Grant update_engine access to device-specific partitions Without those permissions OTA updates will work via sideloading only, but not via the system update client (e.g., GMS/GOTA). Issue: FP3-A11#381 Change-Id: I8f280489f4ab9800af80c426d1cf7f8d0afeadfb

commit: 93fd7dc1a13b6570061c56592f80e04a548198d0 [log] [tgz]
author: Karsten Tausche <karsten@fairphone.com> Mon Aug 08 09:26:21 2022 +0200
committer: Karsten Tausche <karsten@fairphone.com> Mon Aug 08 09:47:32 2022 +0200
tree: 6ccc5dc4caa92b7bcfaeaee95c9bf5d28857ec24
parent: b599fc4179478aa12376e0014c925e1b39ee100c [diff]
diff --git a/sepolicy/vendor/update_engine.te b/sepolicy/vendor/update_engine.te
new file mode 100644
index 0000000..0aa5ab4
--- /dev/null
+++ b/sepolicy/vendor/update_engine.te

@@ -0,0 +1,12 @@
+# Allow update_engine and update_engine_sideload (recovery) read/write on the
+# device-specific partitions it should update.
+allow update_engine {
+    boot_block_device
+    custom_ab_block_device
+    mdtp_device
+    modem_block_device
+    xbl_block_device
+}:blk_file rw_file_perms;
+
+allow update_engine firmware_file:filesystem getattr;
+allow update_engine self:capability kill;
commit	93fd7dc1a13b6570061c56592f80e04a548198d0	[log] [tgz]
author	Karsten Tausche <karsten@fairphone.com>	Mon Aug 08 09:26:21 2022 +0200
committer	Karsten Tausche <karsten@fairphone.com>	Mon Aug 08 09:47:32 2022 +0200
tree	6ccc5dc4caa92b7bcfaeaee95c9bf5d28857ec24
parent	b599fc4179478aa12376e0014c925e1b39ee100c [diff]