commit 5cbe30c38629db796cb14cbcdfe76bfeb5cd02b0
author Keir Fraser <keirf@google.com> Wed Oct 12 08:22:06 2022 +0000
committer Keir Fraser <keirf@google.com> Thu Oct 13 14:22:15 2022 +0000
tree ca6d7425c21a0b864ee6ea855a28a172910ba5c5
parent c3b7489ee5cecdba54126b2b321f090280c2a51c

Allow microdroid_manager to create a ZRAM swap device

Bug: 238284600
Test: Start a VM, confirm swap is available
Change-Id: I5b6050fabd652d9c15584afa0bfdc10b33401dd1

microdroid/system/private/microdroid_manager.te

diff --git a/microdroid/system/private/microdroid_manager.te b/microdroid/system/private/microdroid_manager.te
index dbd45f3..ac92f38 100644
--- a/microdroid/system/private/microdroid_manager.te
+++ b/microdroid/system/private/microdroid_manager.te
@@ -98,6 +98,13 @@
 allow microdroid_manager proc_meminfo:file r_file_perms;
 allow microdroid_manager proc_stat:file r_file_perms;
 
+# Allow microdroid_manager to set up zram-backed swap:
+#  - Read & Write zram properties in sysfs to set/get zram disksize
+#  - Read & Write to zram block device needed for mkswap and swapon
+allow microdroid_manager sysfs_zram:dir { search };
+allow microdroid_manager sysfs_zram:file rw_file_perms;
+allow microdroid_manager ram_device:blk_file rw_file_perms;
+
 # Allow microdroid_manager to read/write failure serial device
 allow microdroid_manager serial_device:chr_file w_file_perms;