Merge "Allow reading proc file in crosvm process for reading cpu/mem stat in VM" am: b43e1b1c19 Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2300539 Change-Id: I0981485fb364b89e3a697d263d8323126ac7837c Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

commit: 3d9b334391e47cc781180240991e312939dfb124 [log] [tgz]
author: Seungjae Yoo <seungjaeyoo@google.com> Tue Nov 15 02:36:10 2022 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Tue Nov 15 02:36:10 2022 +0000
tree: de956c1449c3bbf864d9d21778e077b6d8e794ac
parent: 80e6a481d845f9bd6915c3729140fa2333bbbb5e [diff]
parent: b43e1b1c19036fe9e2639c436e1386c8bbd5efcf [diff]
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index f41e7cc..46871b7 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te

@@ -84,6 +84,9 @@
 allow virtualizationservice tombstone_data_file:file { append getattr };
 allow virtualizationservice tombstoned:fd use;
 
+# Allow reading files under /proc/[crosvm pid]/, for collecting CPU & memory usage inside VM.
+r_dir_file(virtualizationservice, crosvm);
+
 neverallow {
   domain
   -init
commit	3d9b334391e47cc781180240991e312939dfb124	[log] [tgz]
author	Seungjae Yoo <seungjaeyoo@google.com>	Tue Nov 15 02:36:10 2022 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Tue Nov 15 02:36:10 2022 +0000
tree	de956c1449c3bbf864d9d21778e077b6d8e794ac
parent	80e6a481d845f9bd6915c3729140fa2333bbbb5e [diff]
parent	b43e1b1c19036fe9e2639c436e1386c8bbd5efcf [diff]