microdroid: Add support for extra apk files extra_apk_file is a new label only for APK files passed to microdroid. microdroid_manager will create directories under /mnt/extra-apk/, and zipfuse will mount APK block devices to the directories. Currently only payload can read the files. Bug: 205224817 Test: manually edit vm config and see APK files mounted Change-Id: Ie5afb3156f22bb18979ec70904be675e8ff285a7

commit: 8565b96a3aab656c00ebbffc8451529b7e3c286a [log] [tgz]
author: Inseob Kim <inseob@google.com> Mon Nov 29 14:56:46 2021 +0900
committer: Inseob Kim <inseob@google.com> Wed Dec 08 14:10:28 2021 +0900
tree: 56dc531e2ade9e0e7eed7f95f02755ec6c7bd0f8
parent: 9a93d79a92000ba8b4f27522032f9262a0d15783 [diff] [blame]
diff --git a/microdroid/system/private/file.te b/microdroid/system/private/file.te
index cbbd379..18fa8bb 100644
--- a/microdroid/system/private/file.te
+++ b/microdroid/system/private/file.te

@@ -4,6 +4,7 @@
 allow cgroup_rc_file tmpfs:filesystem associate;
 allow debugfs_type { debugfs debugfs_tracing debugfs_tracing_debug }:filesystem associate;
 allow dev_type tmpfs:filesystem associate;
+allow extra_apk_file zipfusefs:filesystem associate;
 allow file_type labeledfs:filesystem associate;
 allow file_type tmpfs:filesystem associate;
 allow file_type rootfs:filesystem associate;
commit	8565b96a3aab656c00ebbffc8451529b7e3c286a	[log] [tgz]
author	Inseob Kim <inseob@google.com>	Mon Nov 29 14:56:46 2021 +0900
committer	Inseob Kim <inseob@google.com>	Wed Dec 08 14:10:28 2021 +0900
tree	56dc531e2ade9e0e7eed7f95f02755ec6c7bd0f8
parent	9a93d79a92000ba8b4f27522032f9262a0d15783 [diff] [blame]