda/stat.
+# Implementations typically have symlinks to vendor specific files.
+# Vendors should mark sysfs_disk_stat on all files read by storaged.
+r_dir_file(storaged, sysfs_disk_stat)
+
# Read /proc/uid_io/stats
allow storaged proc_uid_io_stats:file r_file_perms;
diff --git a/prebuilts/api/31.0/public/file.te b/prebuilts/api/31.0/public/file.te
index dc788ac6a..578df89b6 100644
--- a/prebuilts/api/31.0/public/file.te
+++ b/prebuilts/api/31.0/public/file.te
@@ -15,6 +15,7 @@ type proc_min_free_order_shift, fs_type, proc_type;
type proc_kpageflags, fs_type, proc_type;
# proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers.
type usermodehelper, fs_type, proc_type;
+type sysfs_disk_stat, fs_type, sysfs_type;
type sysfs_usermodehelper, fs_type, sysfs_type;
type proc_qtaguid_ctrl, fs_type, mlstrustedobject, proc_type;
type proc_qtaguid_stat, fs_type, mlstrustedobject, proc_type;
diff --git a/prebuilts/api/32.0/private/compat/26.0/26.0.ignore.cil b/prebuilts/api/32.0/private/compat/26.0/26.0.ignore.cil
index 98d5840f6..db46f76dd 100644
--- a/prebuilts/api/32.0/private/compat/26.0/26.0.ignore.cil
+++ b/prebuilts/api/32.0/private/compat/26.0/26.0.ignore.cil
@@ -166,6 +166,7 @@
super_block_device
surfaceflinger_color_prop
surfaceflinger_prop
+ sysfs_disk_stat
sysfs_fs_ext4_features
system_boot_reason_prop
system_bootstrap_lib_file
diff --git a/prebuilts/api/32.0/private/compat/27.0/27.0.ignore.cil b/prebuilts/api/32.0/private/compat/27.0/27.0.ignore.cil
index 427f4d4d1..dbbe58573 100644
--- a/prebuilts/api/32.0/private/compat/27.0/27.0.ignore.cil
+++ b/prebuilts/api/32.0/private/compat/27.0/27.0.ignore.cil
@@ -187,6 +187,7 @@
surfaceflinger_prop
staging_data_file
storagemanager_config_prop
+ sysfs_disk_stat
system_boot_reason_prop
system_bootstrap_lib_file
system_lmk_prop
diff --git a/prebuilts/api/32.0/private/compat/28.0/28.0.ignore.cil b/prebuilts/api/32.0/private/compat/28.0/28.0.ignore.cil
index e7ddf4805..fa6204cbd 100644
--- a/prebuilts/api/32.0/private/compat/28.0/28.0.ignore.cil
+++ b/prebuilts/api/32.0/private/compat/28.0/28.0.ignore.cil
@@ -128,6 +128,7 @@
socket_hook_prop
su_tmpfs
super_block_device
+ sysfs_disk_stat
sysfs_fs_f2fs
system_bootstrap_lib_file
system_event_log_tags_file
diff --git a/prebuilts/api/32.0/private/compat/29.0/29.0.ignore.cil b/prebuilts/api/32.0/private/compat/29.0/29.0.ignore.cil
index 10790468f..9c3a1d5bd 100644
--- a/prebuilts/api/32.0/private/compat/29.0/29.0.ignore.cil
+++ b/prebuilts/api/32.0/private/compat/29.0/29.0.ignore.cil
@@ -100,6 +100,7 @@
staged_install_file
storage_config_prop
surfaceflinger_display_prop
+ sysfs_disk_stat
sysfs_dm_verity
system_adbd_prop
system_config_service
diff --git a/prebuilts/api/32.0/private/compat/30.0/30.0.ignore.cil b/prebuilts/api/32.0/private/compat/30.0/30.0.ignore.cil
index e4acfe8a4..a9c670ef8 100644
--- a/prebuilts/api/32.0/private/compat/30.0/30.0.ignore.cil
+++ b/prebuilts/api/32.0/private/compat/30.0/30.0.ignore.cil
@@ -129,6 +129,7 @@
sysfs_devfreq_cur
sysfs_devfreq_dir
sysfs_devices_cs_etm
+ sysfs_disk_stat
sysfs_dma_heap
sysfs_dmabuf_stats
sysfs_uhid
diff --git a/prebuilts/api/32.0/private/storaged.te b/prebuilts/api/32.0/private/storaged.te
index bb39e5b73..8b6beed36 100644
--- a/prebuilts/api/32.0/private/storaged.te
+++ b/prebuilts/api/32.0/private/storaged.te
@@ -7,6 +7,11 @@ init_daemon_domain(storaged)
# Read access to pseudo filesystems
r_dir_file(storaged, domain)
+# Allow read access to /sys/block/mmcblk0/stat or /sys/block/sda/stat.
