Allow crosvm to open test artifacts in shell_data_file Test: Try open /data/local/tmp/a from crovm Bug: 260802656, Bug: 243672257 Change-Id: I90e2fe892f1028ea5add91a41389e2f7e812f988

commit: 7b843d4ebf10b8fbfe23e57efcf896985ce744b1 [log] [tgz]
author: Jaewan Kim <jaewan@google.com> Wed Dec 07 16:18:18 2022 +0900
committer: Jaewan Kim <jaewan@google.com> Sat Dec 10 11:34:42 2022 +0900
tree: d12d8317754870e8e6ab73f61711c816accca6cd
parent: c3802445d0c8ab1b0ebabdef05f24824f7b1edf2 [diff] [blame]
diff --git a/private/crosvm.te b/private/crosvm.te
index 9c45131..d4d29b0 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te

@@ -42,6 +42,12 @@
 # Note that the open permission is not given as the socket is passed by FD.
 allow crosvm virtualizationservice:unix_stream_socket { accept read write getattr getopt };
 
+# Let crosvm open test artifacts under /data/local/tmp with file path. (e.g. custom pvmfw.img)
+userdebug_or_eng(`
+  allow crosvm shell_data_file:dir search;
+  allow crosvm shell_data_file:file open;
+')
+
 # The instance image and the composite image should be writable as well because they could represent
 # mutable disks.
 allow crosvm {
commit	7b843d4ebf10b8fbfe23e57efcf896985ce744b1	[log] [tgz]
author	Jaewan Kim <jaewan@google.com>	Wed Dec 07 16:18:18 2022 +0900
committer	Jaewan Kim <jaewan@google.com>	Sat Dec 10 11:34:42 2022 +0900
tree	d12d8317754870e8e6ab73f61711c816accca6cd
parent	c3802445d0c8ab1b0ebabdef05f24824f7b1edf2 [diff] [blame]