Merge "private: hal_widevine_system: support private storage" into main

commit: ac9d919f535e889c7e52fbbd82d71de6ca5c4c73 [log] [tgz]
author: Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> Mon Mar 17 17:44:19 2025 -0700
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Mon Mar 17 17:44:19 2025 -0700
tree: 975f03fa742872a3fd0298a8d4c93d6d3289b66f
parent: b988cf7b480f34549ea3f6fb44b9cc8f2881058c [diff]
parent: 967f71811b10a54589cb6b91009b2ff1ad0f8c0d [diff]
diff --git a/microdroid/system/private/microdroid_manager.te b/microdroid/system/private/microdroid_manager.te
index 96a05f7..d2820fb 100644
--- a/microdroid/system/private/microdroid_manager.te
+++ b/microdroid/system/private/microdroid_manager.te

@@ -45,6 +45,11 @@
 allowxperm microdroid_manager vd_device:blk_file ioctl BLKFLSBUF;
 allow microdroid_manager self:global_capability_class_set sys_admin;
 
+# microdroid_manager needs to adjust the priority of the payload process.
+# It requires the sys_nice cap as well.
+allow microdroid_manager microdroid_app:process setsched;
+allow microdroid_manager self:global_capability_class_set sys_nice;
+
 # Allow microdroid_manager to remove capabilities from it's capability bounding set.
 allow microdroid_manager self:global_capability_class_set setpcap;
commit	ac9d919f535e889c7e52fbbd82d71de6ca5c4c73	[log] [tgz]
author	Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>	Mon Mar 17 17:44:19 2025 -0700
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Mon Mar 17 17:44:19 2025 -0700
tree	975f03fa742872a3fd0298a8d4c93d6d3289b66f
parent	b988cf7b480f34549ea3f6fb44b9cc8f2881058c [diff]
parent	967f71811b10a54589cb6b91009b2ff1ad0f8c0d [diff]