From 953873817ccb5f4612d8151fbec749c8060da097 Mon Sep 17 00:00:00 2001
From: David Zeuthen <zeuthen@google.com>
Date: Mon, 9 Nov 2015 14:00:31 -0500
Subject: msm8916: Add selinux-policy to make boot_control work in
 update_engine.

The msm8916 boot_control implementation modifies the partition table
when managing A/B.

BUG=24675877

Change-Id: I649c9193b3f7a0d5c83b7959b9b54fcb7a00997e
---
 soc/msm8916/sepolicy/update_engine.te | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 soc/msm8916/sepolicy/update_engine.te

diff --git a/soc/msm8916/sepolicy/update_engine.te b/soc/msm8916/sepolicy/update_engine.te
new file mode 100644
index 0000000..2bb5061
--- /dev/null
+++ b/soc/msm8916/sepolicy/update_engine.te
@@ -0,0 +1,7 @@
+# This file contains msm8916-specific SELinux policy for
+# update_engine. For the main update_engine policy, see
+# external/sepolicy/update_engine.te
+
+# Allow read/write on whole disk. This is needed because the msm8916
+# boot_control HAL modifies the partition table when managing A/B.
+allow update_engine mmc_block_device:blk_file rw_file_perms;
-- 
cgit v1.2.3