From 66e57467dbcffce8cb77b0ebf2cbd6737d44827f Mon Sep 17 00:00:00 2001
From: Dyneteve <dyneteve@pixelexperience.org>
Date: Sat, 3 Sep 2022 11:40:34 +0200
Subject: [PATCH] sdm660-common: sepolicy: Fix OTA on encrypted f2fs.

* uncrypt : type=1400 audit(0.0:12165): avc: denied { sys_admin } for capability=21 scontext=u:r:uncrypt:s0 tcontext=u:r:uncrypt:s0 tclass=capability permissive=0

Change-Id: Ifec7cea45830a9e10f55a194e377857429bf4051
Signed-off-by: pix106 <sbordenave@gmail.com>
---
 sepolicy/vendor/uncrypt.te | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 sepolicy/vendor/uncrypt.te

diff --git a/sepolicy/vendor/uncrypt.te b/sepolicy/vendor/uncrypt.te
new file mode 100644
index 00000000..a15cb3c4
--- /dev/null
+++ b/sepolicy/vendor/uncrypt.te
@@ -0,0 +1,2 @@
+# Fix OTA with encrypted F2FS userdata
+allow uncrypt self:capability { sys_admin fowner };