Merge "Allow profman to read from memfd created by artd." into main

commit: b6a3360ea3d826d3c8b25dd5a82a9a5d21183d6e [log] [tgz]
author: Jiakai Zhang <jiakaiz@google.com> Thu Oct 12 14:59:38 2023 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Oct 12 14:59:38 2023 +0000
tree: 99d60a34faf0cf767d2cb72f1d609939d882a3f5
parent: b5114387a06fdbfbc16fcd8426816d9015e17343 [diff]
parent: 8ff6c55fc42f7cb845f722da60c36e11b6505884 [diff]
diff --git a/private/profman.te b/private/profman.te
index 390f83e..7ad49b2 100644
--- a/private/profman.te
+++ b/private/profman.te

@@ -10,3 +10,8 @@
 
 # Allow profman to use file descriptors passed from privileged programs.
 allow profman { artd installd }:fd use;
+
+# Allow profman to read from memfd created by artd.
+# profman needs to read the embedded profile that artd extracts from an APK,
+# which is passed by a memfd.
+allow profman artd_tmpfs:file { getattr read map lock };
commit	b6a3360ea3d826d3c8b25dd5a82a9a5d21183d6e	[log] [tgz]
author	Jiakai Zhang <jiakaiz@google.com>	Thu Oct 12 14:59:38 2023 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Thu Oct 12 14:59:38 2023 +0000
tree	99d60a34faf0cf767d2cb72f1d609939d882a3f5
parent	b5114387a06fdbfbc16fcd8426816d9015e17343 [diff]
parent	8ff6c55fc42f7cb845f722da60c36e11b6505884 [diff]