Allow avf VTS to read /data/nativetest
Bug: 399812221
Test: atest vts_libavf_test
Change-Id: Iea027bb4dd86cb0a72ea987140a64f087b86ee78
diff --git a/private/crosvm.te b/private/crosvm.te
index 6051992..11c70ad 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te
@@ -172,6 +172,9 @@
# Early VMs may print messages to kmsg_debug_device.
allow crosvm kmsg_debug_device:chr_file w_file_perms;
+# Allow crosvm to read /data/nativetest for VTS
+r_dir_file(crosvm, nativetest_data_file)
+
# Don't allow crosvm to open files that it doesn't own.
# This is important because a malicious application could try to start a VM with a composite disk
# image referring by name to files which it doesn't have permission to open, trying to get crosvm to
diff --git a/private/virtualizationmanager.te b/private/virtualizationmanager.te
index 95bdd1c..6e973d6 100644
--- a/private/virtualizationmanager.te
+++ b/private/virtualizationmanager.te
@@ -114,6 +114,9 @@
# Allow virtualizationmanager to read microdroid related files in vendor partition
r_dir_file(virtualizationmanager, vendor_microdroid_file)
+# Allow virtualizationmanager to read /data/nativetest for VTS
+r_dir_file(virtualizationmanager, nativetest_data_file)
+
# Do not allow writing vendor_microdroid_file from any process.
neverallow {
domain