Snap for 6680110 from 6f5797a to rvc-qpr1-release

Change-Id: I113529076189614dd3265ee04a977dac40e7fc9b

Author: android-build-team Robot

prebuilts/api/30.0/public/uncrypt.te

@@ -15,9 +15,9 @@ allow uncrypt cache_file:dir search;
 allow uncrypt cache_recovery_file:dir rw_dir_perms;
 allow uncrypt cache_recovery_file:file create_file_perms;
 
-# Read OTA zip file at /data/ota_package/.
+# Read and write(for f2fs_pin_file) on OTA zip file at /data/ota_package/.
 allow uncrypt ota_package_file:dir r_dir_perms;
-allow uncrypt ota_package_file:file r_file_perms;
+allow uncrypt ota_package_file:file rw_file_perms;
 
 # Write to /dev/socket/uncrypt
 unix_socket_connect(uncrypt, uncrypt, uncrypt)
@@ -40,3 +40,7 @@ allow uncrypt proc_cmdline:file r_file_perms;
 
 # Read files in /sys
 r_dir_file(uncrypt, sysfs_dt_firmware_android)
+
+# Suppress the denials coming from ReadDefaultFstab call.
+dontaudit uncrypt gsi_metadata_file:dir search;
+dontaudit uncrypt metadata_file:dir search;

public/uncrypt.te

@@ -15,9 +15,9 @@ allow uncrypt cache_file:dir search;
 allow uncrypt cache_recovery_file:dir rw_dir_perms;
 allow uncrypt cache_recovery_file:file create_file_perms;
 
-# Read OTA zip file at /data/ota_package/.
+# Read and write(for f2fs_pin_file) on OTA zip file at /data/ota_package/.
 allow uncrypt ota_package_file:dir r_dir_perms;
-allow uncrypt ota_package_file:file r_file_perms;
+allow uncrypt ota_package_file:file rw_file_perms;
 
 # Write to /dev/socket/uncrypt
 unix_socket_connect(uncrypt, uncrypt, uncrypt)
@@ -40,3 +40,7 @@ allow uncrypt proc_cmdline:file r_file_perms;
 
 # Read files in /sys
 r_dir_file(uncrypt, sysfs_dt_firmware_android)
+
+# Suppress the denials coming from ReadDefaultFstab call.
+dontaudit uncrypt gsi_metadata_file:dir search;
+dontaudit uncrypt metadata_file:dir search;