1# MTK Add policy for update_engine 2# Add for update_engine update block device 3allow update_engine preloader_block_device:blk_file rw_file_perms; 4allow update_engine lk_block_device:blk_file rw_file_perms; 5allow update_engine dtbo_block_device:blk_file rw_file_perms; 6allow update_engine tee_block_device:blk_file rw_file_perms; 7allow update_engine vendor_block_device:blk_file rw_file_perms; 8allow update_engine odm_block_device:blk_file rw_file_perms; 9allow update_engine oem_block_device:blk_file rw_file_perms; 10allow update_engine md_block_device:blk_file rw_file_perms; 11allow update_engine dsp_block_device:blk_file rw_file_perms; 12allow update_engine scp_block_device:blk_file rw_file_perms; 13allow update_engine sspm_block_device:blk_file rw_file_perms; 14allow update_engine spmfw_block_device:blk_file rw_file_perms; 15allow update_engine mcupmfw_block_device:blk_file rw_file_perms; 16allow update_engine loader_ext_block_device:blk_file rw_file_perms; 17allow update_engine cam_vpu_block_device:blk_file rw_file_perms; 18allow update_engine para_block_device:blk_file rw_file_perms; 19allow update_engine vbmeta_block_device:blk_file rw_file_perms; 20allow update_engine proc_filesystems:file r_file_perms; 21 22# Add for update_engine call by system_app 23allow update_engine system_app:binder { call transfer }; 24 25# Add for update_engine with postinstall 26allow update_engine postinstall_mnt_dir:dir { search getattr open read write search unlink}; 27 28# Add for AVB20 29allow update_engine tmpfs:lnk_file read; 30