# Allow update_engine and update_engine_sideload (recovery) read/write on the | |
# device-specific partitions it should update. | |
allow update_engine { | |
boot_block_device | |
custom_ab_block_device | |
mdtp_device | |
modem_block_device | |
xbl_block_device | |
}:blk_file rw_file_perms; | |
allow update_engine firmware_file:filesystem getattr; | |
allow update_engine self:capability kill; |