Allow virtmgr to read caller exe path
This is required to check if the origin of the FDs equals to the client.
Bug: 383969737
Test: run vm
Change-Id: Ifc58551cf5022b7914cd7bc8c3e0ed67021290ec
diff --git a/public/te_macros b/public/te_macros
index e446f56..2ba15b3 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -201,6 +201,10 @@
get_prop($1, hypervisor_prop)
# Allow client to read (but not open) the crashdump provided by virtualizationmanager
allow $1 virtualizationservice_data_file:file { getattr read };
+# Allow virtualizationmanager to read the path of the client using /proc/{PID}/exe
+allow virtualizationmanager $1:dir search;
+allow virtualizationmanager $1:file read;
+allow virtualizationmanager $1:lnk_file read;
')
####################################