non_plat/update_engine.te


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

# MTK Add policy for update_engine
# Add for update_engine update block device
allow update_engine preloader_block_device:blk_file rw_file_perms;
allow update_engine lk_block_device:blk_file rw_file_perms;
allow update_engine dtbo_block_device:blk_file rw_file_perms;
allow update_engine tee_block_device:blk_file rw_file_perms;
allow update_engine vendor_block_device:blk_file rw_file_perms;
allow update_engine odm_block_device:blk_file rw_file_perms;
allow update_engine oem_block_device:blk_file rw_file_perms;
allow update_engine md_block_device:blk_file rw_file_perms;
allow update_engine dsp_block_device:blk_file rw_file_perms;
allow update_engine scp_block_device:blk_file rw_file_perms;
allow update_engine sspm_block_device:blk_file rw_file_perms;
allow update_engine spmfw_block_device:blk_file rw_file_perms;
allow update_engine mcupmfw_block_device:blk_file rw_file_perms;
allow update_engine loader_ext_block_device:blk_file rw_file_perms;
allow update_engine cam_vpu_block_device:blk_file rw_file_perms;
allow update_engine para_block_device:blk_file rw_file_perms;


# Add for update_engine call by system_app
allow update_engine self:capability dac_override;
allow update_engine system_app:binder { call transfer };

# Add for update_engine with postinstall
allow update_engine postinstall_mnt_dir:dir { search getattr open read write search unlink};