Allow avf VTS to read /data/nativetest am: e398f7f6f1 am: 316e7e9b1f
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3522930
Change-Id: I56e662a2872a61c44f59dc7e820516496139a1a5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/private/crosvm.te b/private/crosvm.te
index 6051992..11c70ad 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te
@@ -172,6 +172,9 @@
# Early VMs may print messages to kmsg_debug_device.
allow crosvm kmsg_debug_device:chr_file w_file_perms;
+# Allow crosvm to read /data/nativetest for VTS
+r_dir_file(crosvm, nativetest_data_file)
+
# Don't allow crosvm to open files that it doesn't own.
# This is important because a malicious application could try to start a VM with a composite disk
# image referring by name to files which it doesn't have permission to open, trying to get crosvm to
diff --git a/private/virtualizationmanager.te b/private/virtualizationmanager.te
index 95bdd1c..6e973d6 100644
--- a/private/virtualizationmanager.te
+++ b/private/virtualizationmanager.te
@@ -114,6 +114,9 @@
# Allow virtualizationmanager to read microdroid related files in vendor partition
r_dir_file(virtualizationmanager, vendor_microdroid_file)
+# Allow virtualizationmanager to read /data/nativetest for VTS
+r_dir_file(virtualizationmanager, nativetest_data_file)
+
# Do not allow writing vendor_microdroid_file from any process.
neverallow {
domain