sepolicy for custom_vm_setup Bug: 346676738 Test: run the app Change-Id: I3b5a36f4db53f8cbd1ef21cd4c25b47907812250

commit: 3335a04676d400bda57d42d4af0ef4b1d311de21 [log] [tgz]
author: Jeongik Cha <jeongik@google.com> Fri Jun 14 14:28:42 2024 +0900
committer: Jeongik Cha <jeongik@google.com> Tue Jun 18 22:54:10 2024 +0900
tree: dcac64e82e86170b76c157246785d3f8c4f631a6
parent: 075b734d672da77da04063f1775b6a92d1977b80 [diff] [blame]
diff --git a/private/shell.te b/private/shell.te
index e421ec6..d613a94 100644
--- a/private/shell.te
+++ b/private/shell.te

@@ -468,6 +468,10 @@
 # Allow shell to start up vendor shell
 allow shell vendor_shell_exec:file rx_file_perms;
 
+is_flag_enabled(RELEASE_AVF_SUPPORT_CUSTOM_VM_WITH_PARAVIRTUALIZED_DEVICES, `
+  allow shell custom_vm_setup_exec:file { entrypoint r_file_perms };
+')
+
 # Everything is labeled as rootfs in recovery mode. Allow shell to
 # execute them.
 recovery_only(`
commit	3335a04676d400bda57d42d4af0ef4b1d311de21	[log] [tgz]
author	Jeongik Cha <jeongik@google.com>	Fri Jun 14 14:28:42 2024 +0900
committer	Jeongik Cha <jeongik@google.com>	Tue Jun 18 22:54:10 2024 +0900
tree	dcac64e82e86170b76c157246785d3f8c4f631a6
parent	075b734d672da77da04063f1775b6a92d1977b80 [diff] [blame]