+# Implementations typically have symlinks to vendor specific files.
+# Vendors should mark sysfs_disk_stat on all files read by storaged.
+r_dir_file(storaged, sysfs_disk_stat)
+
# Read /proc/uid_io/stats
allow storaged proc_uid_io_stats:file r_file_perms;
diff --git a/prebuilts/api/32.0/public/file.te b/prebuilts/api/32.0/public/file.te
index dc788ac6a..578df89b6 100644
--- a/prebuilts/api/32.0/public/file.te
+++ b/prebuilts/api/32.0/public/file.te
@@ -15,6 +15,7 @@ type proc_min_free_order_shift, fs_type, proc_type;
type proc_kpageflags, fs_type, proc_type;
# proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers.
type usermodehelper, fs_type, proc_type;
+type sysfs_disk_stat, fs_type, sysfs_type;
type sysfs_usermodehelper, fs_type, sysfs_type;
type proc_qtaguid_ctrl, fs_type, mlstrustedobject, proc_type;
type proc_qtaguid_stat, fs_type, mlstrustedobject, proc_type;
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 98d5840f6..db46f76dd 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -166,6 +166,7 @@
super_block_device
surfaceflinger_color_prop
surfaceflinger_prop
+ sysfs_disk_stat
sysfs_fs_ext4_features
system_boot_reason_prop
system_bootstrap_lib_file
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 427f4d4d1..dbbe58573 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -187,6 +187,7 @@
surfaceflinger_prop
staging_data_file
storagemanager_config_prop
+ sysfs_disk_stat
system_boot_reason_prop
system_bootstrap_lib_file
system_lmk_prop
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index e7ddf4805..fa6204cbd 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -128,6 +128,7 @@
socket_hook_prop
su_tmpfs
super_block_device
+ sysfs_disk_stat
sysfs_fs_f2fs
system_bootstrap_lib_file
system_event_log_tags_file
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 10790468f..9c3a1d5bd 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -100,6 +100,7 @@
staged_install_file
storage_config_prop
surfaceflinger_display_prop
+ sysfs_disk_stat
sysfs_dm_verity
system_adbd_prop
system_config_service
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index e4acfe8a4..a9c670ef8 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -129,6 +129,7 @@
sysfs_devfreq_cur
sysfs_devfreq_dir
sysfs_devices_cs_etm
+ sysfs_disk_stat
sysfs_dma_heap
sysfs_dmabuf_stats
sysfs_uhid
diff --git a/private/storaged.te b/private/storaged.te
index bb39e5b73..8b6beed36 100644
--- a/private/storaged.te
+++ b/private/storaged.te
@@ -7,6 +7,11 @@ init_daemon_domain(storaged)
# Read access to pseudo filesystems
r_dir_file(storaged, domain)
+# Allow read access to /sys/block/mmcblk0/stat or /sys/block/sda/stat.
+# Implementations typically have symlinks to vendor specific files.
+# Vendors should mark sysfs_disk_stat on all files read by storaged.
+r_dir_file(storaged, sysfs_disk_stat)
+
# Read /proc/uid_io/stats
allow storaged proc_uid_io_stats:file r_file_perms;
diff --git a/public/file.te b/public/file.te
index dc788ac6a..578df89b6 100644
--- a/public/file.te
+++ b/public/file.te
@@ -15,6 +15,7 @@ type proc_min_free_order_shift, fs_type, proc_type;
type proc_kpageflags, fs_type, proc_type;
# proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers.
type usermodehelper, fs_type, proc_type;
+type sysfs_disk_stat, fs_type, sysfs_type;
type sysfs_usermodehelper, fs_type, sysfs_type;
type proc_qtaguid_ctrl, fs_type, mlstrustedobject, proc_type;
type proc_qtaguid_stat, fs_type, mlstrustedobject, proc_type;
--
2.35.1