Merge "microdroid_manager: allow to read dm_device"

commit: 996da475a1e112ec363c7540a585a8a1bad646d0 [log] [tgz]
author: Jooyung Han <jooyung@google.com> Mon Aug 09 17:49:16 2021 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Mon Aug 09 17:49:16 2021 +0000
tree: 04047720275b6802ea64da88b03f657a487f7307
parent: 14aad3711dd669cc45c1b9d22bf22041a64dc203 [diff]
parent: 2ac60775e0f8d93527bffc0dfc1500437cbd4390 [diff]
diff --git a/microdroid/system/private/microdroid_manager.te b/microdroid/system/private/microdroid_manager.te
index 728d156..3e450f6 100644
--- a/microdroid/system/private/microdroid_manager.te
+++ b/microdroid/system/private/microdroid_manager.te

@@ -10,6 +10,8 @@
 allow microdroid_manager block_device:dir r_dir_perms;
 allow microdroid_manager block_device:lnk_file r_file_perms;
 allow microdroid_manager vd_device:blk_file r_file_perms;
+# microdroid_manager verifies DM-verity mounted APK payload
+allow microdroid_manager dm_device:blk_file r_file_perms;
 
 # Allow microdroid_manager to start payload tasks
 domain_auto_trans(microdroid_manager, microdroid_app_exec, microdroid_app)
commit	996da475a1e112ec363c7540a585a8a1bad646d0	[log] [tgz]
author	Jooyung Han <jooyung@google.com>	Mon Aug 09 17:49:16 2021 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Mon Aug 09 17:49:16 2021 +0000
tree	04047720275b6802ea64da88b03f657a487f7307
parent	14aad3711dd669cc45c1b9d22bf22041a64dc203 [diff]
parent	2ac60775e0f8d93527bffc0dfc1500437cbd4390 [diff]