From 5889704effb759a1ea12d7725c4eddf1551e1c12 Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Tue, 14 Jun 2022 02:58:58 +0000
Subject: [PATCH] mute update_engine probing mnt_vendor_file

Bug: 187016910
Test: boot to home
Change-Id: I5f7141f817b543a1499ef5826177f3ac4945e857
---
 tracking_denials/update_engine.te          | 2 --
 whitechapel/vendor/google/update_engine.te | 3 +++
 2 files changed, 3 insertions(+), 2 deletions(-)
 delete mode 100644 tracking_denials/update_engine.te

diff --git a/tracking_denials/update_engine.te b/tracking_denials/update_engine.te
deleted file mode 100644
index 98e7b851..00000000
--- a/tracking_denials/update_engine.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/187016910
-dontaudit update_engine mnt_vendor_file:dir search ;
diff --git a/whitechapel/vendor/google/update_engine.te b/whitechapel/vendor/google/update_engine.te
index a403d9e4..8342f126 100644
--- a/whitechapel/vendor/google/update_engine.te
+++ b/whitechapel/vendor/google/update_engine.te
@@ -1,3 +1,6 @@
 allow update_engine custom_ab_block_device:blk_file rw_file_perms;
 allow update_engine modem_block_device:blk_file rw_file_perms;
 allow update_engine proc_bootconfig:file r_file_perms;
+
+# update_engine probe mnt_vendor_file during OTA, which is a permission not required
+dontaudit update_engine mnt_vendor_file:dir search;