Use regular file for VM DTBO
Bug: 287379025
Test: adb shell /apex/com.android.virt/bin/vm run-microdroid \
--protected --mem 512 --devices \
/sys/bus/platform/devices/16d00000.eh
Change-Id: Id77c25f5f22672da9281078fc17f45087d893f4d
diff --git a/private/crosvm.te b/private/crosvm.te
index 3f39201..2d9a688 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te
@@ -84,7 +84,7 @@
# crosvm tries to read serial device, including the write-only pipe from virtualizationmanager (to
# forward console/log to the host logcat).
# crosvm only needs write permission, so dontaudit read
-dontaudit crosvm virtualizationmanager:fifo_file read;
+dontaudit crosvm virtualizationmanager:fifo_file { read getattr };
# Required for crosvm to start gdb-server to enable debugging of guest kernel.
allow crosvm self:tcp_socket { bind create read setopt write accept listen };
@@ -96,9 +96,9 @@
allow crosvm vfio_device:chr_file rw_file_perms;
allow crosvm vfio_device:dir r_dir_perms;
-# Allow crosvm to access VM DTBO via a pipe created by vfio handler.
-allow crosvm vfio_handler:fd use;
-allow crosvm vfio_handler:fifo_file r_file_perms;
+# Allow crosvm to access VM DTBO via a file created by virtualizationmanager.
+allow crosvm virtualizationmanager:fd use;
+allow crosvm virtualizationservice_data_file:file read;
# Don't allow crosvm to open files that it doesn't own.
# This is important because a malicious application could try to start a VM with a composite disk