Allow update_engine to write snapshotctl log data recovery is excluded because it is not an interesting code path. Test: apply OTA, cancel, delete OTA states, then apply again to trigger CancelUpdate() code path, see logs Bug: 148818798 Change-Id: I3baac977af54ac0a09c9b732fd172469c9f51627

commit: 47ee18d67aa1007610c19b4bede1cebd0d51ffff [log] [tgz]
author: Yifan Hong <elsk@google.com> Tue Feb 04 16:37:52 2020 -0800
committer: Yifan Hong <elsk@google.com> Tue Feb 04 16:56:59 2020 -0800
tree: 139cf186f81a8fb85bd0a74d2f7b73d8069aa3bf
parent: c98291c37c466a10d9cbb2301104a9d06d3aa102 [diff]
diff --git a/public/update_engine.te b/public/update_engine.te
index a6be3d3..078e494 100644
--- a/public/update_engine.te
+++ b/public/update_engine.te

@@ -75,3 +75,10 @@
 # gsi_metadata_file. We never apply OTAs when GSI is running, so just deny
 # the access.
 dontaudit update_engine gsi_metadata_file:dir search;
+
+# Allow to write to snapshotctl_log logs.
+# TODO(b/148818798) revert when parent bug is fixed.
+userdebug_or_eng(`
+allow update_engine snapshotctl_log_data_file:dir rw_dir_perms;
+allow update_engine snapshotctl_log_data_file:file create_file_perms;
+')
commit	47ee18d67aa1007610c19b4bede1cebd0d51ffff	[log] [tgz]
author	Yifan Hong <elsk@google.com>	Tue Feb 04 16:37:52 2020 -0800
committer	Yifan Hong <elsk@google.com>	Tue Feb 04 16:56:59 2020 -0800
tree	139cf186f81a8fb85bd0a74d2f7b73d8069aa3bf
parent	c98291c37c466a10d9cbb2301104a9d06d3aa102 [diff]