From 3b7a1436b5f1b9c1ec82dde1a1a774b5d85f46f2 Mon Sep 17 00:00:00 2001
From: Jade Guo <jade.guo@intel.com>
Date: Thu, 12 Dec 2024 02:25:18 +0000
Subject: [PATCH] Update the sepolicy of OTA Coordinator

Add a rule for a new property: persist.vendor.ota_coordinator.fake_update

Tracked-On: OAM-128450
Signed-off-by: Jade Guo <jade.guo@intel.com>
---
 ota_coordinator/ota_coordinator.te | 5 +++++
 ota_coordinator/property_contexts  | 1 +
 2 files changed, 6 insertions(+)

diff --git a/ota_coordinator/ota_coordinator.te b/ota_coordinator/ota_coordinator.te
index 4cc2f7f..c2d1291 100644
--- a/ota_coordinator/ota_coordinator.te
+++ b/ota_coordinator/ota_coordinator.te
@@ -15,9 +15,14 @@ allow ota_coordinator init:unix_stream_socket connectto;
 allow ota_coordinator misc_block_device:blk_file rw_file_perms;
 allow ota_coordinator property_socket:sock_file write;
 allow ota_coordinator tmpfs:file r_file_perms;
+allow ota_coordinator vendor_data_file:file { read open };
 typeattribute ota_coordinator socket_between_core_and_vendor_violators;
 
 set_prop(ota_coordinator, powerctl_prop)
 set_prop(ota_coordinator, vendor_intel_ota_prop)
 set_prop(vendor_init, vendor_intel_ota_prop)
 
+recovery_only(
+  allow recovery vendor_data_file:dir r_dir_perms;
+  allow recovery vendor_data_file:file r_file_perms;
+)
diff --git a/ota_coordinator/property_contexts b/ota_coordinator/property_contexts
index a06880f..c684630 100644
--- a/ota_coordinator/property_contexts
+++ b/ota_coordinator/property_contexts
@@ -1,3 +1,4 @@
 persist.vendor.ota_coordinator.last_slot_suffix u:object_r:vendor_intel_ota_prop:s0
+persist.vendor.ota_coordinator.fake_update      u:object_r:vendor_intel_ota_prop:s0
 vendor.ota_coordinator.factory_reset            u:object_r:vendor_intel_ota_prop:s0