universal7870:selinux: fix encryption

there is one crucial important thing when it comes to IOCTL as this is a specific thing: > I auditd : type=1400 audit(0.0:1021): avc: denied { ioctl } for comm="Binder:2728_3" path="/dev/block/mmcblk0p24" dev="tmpfs" ino=1109 ioctlcmd=1272 scontext=u:r:vold:s0 tcontext=u:object_r:emmcblk_device:s0 tclass=blk_file permissive=0 see "system/sepolicy/public/ioctl_defines" for 1272 (because of ioctlcmd=1272) which leads to "BLKGETSIZE64" some more details and background: https://selinuxproject.org/page/XpermRules Signed-off-by: steadfasterX <steadfasterX@gmail.com>

universal7870:selinux: fix encryption
there is one crucial important thing when it comes to IOCTL as this is a specific thing: > I auditd : type=1400 audit(0.0:1021): avc: denied { ioctl } for comm="Binder:2728_3" path="/dev/block/mmcblk0p24" dev="tmpfs" ino=1109 ioctlcmd=1272 scontext=u:r:vold:s0 tcontext=u:object_r:emmcblk_device:s0 tclass=blk_file permissive=0 see "system/sepolicy/public/ioctl_defines" for 1272 (because of ioctlcmd=1272) which leads to "BLKGETSIZE64" some more details and background: https://selinuxproject.org/page/XpermRules Signed-off-by: steadfasterX <steadfasterX@gmail.com>
b594df0f · steadfasterX · caf22e58 · b594df0f
Verified Commit b594df0f authored Mar 17, 2021 by steadfasterX 😁
--- a/sepolicy/vendor/vold.te
+++ b/sepolicy/vendor/vold.te
 # /efs
 allow vold efs_file:dir r_dir_perms;
+
 # /dev/block/mmcblk0p[0-9]
 allow vold emmcblk_device:dir create_dir_perms;
-allow vold emmcblk_device:blk_file { setattr unlink rw_file_perms };
+allow vold emmcblk_device:blk_file { setattr unlink rw_file_perms ioctl };
+
+# device encryption
+# see:
+# https://selinuxproject.org/page/XpermRules
+# system/sepolicy/public/ioctl_defines
+allowxperm vold emmcblk_device:blk_file ioctl BLKGETSIZE64;

 allow vold sysfs_sswap:file write;