From 8e3a95e65d367c4a7ebb4ba4b1ae9479bd46113c Mon Sep 17 00:00:00 2001
From: Alex Deymo <deymo@google.com>
Date: Thu, 9 Jun 2016 12:31:20 -0700
Subject: [PATCH] Allow update_engine to write BCB.

update_engine can trigger a factory-reset when the update to an older
version or an incompatible version requires it.

Bug: 30810697
Bug: 28700985
TEST=Updated a device with a factory-reset required and the BCB was
written.

(cherry picked from commit 15105ce77713315372e4223d55bc38fda74f9c97)

Change-Id: I446e170e5dc50415ee8f5927a097b4ed730a0b8a
---
 update_engine.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/update_engine.te b/update_engine.te
index 33e81342a..3c5bfa163 100644
--- a/update_engine.te
+++ b/update_engine.te
@@ -28,6 +28,11 @@ allow update_engine block_device:dir search;
 allow update_engine boot_block_device:blk_file rw_file_perms;
 allow update_engine system_block_device:blk_file rw_file_perms;
 
+# Allow to set recovery options in the BCB. Used to trigger factory reset when
+# the update to an older version (channel change) or incompatible version
+# requires it.
+allow update_engine misc_block_device:blk_file rw_file_perms;
+
 # Don't allow kernel module loading, just silence the logs.
 dontaudit update_engine kernel:system module_request;
 
-- 
GitLab