omni: ota sepolicy no backup yet Change-Id: If271c2bb59133791783964f21a13d3be657e9249

commit: 52470796d12f070d37c04ff326d7e025be7a0d5f [log] [tgz]
author: Marko Man <darkobas@gmail.com> Sat Oct 24 23:17:07 2020 +0200
committer: Max Weninger <max.weninger@gmail.com> Wed Jan 13 14:22:49 2021 +0100
tree: 9c282bfae96533db7802253a9ef319c82f2e697b
parent: 2d37e833015a851ef46b6b3f0b4a2a16d584bfcc [diff]
diff --git a/sepolicy/private/priv_app.te b/sepolicy/private/priv_app.te
index 423003d..345d186 100644
--- a/sepolicy/private/priv_app.te
+++ b/sepolicy/private/priv_app.te

@@ -1,2 +1,6 @@
 allow priv_app ota_package_file:dir create_dir_perms;
 allow priv_app kernel:system syslog_read;
+
+allow priv_app update_engine_service:service_manager find;
+allow priv_app update_engine:binder { call transfer };
+

diff --git a/sepolicy/private/update_engine.te b/sepolicy/private/update_engine.te
index c70e488..81873ed 100644
--- a/sepolicy/private/update_engine.te
+++ b/sepolicy/private/update_engine.te

@@ -1,7 +1,7 @@
 r_dir_file(update_engine, mnt_user_file)
 r_dir_file(update_engine, storage_file)
 
-allow update_engine self:capability { chown fsetid };
+allow update_engine self:capability { chown fsetid dac_read_search };
 allow update_engine self:process { setexec };
 
 allow update_engine labeledfs:filesystem { mount unmount };
commit	52470796d12f070d37c04ff326d7e025be7a0d5f	[log] [tgz]
author	Marko Man <darkobas@gmail.com>	Sat Oct 24 23:17:07 2020 +0200
committer	Max Weninger <max.weninger@gmail.com>	Wed Jan 13 14:22:49 2021 +0100
tree	9c282bfae96533db7802253a9ef319c82f2e697b
parent	2d37e833015a851ef46b6b3f0b4a2a16d584bfcc [diff]