vendor: sepolicy fix build merged too soon Change-Id: I70a950ca6181b809edfc9089fc34af1c4418194f

commit: c83cecc8575c2a6cf47f7e4537a1011e3760d4e9 [log] [tgz]
author: Marko Man <darkobas@gmail.com> Sat Sep 01 19:21:27 2018 +0200
committer: Jon West <electrikjesus@gmail.com> Sat Feb 16 21:15:54 2019 +0530
tree: 28a85fc2234e51b18eacc30a39014cbdca6e26f7
parent: 7345537fb5ca8a3488f5481232693ddc41a3e93f [diff] [blame]
diff --git a/sepolicy/private/update_engine.te b/sepolicy/private/update_engine.te
index 309699a..0a60e7e 100644
--- a/sepolicy/private/update_engine.te
+++ b/sepolicy/private/update_engine.te

@@ -1,13 +1,14 @@
-allow update_engine self:capability { dac_override dac_read_search sys_rawio };
-
 r_dir_file(update_engine, mnt_user_file)
 r_dir_file(update_engine, storage_file)
 
-allow update_engine self:capability { chown fsetid sys_rawio };
+allow update_engine self:capability { chown fsetid };
 
 allow update_engine labeledfs:filesystem { mount unmount };
 
-allow update_engine { media_rw_data_file rootfs sdcardfs system_data_file system_file }:dir create_dir_perms;
-allow update_engine { media_rw_data_file rootfs sdcardfs system_data_file system_file }:{ file lnk_file } create_file_perms;
 allow update_engine { otapreopt_chroot_exec rootfs system_file toolbox_exec }:file rx_file_perms;
-allow update_engine { rootfs system_file }:file { relabelfrom relabelto };
+
+allow update_engine labeledfs:filesystem mount;
+allow update_engine rootfs:dir { add_name write };
+allow update_engine storage_file:lnk_file read;
+allow update_engine system_file:file execute_no_trans;
+allow update_engine toolbox_exec:file { execute getattr };
commit	c83cecc8575c2a6cf47f7e4537a1011e3760d4e9	[log] [tgz]
author	Marko Man <darkobas@gmail.com>	Sat Sep 01 19:21:27 2018 +0200
committer	Jon West <electrikjesus@gmail.com>	Sat Feb 16 21:15:54 2019 +0530
tree	28a85fc2234e51b18eacc30a39014cbdca6e26f7
parent	7345537fb5ca8a3488f5481232693ddc41a3e93f [diff] [blame]