1# ============================================== 2# MTK Policy Rule 3# ============================================== 4 5# Date : WK17.32 6# Operation : Migration 7# Purpose : create ext4 images for protect1/protect2/persist/nvdata/nvcfg block devices. 8allow e2fs protect1_block_device:blk_file rw_file_perms; 9allow e2fs protect2_block_device:blk_file rw_file_perms; 10allow e2fs persist_block_device:blk_file rw_file_perms; 11allow e2fs nvdata_device:blk_file rw_file_perms; 12allow e2fs nvcfg_block_device:blk_file rw_file_perms; 13 14allow e2fs devpts:chr_file {read write}; 15 16# Date : WK18.23 17# Operation: P migration 18# Purpose : Allow mke2fs to format userdata and cache partition 19allow e2fs cache_block_device:blk_file rw_file_perms; 20allow e2fs userdata_block_device:blk_file rw_file_perms; 21 22# Date : WK19.23 23# Operation: Q migration 24# Purpose : Allow format /metadata for UDC 25allow e2fs metadata_block_device:blk_file rw_file_perms; 26 27# Date : WK19.34 28# Operation: Q migration 29# Purpose : Allow mke2fs to use ioctl/ioctlcmd 30allowxperm e2fs protect1_block_device:blk_file ioctl { BLKPBSZGET BLKROGET BLKDISCARD BLKDISCARDZEROES BLKSECDISCARD }; 31allowxperm e2fs protect2_block_device:blk_file ioctl { BLKPBSZGET BLKROGET BLKDISCARD BLKDISCARDZEROES BLKSECDISCARD }; 32allowxperm e2fs nvdata_device:blk_file ioctl { BLKPBSZGET BLKROGET BLKDISCARD BLKDISCARDZEROES BLKSECDISCARD }; 33allowxperm e2fs nvcfg_block_device:blk_file ioctl { BLKPBSZGET BLKROGET BLKDISCARD BLKDISCARDZEROES BLKSECDISCARD }; 34allowxperm e2fs persist_block_device:blk_file ioctl { BLKPBSZGET BLKROGET BLKDISCARD BLKDISCARDZEROES BLKSECDISCARD }; 35