diff --git a/service_contexts b/service_contexts
index 747369ef7f954ccf5bb9d121baf312d71bcd4103..ec1194b475b30726970d9bfd375a01d7f3e8c442 100644
--- a/service_contexts
+++ b/service_contexts
@@ -2,7 +2,7 @@ accessibility                             u:object_r:accessibility_service:s0
 account                                   u:object_r:account_service:s0
 activity                                  u:object_r:activity_service:s0
 alarm                                     u:object_r:alarm_service:s0
-android.os.IUpdateEngine                  u:object_r:update_engine_service:s0
+android.os.UpdateEngineService            u:object_r:update_engine_service:s0
 android.security.keystore                 u:object_r:keystore_service:s0
 android.service.gatekeeper.IGateKeeperService    u:object_r:gatekeeper_service:s0
 appops                                    u:object_r:appops_service:s0
diff --git a/update_engine.te b/update_engine.te
index 3fbfd8a15699bbfa35cc9250baa4647100a440e2..39b99361ad35ddee05544ba16e9fdab3e265396e 100644
--- a/update_engine.te
+++ b/update_engine.te
@@ -33,3 +33,6 @@ allow update_engine update_engine_service:service_manager { add };
 
 # Allow update_engine to call the callback function provided by priv_app.
 binder_call(update_engine, priv_app)
+
+# Allow read/write bootctrl block device.
+allow update_engine bootctrl_block_device:blk_file rw_file_perms;