From 7314a7b522a8a058a6f87bb0fe74507d477d6c3a Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Tue, 23 Mar 2021 09:49:02 +0800
Subject: [PATCH] permissions required for OTA

Bug: 183174452
Test: do OTA under enforcing mode
Change-Id: I0edf7703713e24351f57ef0e68096ca03c59e6f8
---
 whitechapel/vendor/google/file.te                | 1 +
 whitechapel/vendor/google/genfs_contexts         | 3 +++
 whitechapel/vendor/google/hal_bootctl_default.te | 1 +
 whitechapel/vendor/google/update_engine.te       | 3 +++
 4 files changed, 8 insertions(+)
 create mode 100644 whitechapel/vendor/google/update_engine.te

diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te
index 37fa6efb..7c1dae90 100644
--- a/whitechapel/vendor/google/file.te
+++ b/whitechapel/vendor/google/file.te
@@ -40,6 +40,7 @@ type vendor_battery_debugfs, fs_type, debugfs_type, sysfs_type;
 # Exynos sysfs
 type sysfs_exynos_bts, sysfs_type, fs_type;
 type sysfs_exynos_bts_stats, sysfs_type, fs_type;
+type sysfs_ota, sysfs_type, fs_type;
 
 # Exynos Firmware
 type vendor_fw_file, vendor_file_type, file_type;
diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts
index dee5a5ac..4659e1d2 100644
--- a/whitechapel/vendor/google/genfs_contexts
+++ b/whitechapel/vendor/google/genfs_contexts
@@ -181,6 +181,9 @@ genfscon sysfs /devices/platform/10960000.hsi2c/i2c-4/4-0008/wakeup/wakeup
 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/5-0043/wakeup/wakeup                                               u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-6/6-0069/power_supply/main-charger/wakeup                            u:object_r:sysfs_wakeup:s0
 
+# OTA
+genfscon sysfs /devices/platform/14700000.ufs/pixel/boot_lun_enabled                                                     u:object_r:sysfs_ota:s0
+
 # subsystem-coredump
 genfscon sysfs /class/sscoredump/level                                                                  u:object_r:sscoredump_sysfs_level:s0
 
diff --git a/whitechapel/vendor/google/hal_bootctl_default.te b/whitechapel/vendor/google/hal_bootctl_default.te
index fd5063f9..0e0c3c24 100644
--- a/whitechapel/vendor/google/hal_bootctl_default.te
+++ b/whitechapel/vendor/google/hal_bootctl_default.te
@@ -1,2 +1,3 @@
 allow hal_bootctl_default sda_block_device:blk_file rw_file_perms;
 allow hal_bootctl_default devinfo_block_device:blk_file r_file_perms;
+allow hal_bootctl_default sysfs_ota:file rw_file_perms;
diff --git a/whitechapel/vendor/google/update_engine.te b/whitechapel/vendor/google/update_engine.te
new file mode 100644
index 00000000..a403d9e4
--- /dev/null
+++ b/whitechapel/vendor/google/update_engine.te
@@ -0,0 +1,3 @@
+allow update_engine custom_ab_block_device:blk_file rw_file_perms;
+allow update_engine modem_block_device:blk_file rw_file_perms;
+allow update_engine proc_bootconfig:file r_file_perms;