crosvm now takes all files by FD. Bug: 192256642 Test: `atest VirtualizationTestCases MicrodroidHostTestCases` on Cuttlefish Change-Id: I8de557269ba56095b0264a65035296627fba8145

commit: c0b4a91a90885033263ee8261593a0445bc9c75a [log] [tgz]
author: Andrew Walbran <qwandor@google.com> Thu Aug 05 14:09:52 2021 +0000
committer: Andrew Walbran <qwandor@google.com> Fri Aug 06 13:57:17 2021 +0000
tree: d55e2a4ef257adc1029f577af6d7a005b31eff1d
parent: 1644afe507c8b2840ecc502dc8da6de7712e4570 [diff] [blame]
diff --git a/private/crosvm.te b/private/crosvm.te
index 7426ef9..95f09bb 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te

@@ -31,14 +31,9 @@
 # Allow searching the directory where the composite disk images are.
 allow crosvm virtualizationservice_data_file:dir search;
 
-# TODO(b/193402941) delete this. This for now is required because crosvm needs to open the files for
-# the GPT headers of the composite disks.
-allow crosvm virtualizationservice_data_file:file open;
-
 # Don't allow crosvm to open files that it doesn't own.
 neverallow crosvm {
-  #TODO(b/193402941) uncomment the following line
-  #virtualizationservice_data_file
+  virtualizationservice_data_file
   staging_data_file
   apk_data_file
   app_data_file
commit	c0b4a91a90885033263ee8261593a0445bc9c75a	[log] [tgz]
author	Andrew Walbran <qwandor@google.com>	Thu Aug 05 14:09:52 2021 +0000
committer	Andrew Walbran <qwandor@google.com>	Fri Aug 06 13:57:17 2021 +0000
tree	d55e2a4ef257adc1029f577af6d7a005b31eff1d
parent	1644afe507c8b2840ecc502dc8da6de7712e4570 [diff] [blame]