Merge "Selinux configs for enabling tombstones be passed to host"

commit: 0c4e1373a8bb5ffcb7a566f484bbbe4df1494772 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Thu Apr 07 13:25:46 2022 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Apr 07 13:25:46 2022 +0000
tree: d78d2e1dd0636f209593524a59ea69d68eedf455
parent: 90bc7c36d98e79f34033d9ba39d05038aaf2d141 [diff]
parent: a9f1dc970879c38efd922ccb79a7f5b4d508ee5e [diff]
diff --git a/private/crosvm.te b/private/crosvm.te
index 26b1df3..0fd146e 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te

@@ -63,6 +63,9 @@
 allow crosvm adbd:fd use;
 allow crosvm adbd:unix_stream_socket { read write };
 
+# For ACPI
+allow crosvm self:netlink_generic_socket create_socket_perms_no_ioctl;
+
 # The console log can also be written to /data/local/tmp. This is not safe as the log then can be
 # visible to the processes which don't own the VM. Therefore, this is a debugging only feature.
 userdebug_or_eng(`allow crosvm shell_data_file:file w_file_perms;')

diff --git a/private/system_app.te b/private/system_app.te
index 77cca3d..01956f4 100644
--- a/private/system_app.te
+++ b/private/system_app.te

@@ -176,6 +176,10 @@
 # Allow system apps to act as Perfetto producers.
 perfetto_producer(system_app)
 
+# TODO(b/217368496): remove this.
+can_profile_heap(system_app)
+can_profile_perf(system_app)
+
 ###
 ### Neverallow rules
 ###
commit	0c4e1373a8bb5ffcb7a566f484bbbe4df1494772	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Thu Apr 07 13:25:46 2022 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Thu Apr 07 13:25:46 2022 +0000
tree	d78d2e1dd0636f209593524a59ea69d68eedf455
parent	90bc7c36d98e79f34033d9ba39d05038aaf2d141 [diff]
parent	a9f1dc970879c38efd922ccb79a7f5b4d508ee5e [diff]