Allow microdroid_manager to read /proc/bootconfig ... so that it can ensure that the bootconfig hasn't changed since the last boot. Bug: 208639280 Test: m Change-Id: I2310a0df0ebbef9d6fe47dbad2538ecbe7bc84e6

commit: 3db645b83d95946c2f20a9706da8b11b06f096b2 [log] [tgz]
author: Jiyong Park <jiyong@google.com> Mon Dec 06 21:16:09 2021 +0900
committer: Jiyong Park <jiyong@google.com> Mon Dec 06 21:16:09 2021 +0900
tree: 4f5905821de8ecca024d211e4ce5a62e49407827
parent: 1f117c26c6054716a279d6155eb161f7c65b7ba4 [diff]
diff --git a/microdroid/system/private/microdroid_manager.te b/microdroid/system/private/microdroid_manager.te
index 38fabcd..b914775 100644
--- a/microdroid/system/private/microdroid_manager.te
+++ b/microdroid/system/private/microdroid_manager.te

@@ -73,4 +73,8 @@
 # Allow microdroid_manager to shutdown the device when verification fails
 set_prop(microdroid_manager, powerctl_prop)
 
+# Allow microdroid_manager to read bootconfig so that it can reject a bootconfig
+# that is different from what is recorded in the instance.img file.
+allow microdroid_manager proc_bootconfig:file r_file_perms;
+
 neverallow microdroid_manager { file_type fs_type }:file execute_no_trans;
commit	3db645b83d95946c2f20a9706da8b11b06f096b2	[log] [tgz]
author	Jiyong Park <jiyong@google.com>	Mon Dec 06 21:16:09 2021 +0900
committer	Jiyong Park <jiyong@google.com>	Mon Dec 06 21:16:09 2021 +0900
tree	4f5905821de8ecca024d211e4ce5a62e49407827
parent	1f117c26c6054716a279d6155eb161f7c65b7ba4 [diff]