diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map
index 1ef26f99..7d124558 100644
--- a/tracking_denials/bug_map
+++ b/tracking_denials/bug_map
@@ -9,7 +9,6 @@ google_camera_app audio_service service_manager b/264600171
 google_camera_app backup_service service_manager b/264483456
 google_camera_app legacy_permission_service service_manager b/264600171
 google_camera_app permission_checker_service service_manager b/264600171
-hal_bootctl_default devinfo_block_device blk_file b/264483787
 hal_camera_default hal_radioext_hwservice hwservice_manager b/264483024
 hal_dumpstate_default vendor_displaycolor_service service_manager b/264482983
 hal_dumpstate_default vendor_displaycolor_service service_manager b/264600086
diff --git a/tracking_denials/hal_bootctl_default.te b/tracking_denials/hal_bootctl_default.te
index e862f507..3d794cae 100644
--- a/tracking_denials/hal_bootctl_default.te
+++ b/tracking_denials/hal_bootctl_default.te
@@ -1,7 +1,3 @@
-# b/264489609
-userdebug_or_eng(`
-  permissive hal_bootctl_default;
-')
 # b/267843310
 dontaudit hal_bootctl_default hal_bootctl_default:capability { dac_override };
 dontaudit hal_bootctl_default tee_device:chr_file { ioctl };
diff --git a/vendor/hal_bootctl_default.te b/vendor/hal_bootctl_default.te
index ab33b0b1..b1370b06 100644
--- a/vendor/hal_bootctl_default.te
+++ b/vendor/hal_bootctl_default.te
@@ -1 +1,3 @@
 allow hal_bootctl_default devinfo_block_device:blk_file r_file_perms;
+allow hal_bootctl_default sda_block_device:blk_file rw_file_perms;
+allow hal_bootctl_default sysfs_ota:file rw_file_perms;