From 00a86df206a09f8ef4ddaf1a4285b726a7a473fc Mon Sep 17 00:00:00 2001
From: Ahmed Harhash <email@lacentix.me>
Date: Fri, 11 Apr 2025 10:17:08 +0200
Subject: [PATCH] avicii: sepolicy: Grant update_engine access to A/B
 partitions

---
 sepolicy/vendor/update_engine.te        | 4 ++++
 sepolicy/vendor/update_engine_common.te | 1 +
 2 files changed, 5 insertions(+)

diff --git a/sepolicy/vendor/update_engine.te b/sepolicy/vendor/update_engine.te
index 29464bb..9e1422a 100644
--- a/sepolicy/vendor/update_engine.te
+++ b/sepolicy/vendor/update_engine.te
@@ -8,3 +8,7 @@ allow update_engine {
     firmware_file
     metadata_file
 }:dir search;
+
+allow update_engine block_device:dir search;
+
+allow update_engine vendor_custom_ab_block_device:blk_file rw_file_perms;
diff --git a/sepolicy/vendor/update_engine_common.te b/sepolicy/vendor/update_engine_common.te
index 62d5602..f1ad0a6 100644
--- a/sepolicy/vendor/update_engine_common.te
+++ b/sepolicy/vendor/update_engine_common.te
@@ -34,6 +34,7 @@ allow update_engine_common {
     modem_block_device
     uefi_block_device
     recovery_block_device
+    vendor_custom_ab_block_device
 }:blk_file rw_file_perms;
 
 allow update_engine_common tmpfs:lnk_file r_file_perms;
-- 
GitLab