From 931ea0d342ee5233f82c89ea43bfabc46d034a64 Mon Sep 17 00:00:00 2001
From: Wilson Sung <wilsonsung@google.com>
Date: Thu, 16 Feb 2023 15:54:30 +0800
Subject: [PATCH] allow bootctl to read devinfo

Bug: 260522436
(cherry picked from commit 967da5da4faca654eedb8c3b974bdafbe766c736)
Merged-In: I41d2763ffe40d7465a11cc86612fed9f92905eff
Change-Id: I41d2763ffe40d7465a11cc86612fed9f92905eff
---
 tracking_denials/hal_bootctl_default.te | 3 ---
 vendor/hal_bootctl_default.te           | 1 +
 2 files changed, 1 insertion(+), 3 deletions(-)
 create mode 100644 vendor/hal_bootctl_default.te

diff --git a/tracking_denials/hal_bootctl_default.te b/tracking_denials/hal_bootctl_default.te
index 42d4ae61..e862f507 100644
--- a/tracking_denials/hal_bootctl_default.te
+++ b/tracking_denials/hal_bootctl_default.te
@@ -1,6 +1,3 @@
-# b/260522436
-dontaudit hal_bootctl_default devinfo_block_device:blk_file { open };
-dontaudit hal_bootctl_default devinfo_block_device:blk_file { read };
 # b/264489609
 userdebug_or_eng(`
   permissive hal_bootctl_default;
diff --git a/vendor/hal_bootctl_default.te b/vendor/hal_bootctl_default.te
new file mode 100644
index 00000000..ab33b0b1
--- /dev/null
+++ b/vendor/hal_bootctl_default.te
@@ -0,0 +1 @@
+allow hal_bootctl_default devinfo_block_device:blk_file r_file_perms;