Merge "crosvm doesn't need IPC_LOCK" into main am: 31b6d34f6b am: 9dae492da8 Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2928271 Change-Id: I5a9d02abb1643ee9fb1de2af888cc1dcee85cecd Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

commit: b834569d64df39a6931cc2db03cf9834a17ea666 [log] [tgz]
author: Alan Stokes <alanstokes@google.com> Mon Jan 29 09:58:41 2024 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Mon Jan 29 09:58:41 2024 +0000
tree: 2afdef53b1484943aa810faeb9010415729f1546
parent: ff1df8876c01ef2cb67ee93f7b36ffad73d658fd [diff]
parent: 9dae492da869c95732d825546985e2f19f6c1288 [diff]
diff --git a/private/crosvm.te b/private/crosvm.te
index ed89b87..6cd3969 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te

@@ -45,9 +45,6 @@
 # Allow searching the directory where the composite disk images are.
 allow crosvm virtualizationservice_data_file:dir search;
 
-# Allow crosvm to mlock guest memory.
-allow crosvm self:capability ipc_lock;
-
 # Let crosvm access its control socket as created by VS.
 #   read, write, getattr: listener socket polling
 #   accept: listener socket accepting new connection
commit	b834569d64df39a6931cc2db03cf9834a17ea666	[log] [tgz]
author	Alan Stokes <alanstokes@google.com>	Mon Jan 29 09:58:41 2024 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Mon Jan 29 09:58:41 2024 +0000
tree	2afdef53b1484943aa810faeb9010415729f1546
parent	ff1df8876c01ef2cb67ee93f7b36ffad73d658fd [diff]
parent	9dae492da869c95732d825546985e2f19f6c1288 [diff]