commit a4b3e6f62a930ae584e9c0c430036bcc74c35407
author Yifan Hong <elsk@google.com> Wed Aug 14 15:49:00 2019 -0700
committer Yifan Hong <elsk@google.com> Wed Oct 02 12:46:47 2019 -0700
tree d8407f32449732dad9167bc11fb398d0a8c9797a
parent 07a99e16e4ade177ead331702d09b3c38550d220

dontaudit update_engine access to gsi_metadata_file.

update_engine tries to determine the parent path for all devices (e.g.
/dev/block/by-name) by reading the default fstab and looking for the misc
device. ReadDefaultFstab() checks whether a GSI is running by checking
gsi_metadata_file. We never apply OTAs when GSI is running, so just deny
the access.

Test: no selinux denials
Fixes: 139283697

Change-Id: I3cba28ccb6871b328ab697a4a8f3476ac72f7bed