Merge "Allow MM to open/syncfs/close encryptedstore dir"

commit: 2d91b6fc97f2f4b90bb630da278580c5957131b9 [log] [tgz]
author: Shikha Panwar <shikhapanwar@google.com> Wed Feb 01 11:13:01 2023 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Feb 01 11:13:01 2023 +0000
tree: 4c80fa7764b592ff2f957738c3f1c2a1629dcc71
parent: 11eb002e83b05c9cd61f044e45ddd2d57bf2bf36 [diff]
parent: 992245d1b225468fbfa0d8899a1786ab646d2b0c [diff]
diff --git a/microdroid/system/private/microdroid_manager.te b/microdroid/system/private/microdroid_manager.te
index 7e26f53..51372ad 100644
--- a/microdroid/system/private/microdroid_manager.te
+++ b/microdroid/system/private/microdroid_manager.te

@@ -45,6 +45,9 @@
 # Allow microdroid_manager to start encryptedstore binary
 domain_auto_trans(microdroid_manager, encryptedstore_exec, encryptedstore)
 
+# Microdroid Manager needs read related permission for syncing encrypted storage fs
+allow microdroid_manager encryptedstore_file:dir r_dir_perms;
+
 # Allow microdroid_manager to run kexec to load crashkernel
 domain_auto_trans(microdroid_manager, kexec_exec, kexec)
commit	2d91b6fc97f2f4b90bb630da278580c5957131b9	[log] [tgz]
author	Shikha Panwar <shikhapanwar@google.com>	Wed Feb 01 11:13:01 2023 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Wed Feb 01 11:13:01 2023 +0000
tree	4c80fa7764b592ff2f957738c3f1c2a1629dcc71
parent	11eb002e83b05c9cd61f044e45ddd2d57bf2bf36 [diff]
parent	992245d1b225468fbfa0d8899a1786ab646d2b0c [diff]