Add hal_bootctl related policy am: bab5b72f86

Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21508207

Change-Id: Ic3ea1d971850ee209d9cfc61ba448ff62bbde5f5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

tracking_denials/bug_map

@@ -9,7 +9,6 @@ google_camera_app audio_service service_manager b/264600171
 google_camera_app backup_service service_manager b/264483456
 google_camera_app legacy_permission_service service_manager b/264600171
 google_camera_app permission_checker_service service_manager b/264600171
-hal_bootctl_default devinfo_block_device blk_file b/264483787
 hal_camera_default hal_radioext_hwservice hwservice_manager b/264483024
 hal_dumpstate_default vendor_displaycolor_service service_manager b/264482983
 hal_dumpstate_default vendor_displaycolor_service service_manager b/264600086

tracking_denials/hal_bootctl_default.te

@@ -1,7 +1,3 @@
-# b/264489609
-userdebug_or_eng(`
-  permissive hal_bootctl_default;
-')
 # b/267843310
 dontaudit hal_bootctl_default hal_bootctl_default:capability { dac_override };
 dontaudit hal_bootctl_default tee_device:chr_file { ioctl };

vendor/hal_bootctl_default.te

@@ -1 +1,3 @@
 allow hal_bootctl_default devinfo_block_device:blk_file r_file_perms;
+allow hal_bootctl_default sda_block_device:blk_file rw_file_perms;
+allow hal_bootctl_default sysfs_ota:file rw_file_perms;