[ALPS03783870] Add policy for update boot partition

[Detail]
Add poilcy for update_engine and vbmeta so that A/B
system update can work well.

MTK-Commit-Id: de7ad7a48111b4e02f042600c6e65484d03ac87f

Change-Id: I79346615ad1be4c5ea33343c1fce73c22be1f82f
CR-Id: ALPS03783870
Feature: Secure Boot

non_plat/device.te

@@ -221,6 +221,7 @@ type audio_ipi_device, dev_type;
 type cam_vpu_block_device,dev_type;
 type boot_para_block_device,dev_type;
 type mtk_dfrc_device, dev_type;
+type vbmeta_block_device, dev_type;
 
 ##########################
 # Sensor common Devices Start

non_plat/file_contexts

@@ -462,6 +462,7 @@
 /dev/block/platform/bootdevice/by-name/spmfw(_[ab])?         u:object_r:spmfw_block_device:s0
 /dev/block/platform/bootdevice/by-name/mcupmfw(_[ab])?       u:object_r:mcupmfw_block_device:s0
 /dev/block/platform/bootdevice/by-name/loader_ext(_[ab])?    u:object_r:loader_ext_block_device:s0
+/dev/block/platform/bootdevice/by-name/vbmeta(_[ab])?    u:object_r:vbmeta_block_device:s0
 
 
 #############################

non_plat/update_engine.te

@@ -16,6 +16,7 @@ allow update_engine mcupmfw_block_device:blk_file rw_file_perms;
 allow update_engine loader_ext_block_device:blk_file rw_file_perms;
 allow update_engine cam_vpu_block_device:blk_file rw_file_perms;
 allow update_engine para_block_device:blk_file rw_file_perms;
+allow update_engine vbmeta_block_device:blk_file rw_file_perms;
 
 
 # Add for update_engine call by system_app
@@ -23,3 +24,6 @@ allow update_engine system_app:binder { call transfer };
 
 # Add for update_engine with postinstall
 allow update_engine postinstall_mnt_dir:dir { search getattr open read write search unlink};
+
+# Add for AVB20
+allow update_engine tmpfs:lnk_file read;