Allow virtualizationmanager to open test artifacts in shell_data_file Bug: 275047565 Test: atest Change-Id: Iff9bdd4434a66af0e17fb74da4f173158dd66399

commit: 0783a9cd36b0ac7fdbe5ac3b321c01896c785a45 [log] [tgz]
author: Jaewan Kim <jaewan@google.com> Mon Apr 03 12:57:25 2023 +0900
committer: Jaewan Kim <jaewan@google.com> Mon Apr 03 15:46:26 2023 +0900
tree: f0724a1ff5d444e121686d0bd9dcf50f649874aa
parent: 9bc9a63b68ad79b0f33f9df37b741bf7a146d5d2 [diff] [blame]
diff --git a/private/virtualizationmanager.te b/private/virtualizationmanager.te
index 946c783..bfad8e7 100644
--- a/private/virtualizationmanager.te
+++ b/private/virtualizationmanager.te

@@ -69,10 +69,17 @@
 allow virtualizationmanager tombstone_data_file:file { append getattr };
 allow virtualizationmanager tombstoned:fd use;
 
-# Allow virtualizationservice to read AVF debug policy
+# Allow virtualizationmanager to read AVF debug policy
 allow virtualizationmanager sysfs_dt_avf:dir search;
 allow virtualizationmanager sysfs_dt_avf:file { open read };
 
+# Let virtualizationmanager open test artifacts under /data/local/tmp with file path.
+# (e.g. custom debug policy)
+userdebug_or_eng(`
+  allow virtualizationmanager shell_data_file:dir search;
+  allow virtualizationmanager shell_data_file:file open;
+')
+
 # Allow reading files under /proc/[crosvm pid]/, for collecting CPU & memory usage inside VM.
 r_dir_file(virtualizationmanager, crosvm);
commit	0783a9cd36b0ac7fdbe5ac3b321c01896c785a45	[log] [tgz]
author	Jaewan Kim <jaewan@google.com>	Mon Apr 03 12:57:25 2023 +0900
committer	Jaewan Kim <jaewan@google.com>	Mon Apr 03 15:46:26 2023 +0900
tree	f0724a1ff5d444e121686d0bd9dcf50f649874aa
parent	9bc9a63b68ad79b0f33f9df37b741bf7a146d5d2 [diff] [blame]