From 8080b95d06323be45d62702ecb56d38bbae84536 Mon Sep 17 00:00:00 2001
From: Wilson Sung <wilsonsung@google.com>
Date: Thu, 27 Apr 2023 17:50:39 +0800
Subject: [PATCH] Enforce fastbootd

Fix: 264489957
Test: flash and no related avc error
Change-Id: Ibf616a98e9341310e18db6dda27d86adbf24deac
---
 tracking_denials/fastbootd.te | 4 ----
 vendor/fastbootd.te           | 6 ++++++
 2 files changed, 6 insertions(+), 4 deletions(-)
 delete mode 100644 tracking_denials/fastbootd.te
 create mode 100644 vendor/fastbootd.te

diff --git a/tracking_denials/fastbootd.te b/tracking_denials/fastbootd.te
deleted file mode 100644
index 4428b68a..00000000
--- a/tracking_denials/fastbootd.te
+++ /dev/null
@@ -1,4 +0,0 @@
-# b/264489957
-userdebug_or_eng(`
-  permissive fastbootd;
-')
\ No newline at end of file
diff --git a/vendor/fastbootd.te b/vendor/fastbootd.te
new file mode 100644
index 00000000..c7f6a88d
--- /dev/null
+++ b/vendor/fastbootd.te
@@ -0,0 +1,6 @@
+recovery_only(`
+  allow fastbootd devinfo_block_device:blk_file rw_file_perms;
+  allow fastbootd sda_block_device:blk_file rw_file_perms;
+  allow fastbootd sysfs_ota:file rw_file_perms;
+  allow fastbootd st54spi_device:chr_file rw_file_perms;
+')