| # Allow to communicate with update_engine for A/B update. | |
| binder_call(priv_app, update_engine) | |
| allow priv_app update_engine_service:service_manager find; | |
| # Write to /data/ota_package for OTA packages. | |
| allow priv_app ota_package_file:dir rw_dir_perms; | |
| allow priv_app ota_package_file:file create_file_perms; |