Add sepolices to update engine domain.

While applying OTA update package, update engine
loops through partitions entries/mountpoints.
Add few policies and supress the dac ones.

Change-Id: Ic4ff7e8df86a01a3b7380e0bd458909f9099953e

generic/vendor/common/update_engine_common.te

@@ -38,4 +38,8 @@ allow update_engine_common {
 
 allow update_engine_common tmpfs:lnk_file r_file_perms;
 allow update_engine_common metadata_file:dir search;
+allow update_engine_common {adsprpcd_file firmware_file}:dir search;
+allow update_engine_common {bt_firmware_file firmware_file}:filesystem getattr;
+
+dontaudit update_engine_common self:capability {dac_read_search dac_override};
 

legacy/vendor/sdm710/update_engine_common.te

@@ -41,3 +41,7 @@ allow update_engine_common {
 
 allow update_engine_common tmpfs:lnk_file r_file_perms;
 allow update_engine_common metadata_file:dir search;
+allow update_engine_common {adsprpcd_file firmware_file}:dir search;
+allow update_engine_common {bt_firmware_file firmware_file}:filesystem getattr;
+
+dontaudit update_engine_common self:capability {dac_read_search dac_override};

legacy/vendor/sdm845/update_engine_common.te

@@ -38,3 +38,7 @@ allow update_engine_common {
 
 allow update_engine_common tmpfs:lnk_file r_file_perms;
 allow update_engine_common metadata_file:dir search;
+allow update_engine_common {adsprpcd_file firmware_file}:dir search;
+allow update_engine_common {bt_firmware_file firmware_file}:filesystem getattr;
+
+dontaudit update_engine_common self:capability {dac_read_search dac_override};