Allow VMs to log to shell pts
If we run a VM from an adb shell, e.g. via `vm run`, then we would
like to get the VM console & log sent to the shell console.
That doesn't work unless virtualization manager & crosvm can write to
devpts.
Bug: 286355623
Test: Manual: adb shell, /apex/com.android.virt/bin/vm run-microdroid --debug full
Change-Id: I01b233bc6ad5fba8f333f379af62a03806ae8949
diff --git a/private/crosvm.te b/private/crosvm.te
index f1012b7..8a6bd24 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te
@@ -69,6 +69,7 @@
# Allow crosvm to pipe console log to shell or app which could be the owner of a VM.
allow crosvm adbd:fd use;
allow crosvm adbd:unix_stream_socket { read write };
+allow crosvm devpts:chr_file { read write getattr ioctl };
# crosvm tries to use netlink sockets as part its APCI implementation, but we don't need it for AVF (b/228077254)
dontaudit crosvm self:netlink_generic_socket create_socket_perms_no_ioctl;
diff --git a/private/virtualizationmanager.te b/private/virtualizationmanager.te
index bfad8e7..b6bcd98 100644
--- a/private/virtualizationmanager.te
+++ b/private/virtualizationmanager.te
@@ -7,6 +7,9 @@
allow virtualizationmanager adbd:fd use;
allow virtualizationmanager adbd:unix_stream_socket { read write };
+# Allow writing VM logs to the shell console
+allow virtualizationmanager devpts:chr_file { read write getattr ioctl };
+
# Let the virtualizationmanager domain use Binder.
binder_use(virtualizationmanager)