From b0d59450ae69ae878447ae48f82dd060760c6f15 Mon Sep 17 00:00:00 2001
From: Andrew Scull <ascull@google.com>
Date: Wed, 31 May 2017 16:00:28 +0100
Subject: [PATCH] Allow bootctl HAL to access misc block device.

This is sometimes used for communication with the bootloader.

Bug: 62052545
Test: Build
Change-Id: I3ae37793407719e55ab0830129aa569c9018f7da
---
 public/domain.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/public/domain.te b/public/domain.te
index 8f63624e8..34cbadcfc 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -489,6 +489,7 @@ neverallow { domain -install_recovery -recovery } recovery_block_device:blk_file
 neverallow {
   domain
   userdebug_or_eng(`-domain') # exclude debuggable builds
+  -hal_bootctl
   -init
   -uncrypt
   -update_engine
-- 
GitLab