From d33155be26f401fdbc6ca824e639d33876fc8212 Mon Sep 17 00:00:00 2001
From: Sen Jiang <senj@google.com>
Date: Fri, 20 Nov 2015 16:09:14 -0800
Subject: [PATCH] Add bspatch to update_engine_exec.

This allow bspatch to have same perssion as update_engine.

Also added a rule to allow update_engine to execute bspatch.

Bug: 24478450
Test: No more permission deny during delta update.

Change-Id: If94bc703b2f3fc32f901f0d7f300934316d4e9a4
---
 file_contexts    | 1 +
 update_engine.te | 1 +
 2 files changed, 2 insertions(+)

diff --git a/file_contexts b/file_contexts
index 942b7e6f8..a74f8f86a 100644
--- a/file_contexts
+++ b/file_contexts
@@ -200,6 +200,7 @@
 /system/bin/tzdatacheck u:object_r:tzdatacheck_exec:s0
 /system/bin/idmap u:object_r:idmap_exec:s0
 /system/bin/update_engine        u:object_r:update_engine_exec:s0
+/system/bin/bspatch              u:object_r:update_engine_exec:s0
 
 #############################
 # Vendor files
diff --git a/update_engine.te b/update_engine.te
index 839d6b711..ea7fcaff8 100644
--- a/update_engine.te
+++ b/update_engine.te
@@ -10,6 +10,7 @@ net_domain(update_engine);
 allow update_engine self:process { setsched };
 allow update_engine self:capability { fowner sys_admin };
 allow update_engine kmsg_device:chr_file w_file_perms;
+allow update_engine update_engine_exec:file rx_file_perms;
 wakelock_use(update_engine);
 
 # Allow using persistent storage in /data/misc/update_engine.
-- 
GitLab