Allow piping VM failure reason Allow crosvm to write a VM failure reason to virtualizationservice via the pipe provided. Fixes this denial: avc: denied { write } for path="pipe:[95872]" dev="pipefs" ino=95872 scontext=u:r:crosvm:s0 tcontext=u:r:virtualizationservice:s0 tclass=fifo_file Bug: 220071963 Test: Run VM, no denial. Change-Id: I3beedc5e715aa33209d3df0cae05f45f31e79e66

commit: b02ac324206a33f68aa8414ec7c43107c482e401 [log] [tgz]
author: Alan Stokes <alanstokes@google.com> Wed Mar 09 14:05:18 2022 +0000
committer: Alan Stokes <alanstokes@google.com> Wed Mar 09 14:32:50 2022 +0000
tree: 2ea616e4b4ae2c7c9a0b1cbe48e576189b9f955c
parent: 2df2acd1e8d209a5fb549e4fa5205f3969f9ba32 [diff]
diff --git a/private/crosvm.te b/private/crosvm.te
index 25d3309..26b1df3 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te

@@ -19,6 +19,9 @@
 # Let crosvm receive file descriptors from VirtualizationService.
 allow crosvm virtualizationservice:fd use;
 
+# Allow sending VirtualizationService the failure reason from the VM via pipe.
+allow crosvm virtualizationservice:fifo_file write;
+
 # Let crosvm read the composite disk images (virtualizationservice_data_file), APEXes
 # (staging_data_file), APKs (apk_data_file and shell_data_file where the latter is for test apks in
 # /data/local/tmp), and instance.img (app_data_file). Note that the open permission is not given as
commit	b02ac324206a33f68aa8414ec7c43107c482e401	[log] [tgz]
author	Alan Stokes <alanstokes@google.com>	Wed Mar 09 14:05:18 2022 +0000
committer	Alan Stokes <alanstokes@google.com>	Wed Mar 09 14:32:50 2022 +0000
tree	2ea616e4b4ae2c7c9a0b1cbe48e576189b9f955c
parent	2df2acd1e8d209a5fb549e4fa5205f3969f9ba32 [diff]