Grant TUNSETOFFLOAD to crosvm for running ferrochrome For running ferrochrome with VmLauncherApp, found it requires to grant TUNSETOFFLOAD to crosvm. Bug: 340376953 Test: atest MicrodroidTests Change-Id: Iba251cb72da64d46224751cb97368835f7c0f68c

commit: fcecae75a7203a985b137ebf9154a85e8f333dad [log] [tgz]
author: Seungjae Yoo <seungjaeyoo@google.com> Fri Jun 14 15:27:05 2024 +0900
committer: Seungjae Yoo <seungjaeyoo@google.com> Fri Jun 14 16:57:59 2024 +0900
tree: b7a6f206053c29a0d3d1ea6e1cd2e643b448dceb
parent: 9d04376e5555e76d5095b4926922f0cf01c0ce85 [diff] [blame]
diff --git a/private/crosvm.te b/private/crosvm.te
index cddab36..0c2acb9 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te

@@ -135,7 +135,7 @@
 is_flag_enabled(RELEASE_AVF_ENABLE_NETWORK, `
     # Allow crosvm to deal with file descriptors of TAP interfaces.
     allow crosvm tun_device:chr_file rw_file_perms;
-    allowxperm crosvm tun_device:chr_file ioctl { TUNGETIFF TUNSETVNETHDRSZ };
+    allowxperm crosvm tun_device:chr_file ioctl { TUNGETIFF TUNSETOFFLOAD TUNSETVNETHDRSZ };
     allow crosvm self:udp_socket create_socket_perms;
     allowxperm crosvm self:udp_socket ioctl SIOCGIFMTU;
     allow crosvm vmnic:fd use;
commit	fcecae75a7203a985b137ebf9154a85e8f333dad	[log] [tgz]
author	Seungjae Yoo <seungjaeyoo@google.com>	Fri Jun 14 15:27:05 2024 +0900
committer	Seungjae Yoo <seungjaeyoo@google.com>	Fri Jun 14 16:57:59 2024 +0900
tree	b7a6f206053c29a0d3d1ea6e1cd2e643b448dceb
parent	9d04376e5555e76d5095b4926922f0cf01c0ce85 [diff] [blame]