Introduce vendor_microdroid_file for microdroid vendor image In AVF, virtualizationmanager checks the selinux label of given disk image for proving whether the given image is edited maliciously. Existing one(vendor_configs_file, /vendor/etc/*) was too wide to use for this purpose. Bug: 285854379 Test: m Change-Id: I6c966c92b238a2262d2eb7f41041ed4c359e9e0a

commit: d2a0892121ad6feff08fdf4b8ac373c524a1f8da [log] [tgz]
author: Seungjae Yoo <seungjaeyoo@google.com> Wed Nov 15 17:59:30 2023 +0900
committer: Seungjae Yoo <seungjaeyoo@google.com> Thu Nov 16 16:44:15 2023 +0900
tree: 1a991b2708a6831a9c846ffd3d8a5cc204f5c293
parent: a5463fd4b9db8198188396ab38723053c823f092 [diff] [blame]
diff --git a/private/shell.te b/private/shell.te
index aa6bef8..e410862 100644
--- a/private/shell.te
+++ b/private/shell.te

@@ -132,6 +132,9 @@
 allow shell self:perf_event { open read write kernel };
 neverallow shell self:perf_event ~{ open read write kernel };
 
+# Allow shell to read microdroid vendor image
+r_dir_file(shell, vendor_microdroid_file)
+
 # Allow shell to read /apex/apex-info-list.xml and the vendor apexes
 allow shell apex_info_file:file r_file_perms;
 allow shell vendor_apex_file:file r_file_perms;
commit	d2a0892121ad6feff08fdf4b8ac373c524a1f8da	[log] [tgz]
author	Seungjae Yoo <seungjaeyoo@google.com>	Wed Nov 15 17:59:30 2023 +0900
committer	Seungjae Yoo <seungjaeyoo@google.com>	Thu Nov 16 16:44:15 2023 +0900
tree	1a991b2708a6831a9c846ffd3d8a5cc204f5c293
parent	a5463fd4b9db8198188396ab38723053c823f092 [diff] [blame]