Allow recovery mount metadata

Test: sideload
Bug: 151640692
Change-Id: Iedd65f3fa492081750a97ec4f841d56b4a9ccaff
Merged-In: Iedd65f3fa492081750a97ec4f841d56b4a9ccaff
(cherry picked from commit d49650c23e0a0852c9054597699e6feb048dba0c)
diff --git a/public/recovery.te b/public/recovery.te
index 3bac03d..55568d4 100644
--- a/public/recovery.te
+++ b/public/recovery.te
@@ -148,6 +148,9 @@
   allow recovery gsi_metadata_file:dir search;
   allow recovery ota_metadata_file:dir rw_dir_perms;
   allow recovery ota_metadata_file:file create_file_perms;
+
+  # Allow mounting /metadata for writing update states
+  allow recovery metadata_file:dir { getattr mounton };
 ')
 
 ###