Merge "Allow dex2oat to use userfaultfd in microdroid"
diff --git a/private/crosvm.te b/private/crosvm.te
index 25d3309..26b1df3 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te
@@ -19,6 +19,9 @@
# Let crosvm receive file descriptors from VirtualizationService.
allow crosvm virtualizationservice:fd use;
+# Allow sending VirtualizationService the failure reason from the VM via pipe.
+allow crosvm virtualizationservice:fifo_file write;
+
# Let crosvm read the composite disk images (virtualizationservice_data_file), APEXes
# (staging_data_file), APKs (apk_data_file and shell_data_file where the latter is for test apks in
# /data/local/tmp), and instance.img (app_data_file). Note that the open permission is not given as
diff --git a/public/installd.te b/public/installd.te
index 1ef4fc7..b0b2815 100644
--- a/public/installd.te
+++ b/public/installd.te
@@ -115,6 +115,15 @@
allow installd app_data_file_type:dir { create_dir_perms relabelfrom relabelto };
allow installd app_data_file_type:notdevfile_class_set { create_file_perms relabelfrom relabelto };
+# Allow setting extended attributes (for project quota IDs) on dirs
+# and to enable project ID inheritance through FS_IOC_SETFLAGS
+allowxperm installd { app_data_file_type system_data_file }:{ dir file } ioctl {
+ FS_IOC_FSGETXATTR
+ FS_IOC_FSSETXATTR
+ FS_IOC_GETFLAGS
+ FS_IOC_SETFLAGS
+};
+
# Similar for the files under /data/misc/profiles/
allow installd user_profile_root_file:dir { create_dir_perms relabelfrom };
allow installd user_profile_data_file:dir { create_dir_perms relabelto };