virtualizationmanager is a client of secretkeeper It ferries SecretManagement messages to/from Sk. Reflect this is sepolicies. Test: With topic, check selinux denials Bug: 291213394 Change-Id: I0acc06424eb834d66a85f9d4f6b8b632d95c4190

commit: e6c5f205e0f36cb9b7c446845508b839135d8b29 [log] [tgz]
author: Shikha Panwar <shikhapanwar@google.com> Wed Dec 13 12:06:19 2023 +0000
committer: Shikha Panwar <shikhapanwar@google.com> Thu Dec 14 17:05:16 2023 +0000
tree: a722ac3179bbc266163efab3ab99efa72d8b05fc
parent: cc90a2a0c67bf68117bb00c93927ea67727b069b [diff]
diff --git a/private/virtualizationmanager.te b/private/virtualizationmanager.te
index 40d95c6..725ca72 100644
--- a/private/virtualizationmanager.te
+++ b/private/virtualizationmanager.te

@@ -87,6 +87,10 @@
 allow virtualizationmanager sysfs_dt_avf:dir search;
 allow virtualizationmanager sysfs_dt_avf:file { open read };
 
+# virtualizationmanager to be client of secretkeeper HAL. It ferries SecretManagement messages
+# from pVM to HAL.
+hal_client_domain(virtualizationmanager, hal_secretkeeper);
+
 # Let virtualizationmanager open test artifacts under /data/local/tmp with file path.
 # (e.g. custom debug policy)
 userdebug_or_eng(`
commit	e6c5f205e0f36cb9b7c446845508b839135d8b29	[log] [tgz]
author	Shikha Panwar <shikhapanwar@google.com>	Wed Dec 13 12:06:19 2023 +0000
committer	Shikha Panwar <shikhapanwar@google.com>	Thu Dec 14 17:05:16 2023 +0000
tree	a722ac3179bbc266163efab3ab99efa72d8b05fc
parent	cc90a2a0c67bf68117bb00c93927ea67727b069b [diff]