commit be9caa0c05c0a270722d2623449387f7e47879f0
author Marko Man <darkobas@gmail.com> Fri Oct 11 10:35:54 2019 +0200
committer Marko Man <darkobas@gmail.com> Fri Nov 01 18:02:17 2019 +0100
tree 079040c7405a620774060a862254144e43560feb
parent 5cea9c106b3a470bb6fad5e9af4ff4f39efbf5d1

vendor: more sepolicy for ota

Change-Id: I15cf37f0215588162eda9ced4f378037ea7fddb5

sepolicy/private/update_engine.te

diff --git a/sepolicy/private/update_engine.te b/sepolicy/private/update_engine.te
index 878a49d..b1ca5d1 100644
--- a/sepolicy/private/update_engine.te
+++ b/sepolicy/private/update_engine.te
@@ -8,14 +8,14 @@
 allow update_engine { otapreopt_chroot_exec toolbox_exec }:file rx_file_perms;
 
 allow update_engine labeledfs:filesystem mount;
-allow update_engine rootfs:file { rx_file_perms relabelfrom };
+allow update_engine rootfs:file { rx_file_perms relabelfrom rename setattr unlink };
 allow update_engine rootfs:dir { create write open add_name read rmdir remove_name };
 
 allow update_engine system_data_file:file { create read write open unlink };
 allow update_engine system_data_file:dir { create write add_name read remove_name unlink };
 
 allow update_engine system_file:file { create setattr write relabelto relabelfrom rx_file_perms unlink };
-allow update_engine system_file:dir { create setattr write rmdir remove_name add_name };
+allow update_engine system_file:dir { create setattr write rmdir remove_name add_name setattr };
 
 allow update_engine storage_file:lnk_file read;
 allow update_engine toolbox_exec:file { execute getattr };
@@ -24,4 +24,8 @@
 
 allow update_engine gsi_metadata_file:dir search;
 allow update_engine rootfs:file { create write };
+#####
+allow update_engine proc_filesystems:file { getattr open read };
+allow update_engine system_file:lnk_file { create rename };
+allow update_engine system_lib_file:dir setattr;