Allow vmlauncher app to run e2fsck and resize2fs
r_file_perms: Required to read permissions on the fsck_exec files,
allowing the vmlauncher_app domain to read their contents.
execute: Grants execute permissions, allowing the vmlauncher_app
domain to run the fsck_exec files as programs.
execute_no_trans: Execute fsck_exec files without undergoing a domain
transition.
Bug: 371491254
Test: Resize partition (increase and shrink) and verify root partitions
gets mounted in VM after resize
Change-Id: Ib3f09fc5832e6232fb450ef4e81aff11a660f758
Signed-off-by: Akilesh Kailash <akailash@google.com>
diff --git a/private/vmlauncher_app.te b/private/vmlauncher_app.te
index c76c117..83187b6 100644
--- a/private/vmlauncher_app.te
+++ b/private/vmlauncher_app.te
@@ -11,6 +11,8 @@
allow vmlauncher_app shell_data_file:file { read open write };
virtualizationservice_use(vmlauncher_app)
+allow vmlauncher_app fsck_exec:file { r_file_perms execute execute_no_trans };
+
is_flag_enabled(RELEASE_AVF_SUPPORT_CUSTOM_VM_WITH_PARAVIRTUALIZED_DEVICES, `
# TODO(b/332677707): remove them when display service uses binder RPC.
allow vmlauncher_app virtualization_service:service_manager find;