From 9f240f2d68681921eb1d38fcb92511a72adeed12 Mon Sep 17 00:00:00 2001
From: Seungjae Yoo <seungjaeyoo@google.com>
Date: Mon, 14 Nov 2022 14:56:20 +0900
Subject: [PATCH] Allow reading proc file in crosvm process for reading cpu/mem
 stat in VM

Bug: 257159905
Test: N/A
Change-Id: Ica4da2f7f29be2c4f3f9446040247bee36e42f1a
---
 private/virtualizationservice.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index f41e7ccf7..46871b760 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te
@@ -84,6 +84,9 @@ unix_socket_connect(virtualizationservice, tombstoned_crash, tombstoned)
 allow virtualizationservice tombstone_data_file:file { append getattr };
 allow virtualizationservice tombstoned:fd use;
 
+# Allow reading files under /proc/[crosvm pid]/, for collecting CPU & memory usage inside VM.
+r_dir_file(virtualizationservice, crosvm);
+
 neverallow {
   domain
   -init