Move hal_bootctl rules to hal_bootctl_default
This more clearly attributes the permissions to the actual domain and
prevents a build breakage when building recovery due to a
userdebug-only neverallow exemption for hal_bootctl.
Bug: 69566734
Test: build user build
Change-Id: I5ed3c04b3709ac7b00234402788f5f1ae88e6f61
diff --git a/sepolicy/vendor/hal_bootctl.te b/sepolicy/vendor/hal_bootctl.te
deleted file mode 100644
index bdb9e12..0000000
--- a/sepolicy/vendor/hal_bootctl.te
+++ /dev/null
@@ -1,31 +0,0 @@
-# These are the permissions required to use the boot_control HAL implemented
-# here: hardware/qcom/bootctrl/boot_control.c
-
-# Getting and setting GPT attributes for the bootloader iterates over all the
-# partition names in the block_device directory /dev/block/.../by-name
-allow hal_bootctl block_device:dir r_dir_perms;
-
-# Edit the attributes stored in the GPT.
-allow hal_bootctl gpt_block_device:blk_file rw_file_perms;
-allow hal_bootctl ab_block_device:blk_file getattr;
-allow hal_bootctl boot_block_device:blk_file rw_file_perms;
-allow hal_bootctl modem_block_device:blk_file getattr;
-allow hal_bootctl system_block_device:blk_file getattr;
-allow hal_bootctl misc_block_device:blk_file rw_file_perms;
-
-# Access /dev/sgN devices (generic SCSI) to write the
-# A/B slot selection for the XBL partition. Allow also to issue a
-# UFS_IOCTL_QUERY ioctl.
-allow hal_bootctl sg_device:chr_file rw_file_perms;
-allow hal_bootctl self:capability sys_admin;
-allow hal_bootctl tmpfs:lnk_file r_file_perms;
-
-# Read the sysfs to lookup what /dev/sgN device
-# corresponds to the XBL partitions.
-allow hal_bootctl sysfs:dir r_dir_perms;
-
-# Write to the XBL devices.
-allow hal_bootctl xbl_block_device:blk_file rw_file_perms;
-
-# Expose a socket for brokered boot message access for hal_oemlock.
-allow hal_bootctl hal_bootctl_socket:sock_file create_file_perms;
diff --git a/sepolicy/vendor/hal_bootctl_default.te b/sepolicy/vendor/hal_bootctl_default.te
new file mode 100644
index 0000000..09a0089
--- /dev/null
+++ b/sepolicy/vendor/hal_bootctl_default.te
@@ -0,0 +1,31 @@
+# These are the permissions required to use the boot_control HAL implemented
+# here: hardware/qcom/bootctrl/boot_control.c
+
+# Getting and setting GPT attributes for the bootloader iterates over all the
+# partition names in the block_device directory /dev/block/.../by-name
+allow hal_bootctl_default block_device:dir r_dir_perms;
+
+# Edit the attributes stored in the GPT.
+allow hal_bootctl_default gpt_block_device:blk_file rw_file_perms;
+allow hal_bootctl_default ab_block_device:blk_file getattr;
+allow hal_bootctl_default boot_block_device:blk_file rw_file_perms;
+allow hal_bootctl_default modem_block_device:blk_file getattr;
+allow hal_bootctl_default system_block_device:blk_file getattr;
+allow hal_bootctl_default misc_block_device:blk_file rw_file_perms;
+
+# Access /dev/sgN devices (generic SCSI) to write the
+# A/B slot selection for the XBL partition. Allow also to issue a
+# UFS_IOCTL_QUERY ioctl.
+allow hal_bootctl_default sg_device:chr_file rw_file_perms;
+allow hal_bootctl_default self:capability sys_admin;
+allow hal_bootctl_default tmpfs:lnk_file r_file_perms;
+
+# Read the sysfs to lookup what /dev/sgN device
+# corresponds to the XBL partitions.
+allow hal_bootctl_default sysfs:dir r_dir_perms;
+
+# Write to the XBL devices.
+allow hal_bootctl_default xbl_block_device:blk_file rw_file_perms;
+
+# Expose a socket for brokered boot message access for hal_oemlock.
+allow hal_bootctl_default hal_bootctl_socket:sock_file create_file_perms;
