sepolicy: add missing denials for update_engine Change-Id: Ia35ad4759ea6c8c5390657a536289cd0ccde0ba0

commit: ea8c17c8f34348de8d1bd18c48682abd3184b262 [log] [tgz]
author: maxwen <max.weninger@gmail.com> Mon Dec 30 13:17:25 2019 +0100
committer: maxwen <max.weninger@gmail.com> Mon Dec 30 13:17:25 2019 +0100
tree: bcc067aed1976d54305b37f5f444e67200217d6c
parent: 5c7c9ce6c206e7cf533928f5edad531012e355dd [diff]
diff --git a/sepolicy/private/update_engine.te b/sepolicy/private/update_engine.te
index b1ca5d1..70c37ec 100644
--- a/sepolicy/private/update_engine.te
+++ b/sepolicy/private/update_engine.te

@@ -23,6 +23,7 @@
 allow update_engine sepolicy_file:file { append };
 
 allow update_engine gsi_metadata_file:dir search;
+allow update_engine metadata_file:dir search;
 allow update_engine rootfs:file { create write };
 #####
 allow update_engine proc_filesystems:file { getattr open read };
commit	ea8c17c8f34348de8d1bd18c48682abd3184b262	[log] [tgz]
author	maxwen <max.weninger@gmail.com>	Mon Dec 30 13:17:25 2019 +0100
committer	maxwen <max.weninger@gmail.com>	Mon Dec 30 13:17:25 2019 +0100
tree	bcc067aed1976d54305b37f5f444e67200217d6c
parent	5c7c9ce6c206e7cf533928f5edad531012e355dd [diff]