Allow shell to read AVF DT nodes
Hostside test needs to check existence of /proc/device-tree/avf/guest
to check whether AVF debug policy is installed.
Bug: 345118393
Change-Id: I33d6bd1bd7c5513395f162e2bcbbfd15c1b80bcd
Test: Verified manually on tangorpro-user
diff --git a/private/shell.te b/private/shell.te
index 263db8c..e421ec6 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -436,6 +436,9 @@
allowxperm shell vmlauncher_app_devpts:chr_file ioctl unpriv_tty_ioctls;
')
+# Allow CTS to check whether AVF debug policy is installed
+allow shell { proc_dt_avf sysfs_dt_avf }:dir search;
+
# Allow access to ion memory allocation device.
allow shell ion_device:chr_file rw_file_perms;