Merge "Allow reading proc file in crosvm process for reading cpu/mem stat in VM" am: b43e1b1c19 am: 3d9b334391

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2300539

Change-Id: Id7f2212487ae352746226c6342c4f2b96abefbfb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index f41e7cc..46871b7 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te
@@ -84,6 +84,9 @@
 allow virtualizationservice tombstone_data_file:file { append getattr };
 allow virtualizationservice tombstoned:fd use;
 
+# Allow reading files under /proc/[crosvm pid]/, for collecting CPU & memory usage inside VM.
+r_dir_file(virtualizationservice, crosvm);
+
 neverallow {
   domain
   -init