Allow virtualizationmanager to read AVF debug policy virtualizationmanager may handle some AVF debug policies for unproteted VM. Bug: 243630590 Test: Run unprotected VM with/without ramdump Change-Id: I2941761efe230a9925d1146f8ac55b50e984a4e9

commit: 93f5788ec5ed65157a379ebf63042d7a2b0274c1 [log] [tgz]
author: Jaewan Kim <jaewan@google.com> Tue Feb 07 01:49:24 2023 +0900
committer: Jaewan Kim <jaewan@google.com> Tue Feb 07 02:04:02 2023 +0900
tree: ec8f72ae28a0f765a2f85e5acad0a913bc5dcbd5
parent: 15d5e5f1739451691d7d034a326000fff621bb88 [diff] [blame]
diff --git a/private/virtualizationmanager.te b/private/virtualizationmanager.te
index 4cd32b7..946c783 100644
--- a/private/virtualizationmanager.te
+++ b/private/virtualizationmanager.te

@@ -69,6 +69,10 @@
 allow virtualizationmanager tombstone_data_file:file { append getattr };
 allow virtualizationmanager tombstoned:fd use;
 
+# Allow virtualizationservice to read AVF debug policy
+allow virtualizationmanager sysfs_dt_avf:dir search;
+allow virtualizationmanager sysfs_dt_avf:file { open read };
+
 # Allow reading files under /proc/[crosvm pid]/, for collecting CPU & memory usage inside VM.
 r_dir_file(virtualizationmanager, crosvm);
commit	93f5788ec5ed65157a379ebf63042d7a2b0274c1	[log] [tgz]
author	Jaewan Kim <jaewan@google.com>	Tue Feb 07 01:49:24 2023 +0900
committer	Jaewan Kim <jaewan@google.com>	Tue Feb 07 02:04:02 2023 +0900
tree	ec8f72ae28a0f765a2f85e5acad0a913bc5dcbd5
parent	15d5e5f1739451691d7d034a326000fff621bb88 [diff] [blame]