From f121aba763e1c8e197e55f26c9210a0ae312e9ae Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Sun, 29 Nov 2020 19:52:37 +0100
Subject: [PATCH] Allow more blockdev --setrw

---
 sepolicy/su.te | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/sepolicy/su.te b/sepolicy/su.te
index a0be12a..f8829cd 100644
--- a/sepolicy/su.te
+++ b/sepolicy/su.te
@@ -148,5 +148,4 @@ allow phhsu_daemon domain:process { transition };
 # 06-06 12:59:53.775 30150 30150 I auditd  : type=1400 audit(0.0:35585): avc: denied { ioctl } for comm="blockdev" path="/dev/block/dm-3" dev="tmpfs" ino=12687 ioctlcmd=0x125d scontext=u:r:phhsu_daemon:s0 tcontext=u:object_r:dm_device:s0 tclass=blk_file permissive=0
 
 allowxperm phhsu_daemon { file_type block_device }:blk_file ioctl { 0-0xffff };
-allowxperm phhsu_daemon { super_block_device dm_device }:blk_file ioctl { 0x1278-0x127a 0x125d };
-
+allowxperm phhsu_daemon { system_block_device super_block_device dm_device }:blk_file ioctl { 0x1278-0x127a 0x125d };