From cd264d2d884528f161ade821c17cc65405f979c9 Mon Sep 17 00:00:00 2001
From: Nvertigo <nvertigo67@gmail.com>
Date: Sat, 23 Mar 2019 15:54:21 +0100
Subject: sepolicy: Fix OTA auto-flashing with encrypted f2fs

  If userdata is on f2fs and encrypted (stock config for userdata),
  /cache/recovery/block.map is not created due to this denial:

  05-01 13:43:47.512  6538  6538 W uncrypt : type=1400 audit(0.0:10): avc: denied { sys_admin } for capability=21 scontext=u:r:uncrypt:s0 tcontext=u:r:uncrypt:s0 tclass=capability permissive=0

  Without block.map the automatic flashing of the OTA without user
  interaction fails, and the user needs to manually mount data, and
  flash the OTA manually.

Change-Id: I6ecb84e8b730d4c641a8bd8769043dfbfb817b83
Signed-off-by: Pranav Vashi <neobuddy89@gmail.com>
---
 common/private/uncrypt.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/common/private/uncrypt.te b/common/private/uncrypt.te
index 9638596..d8fd2c7 100644
--- a/common/private/uncrypt.te
+++ b/common/private/uncrypt.te
@@ -1,2 +1,5 @@
 allow uncrypt cache_file:dir rw_dir_perms;
 allow uncrypt cache_file:file create_file_perms;
+
+# OTA with encrypted f2fs
+allow uncrypt self:capability sys_admin;
-- 
cgit v1.2.3