Allow priv apps to use virtualizationservice And allow VS and crosvm access to privapp_data_file, to the same extent as app_data_file. Update some comments, move a neverallow to the bottom of the file with the others. Bug: 255286871 Test: Install demo app to system/priv-app, see it work without explicit grant. Change-Id: Ic763c3fbfdfe9b7a7ee6f1fe76d2a74281b69f4f

commit: 30608520bf24b3e69b8e77a8140f293936deec70 [log] [tgz]
author: Alan Stokes <alanstokes@google.com> Mon Oct 24 12:32:34 2022 +0100
committer: Alan Stokes <alanstokes@google.com> Mon Oct 24 15:33:02 2022 +0100
tree: f1848eab58718d86e33f1cc4ee247bd11b8f126c
parent: 7e707248b204b95caf866a5506d7dc2fb7427ea1 [diff] [blame]
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index 6e6b459..3e057fe 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te

@@ -44,6 +44,7 @@
 allow virtualizationservice {
   app_data_file
   apex_compos_data_file
+  privapp_data_file
 }:file { getattr read write };
 
 # shell_data_file is used for automated tests and manual debugging.
commit	30608520bf24b3e69b8e77a8140f293936deec70	[log] [tgz]
author	Alan Stokes <alanstokes@google.com>	Mon Oct 24 12:32:34 2022 +0100
committer	Alan Stokes <alanstokes@google.com>	Mon Oct 24 15:33:02 2022 +0100
tree	f1848eab58718d86e33f1cc4ee247bd11b8f126c
parent	7e707248b204b95caf866a5506d7dc2fb7427ea1 [diff] [blame]