Allow kernel to write to update_engine_data_file This is needed to run update_engine unittests in cuttlefish. In the test, the directory is mounted as R/W. Denial: avc: denied { write } for path="/data/misc/update_engine/tmp/a_img.NqUpaa" dev="dm-4" ino=3048 scontext=u:r:kernel:s0 tcontext=u:object_r:update_engine_data_file:s0 tclass=file permissive=0 strace: mount("/dev/block/loop26", "/data/local/tmp/.org.chromium.Chromium.3s2KYE", "ext2", 0, "") = -1 EIO (I/O error) Test: unittests pass Change-Id: I4658eb60240bd725bac2aef30305747ffe50aeb6

commit: 9f7947348f34e423141291dd276752186f419566 [log] [tgz]
author: Tianjie Xu <xunchang@google.com> Tue Feb 18 23:38:09 2020 -0800
committer: Tianjie Xu <xunchang@google.com> Tue Feb 18 23:43:00 2020 -0800
tree: 300db740a36c3b3f10595e740c0138af3bc10496
parent: 7848af185a3080c21e0faeeefebad7ec81aac57e [diff]
diff --git a/public/kernel.te b/public/kernel.te
index 42fe2c4..35018e9 100644
--- a/public/kernel.te
+++ b/public/kernel.te

@@ -65,10 +65,10 @@
 allow kernel { app_data_file privapp_data_file }:file read;
 allow kernel asec_image_file:file read;
 
-# Allow reading loop device in update_engine_unittests. (b/28319454)
+# Allow mounting loop device in update_engine_unittests. (b/28319454)
 # and for LTP kernel tests (b/73220071)
 userdebug_or_eng(`
-  allow kernel update_engine_data_file:file read;
+  allow kernel update_engine_data_file:file { read write };
   allow kernel nativetest_data_file:file { read write };
 ')
commit	9f7947348f34e423141291dd276752186f419566	[log] [tgz]
author	Tianjie Xu <xunchang@google.com>	Tue Feb 18 23:38:09 2020 -0800
committer	Tianjie Xu <xunchang@google.com>	Tue Feb 18 23:43:00 2020 -0800
tree	300db740a36c3b3f10595e740c0138af3bc10496
parent	7848af185a3080c21e0faeeefebad7ec81aac57e [diff]