Allow MM to open/syncfs/close encryptedstore dir Microdroid Manager needs these permissions to sync the encryptedstore filesystem. Test: Builds Test: Check selinux denials in logs Change-Id: Iee020ae653f5d42af086ca91068e3df52c992305

commit: 992245d1b225468fbfa0d8899a1786ab646d2b0c [log] [tgz]
author: Shikha Panwar <shikhapanwar@google.com> Fri Jan 06 08:51:07 2023 +0000
committer: Shikha Panwar <shikhapanwar@google.com> Fri Jan 06 08:57:02 2023 +0000
tree: 930e9e6c57bf84e0216932f0c1b7e1e44d705e9b
parent: 17ac4a53f8e7386a87119c385946dfd78e729691 [diff]
diff --git a/microdroid/system/private/microdroid_manager.te b/microdroid/system/private/microdroid_manager.te
index a5b71f0..9e3df3b 100644
--- a/microdroid/system/private/microdroid_manager.te
+++ b/microdroid/system/private/microdroid_manager.te

@@ -45,6 +45,9 @@
 # Allow microdroid_manager to start encryptedstore binary
 domain_auto_trans(microdroid_manager, encryptedstore_exec, encryptedstore)
 
+# Microdroid Manager needs read related permission for syncing encrypted storage fs
+allow microdroid_manager encryptedstore_file:dir r_dir_perms;
+
 # Allow microdroid_manager to run kexec to load crashkernel
 domain_auto_trans(microdroid_manager, kexec_exec, kexec)
commit	992245d1b225468fbfa0d8899a1786ab646d2b0c	[log] [tgz]
author	Shikha Panwar <shikhapanwar@google.com>	Fri Jan 06 08:51:07 2023 +0000
committer	Shikha Panwar <shikhapanwar@google.com>	Fri Jan 06 08:57:02 2023 +0000
tree	930e9e6c57bf84e0216932f0c1b7e1e44d705e9b
parent	17ac4a53f8e7386a87119c385946dfd78e729691 [diff]