android_device_mediatek_sepolicy/non_plat/hal_bootctl_default.te

# Add for bootctl
#============= hal_bootctl_default ==============
allow hal_bootctl_default para_block_device:blk_file { read open write};
allow hal_bootctl_default rootfs:file { read getattr open };
allow hal_bootctl_default sysfs:dir { read open };
allow hal_bootctl_default block_device:dir search;
allow hal_bootctl_default misc_sd_device:chr_file rw_file_perms;
allow hal_bootctl_default bootdevice_block_device:blk_file { read write ioctl open };
allow hal_bootctl_default proc_cmdline:file r_file_perms;
userdebug_or_eng(`
allow hal_bootctl_default self:capability sys_rawio;
')