From f05cdba220549a210ef6facd3224dcadf3ffafc8 Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Mon, 22 Mar 2021 16:10:22 +0800
Subject: [PATCH] allow bootctl to read devinfo

Bug: 182705986
Test: boot with no relevant log found
Change-Id: I6d4c699fe1492f8fbcd5b8a9ba98da2fade57bd7
---
 tracking_denials/hal_bootctl_default.te          | 3 ---
 whitechapel/vendor/google/hal_bootctl_default.te | 1 +
 2 files changed, 1 insertion(+), 3 deletions(-)
 delete mode 100644 tracking_denials/hal_bootctl_default.te

diff --git a/tracking_denials/hal_bootctl_default.te b/tracking_denials/hal_bootctl_default.te
deleted file mode 100644
index 27271c57..00000000
--- a/tracking_denials/hal_bootctl_default.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# b/182705986
-dontaudit hal_bootctl_default devinfo_block_device:blk_file { open };
-dontaudit hal_bootctl_default devinfo_block_device:blk_file { read };
diff --git a/whitechapel/vendor/google/hal_bootctl_default.te b/whitechapel/vendor/google/hal_bootctl_default.te
index 63741aed..fd5063f9 100644
--- a/whitechapel/vendor/google/hal_bootctl_default.te
+++ b/whitechapel/vendor/google/hal_bootctl_default.te
@@ -1 +1,2 @@
 allow hal_bootctl_default sda_block_device:blk_file rw_file_perms;
+allow hal_bootctl_default devinfo_block_device:blk_file r_file_perms;