sepolicy: Fix OTA auto-flashing with encrypted f2fs

If userdata is on f2fs and encrypted (stock config for userdata), /cache/recovery/block.map is not created due to this denial: 05-01 13:43:47.512 6538 6538 W uncrypt : type=1400 audit(0.0:10): avc: denied { sys_admin } for capability=21 scontext=u:r:uncrypt:s0 tcontext=u:r:uncrypt:s0 tclass=capability permissive=0 Without block.map the automatic flashing of the OTA without user interaction fails, and the user needs to manually mount data, and flash the OTA manually. Change-Id: I6ecb84e8b730d4c641a8bd8769043dfbfb817b83 Signed-off-by: Pranav Vashi <neobuddy89@gmail.com>
author: Nvertigo <nvertigo67@gmail.com> 2019-03-23 15:54:21 +0100
committer: Semavi Ulusoy <doc.divxm@gmail.com> 2022-05-20 19:47:07 +0300
commit: cd264d2d884528f161ade821c17cc65405f979c9 (patch)
tree: ce36f5261e6b623005b629175eece38544ef6892
parent: 45bf332827801bb8c3fdc158bfaae50632384108 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/common/private/uncrypt.te b/common/private/uncrypt.te
index 9638596..d8fd2c7 100644
--- a/common/private/uncrypt.te
+++ b/common/private/uncrypt.te
@@ -1,2 +1,5 @@
 allow uncrypt cache_file:dir rw_dir_perms;
 allow uncrypt cache_file:file create_file_perms;
+
+# OTA with encrypted f2fs
+allow uncrypt self:capability sys_admin;
author	Nvertigo <nvertigo67@gmail.com>	2019-03-23 15:54:21 +0100
committer	Semavi Ulusoy <doc.divxm@gmail.com>	2022-05-20 19:47:07 +0300
commit	cd264d2d884528f161ade821c17cc65405f979c9 (patch)
tree	ce36f5261e6b623005b629175eece38544ef6892
parent	45bf332827801bb8c3fdc158bfaae50632384108 (diff)