Merge "Add transfer permission to wait_for_keymaster"
diff --git a/private/file.te b/private/file.te
index a024600..0f7e689 100644
--- a/private/file.te
+++ b/private/file.te
@@ -57,6 +57,9 @@
# /data/misc/odsign
type odsign_data_file, file_type, data_file_type, core_data_file_type;
+# /data/misc/virtualizationservice
+type virtualizationservice_data_file, file_type, data_file_type, core_data_file_type;
+
# /data/system/environ
type environ_system_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/private/file_contexts b/private/file_contexts
index 4a4867b..60a94b3 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -620,6 +620,7 @@
/data/misc/textclassifier(/.*)? u:object_r:textclassifier_data_file:s0
/data/misc/train-info(/.*)? u:object_r:stats_data_file:s0
/data/misc/user(/.*)? u:object_r:misc_user_data_file:s0
+/data/misc/virtualizationservice(/.*)? u:object_r:virtualizationservice_data_file:s0
/data/misc/vpn(/.*)? u:object_r:vpn_data_file:s0
/data/misc/wifi(/.*)? u:object_r:wifi_data_file:s0
/data/misc_ce/[0-9]+/wifi(/.*)? u:object_r:wifi_data_file:s0
diff --git a/private/virtmanager.te b/private/virtmanager.te
index 467f7d4..26593f3 100644
--- a/private/virtmanager.te
+++ b/private/virtmanager.te
@@ -13,5 +13,12 @@
# When virtmanager execs a file with the crosvm_exec label, run it in the crosvm domain.
domain_auto_trans(virtmanager, crosvm_exec, crosvm)
+# Let virtmanager exec other files (e.g. mk_cdisk) in the same domain.
+allow virtmanager system_file:file execute_no_trans;
+
# Let virtmanager kill crosvm.
allow virtmanager crosvm:process sigkill;
+
+# Let virtmanager access its data directory.
+allow virtmanager virtualizationservice_data_file:file create_file_perms;
+allow virtmanager virtualizationservice_data_file:dir create_dir_perms;