Uncrypt: Allow uncrypt to write on ota_package_file.
This adds sepolicy rule to allow uncrypt module to write
on OTA zip (for f2fs_pin_file functionality).
Also, add a few dontaudit rules to suppress harmless denials.
Denials:
I uncrypt : type=1400 audit(0.0:177): avc: denied { write } for name="update.zip" dev="dm-10" ino=7727 scontext=u:r:uncrypt:s0 tcontext=u:object_r:ota_package_file:s0 tclass=file permissive=0
I uncrypt : type=1400 audit(0.0:175): avc: denied { search } for name="/" dev="sda9" ino=2 scontext=u:r:uncrypt:s0 tcontext=u:object_r:metadata_file:s0 tclass=dir permissive=0
I uncrypt : type=1400 audit(0.0:176): avc: denied { search } for name="gsi" dev="sda9" ino=19 scontext=u:r:uncrypt:s0 tcontext=u:object_r:gsi_metadata_file:s0 tclass=dir permissive=0
Bug: 158070965
Cherry-Pick-Of: 916bd874d68eb21aba1ad38d0689d5d66cc4f1e9
Merged-In: I473c5ee218c32b481040ef85caca907a48aadee6
Change-Id: I473c5ee218c32b481040ef85caca907a48aadee6
2 files changed
