Allow authfs to read extra APK mount Bug: 206869687 Test: Add debug log to compos. See correct content from the proto. Change-Id: I4f2b4096808efc1b15c218a225b451731f37e43d

commit: a59b0303416d63229d6549a1e962ab48da4af06c [log] [tgz]
author: Victor Hsieh <victorhsieh@google.com> Wed Jan 05 15:18:10 2022 -0800
committer: Victor Hsieh <victorhsieh@google.com> Wed Jan 05 15:21:51 2022 -0800
tree: dc710d01173d10e352cf0ad326ff505f8fd48b03
parent: f650c54ee1ba5b1861cb08906fecd9d3baeb0d82 [diff]
diff --git a/microdroid/system/private/authfs.te b/microdroid/system/private/authfs.te
index 7bd39e4..23e881d 100644
--- a/microdroid/system/private/authfs.te
+++ b/microdroid/system/private/authfs.te

@@ -17,5 +17,9 @@
 allow authfs authfs_fuse:filesystem { mount relabelfrom relabelto };
 allow authfs authfs_data_file:dir { mounton search };
 
+# Allow authfs to access extra APK mount.
+allow authfs extra_apk_file:file r_file_perms;
+allow authfs extra_apk_file:dir search;
+
 # TODO(195568812): Don't pass FD 0,1,2 unnecessarily.
 allow authfs authfs_service:fd use;
commit	a59b0303416d63229d6549a1e962ab48da4af06c	[log] [tgz]
author	Victor Hsieh <victorhsieh@google.com>	Wed Jan 05 15:18:10 2022 -0800
committer	Victor Hsieh <victorhsieh@google.com>	Wed Jan 05 15:21:51 2022 -0800
tree	dc710d01173d10e352cf0ad326ff505f8fd48b03
parent	f650c54ee1ba5b1861cb08906fecd9d3baeb0d82 [diff]