Allow reading proc file in crosvm process for reading cpu/mem stat in VM Bug: 257159905 Test: N/A Change-Id: Ica4da2f7f29be2c4f3f9446040247bee36e42f1a

commit: 9f240f2d68681921eb1d38fcb92511a72adeed12 [log] [tgz]
author: Seungjae Yoo <seungjaeyoo@google.com> Mon Nov 14 14:56:20 2022 +0900
committer: Seungjae Yoo <seungjaeyoo@google.com> Mon Nov 14 15:24:27 2022 +0900
tree: f38af9ba85792407911fe4c3e3ad52d25be99e85
parent: 1c92a1262e2776dd5248ea8706b03689ece0abd6 [diff]
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index f41e7cc..46871b7 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te

@@ -84,6 +84,9 @@
 allow virtualizationservice tombstone_data_file:file { append getattr };
 allow virtualizationservice tombstoned:fd use;
 
+# Allow reading files under /proc/[crosvm pid]/, for collecting CPU & memory usage inside VM.
+r_dir_file(virtualizationservice, crosvm);
+
 neverallow {
   domain
   -init
commit	9f240f2d68681921eb1d38fcb92511a72adeed12	[log] [tgz]
author	Seungjae Yoo <seungjaeyoo@google.com>	Mon Nov 14 14:56:20 2022 +0900
committer	Seungjae Yoo <seungjaeyoo@google.com>	Mon Nov 14 15:24:27 2022 +0900
tree	f38af9ba85792407911fe4c3e3ad52d25be99e85
parent	1c92a1262e2776dd5248ea8706b03689ece0abd6 [diff]