AppSearch/IsolatedStorageService: allow system_server to communicate with a virtual machine Test: appsearch cts tests Bug: 396144272 Flag: com.android.appsearch.flags.enable_isolated_storage Ignore-AOSP-First: internal project Change-Id: I58872bee5d4a7bc02abdd7c6e23e55d1e5ff4475

commit: a327e8fff2520eac7e073e2d54c6058caf36832c [log] [tgz]
author: Lingyun Zhao <lingyunzhao@google.com> Mon Mar 17 11:11:58 2025 -0700
committer: Lingyun Zhao <lingyunzhao@google.com> Mon Mar 17 18:18:03 2025 -0700
tree: 2af5180763156493282c71e64be71ca5fd8832c7
parent: c9437d1cf0656d605fdd1d1796234f606a5bc0c5 [diff]
diff --git a/private/system_server.te b/private/system_server.te
index dce1aa9..c0c1c4b 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -284,6 +284,10 @@
 # Communicate over a socket created by app_zygote.
 allow system_server app_zygote:unix_stream_socket { read write connectto setopt };
 
+# Communicate with a virtual machine (b/396144272)
+allow system_server virtualizationmanager:fd use;
+allow system_server virtualizationmanager:vsock_socket { getopt read write };
+
 # Perform Binder IPC.
 binder_use(system_server)
 binder_call(system_server, appdomain)
commit	a327e8fff2520eac7e073e2d54c6058caf36832c	[log] [tgz]
author	Lingyun Zhao <lingyunzhao@google.com>	Mon Mar 17 11:11:58 2025 -0700
committer	Lingyun Zhao <lingyunzhao@google.com>	Mon Mar 17 18:18:03 2025 -0700
tree	2af5180763156493282c71e64be71ca5fd8832c7
parent	c9437d1cf0656d605fdd1d1796234f606a5bc0c5 [diff]