microdroid_manager: allow to read dm_device Microdroid_manager should verify payloads(APK/APEXes). APK is mounted to dm_device first and then verified. So, microdroid_manager needs to read it. Bug: 190343842 Test: MicrodroidHostTestCases Change-Id: I530fb8d2394952486f0bad7fb3bed770611cd311

commit: 2ac60775e0f8d93527bffc0dfc1500437cbd4390 [log] [tgz]
author: Jooyung Han <jooyung@google.com> Sat Aug 07 00:52:00 2021 +0900
committer: Jooyung Han <jooyung@google.com> Sat Aug 07 00:52:00 2021 +0900
tree: a40e729333e89dfcd837d9d09e439bbdd2a1f45f
parent: cb779773b7016d61100b7d741fb18835435f88d3 [diff]
diff --git a/microdroid/system/private/microdroid_manager.te b/microdroid/system/private/microdroid_manager.te
index 728d156..3e450f6 100644
--- a/microdroid/system/private/microdroid_manager.te
+++ b/microdroid/system/private/microdroid_manager.te

@@ -10,6 +10,8 @@
 allow microdroid_manager block_device:dir r_dir_perms;
 allow microdroid_manager block_device:lnk_file r_file_perms;
 allow microdroid_manager vd_device:blk_file r_file_perms;
+# microdroid_manager verifies DM-verity mounted APK payload
+allow microdroid_manager dm_device:blk_file r_file_perms;
 
 # Allow microdroid_manager to start payload tasks
 domain_auto_trans(microdroid_manager, microdroid_app_exec, microdroid_app)
commit	2ac60775e0f8d93527bffc0dfc1500437cbd4390	[log] [tgz]
author	Jooyung Han <jooyung@google.com>	Sat Aug 07 00:52:00 2021 +0900
committer	Jooyung Han <jooyung@google.com>	Sat Aug 07 00:52:00 2021 +0900
tree	a40e729333e89dfcd837d9d09e439bbdd2a1f45f
parent	cb779773b7016d61100b7d741fb18835435f88d3 [diff]