Merge "Add microdroid sepolicy test support"

microdroid/Android.bp

@@ -280,3 +280,11 @@ prebuilt_etc {
     relative_install_path: "selinux",
     installable: false,
 }
+
+// For CTS
+se_policy_conf {
+    name: "microdroid_general_sepolicy.conf",
+    srcs: system_policy_files,
+    exclude_build_test: true,
+    installable: false,
+}

microdroid/system/private/adbd.te

@@ -48,6 +48,11 @@ set_prop(adbd, shell_prop)
 # Set service.adb.tcp.port, service.adb.tls.port, persist.adb.wifi.* properties
 set_prop(adbd, adbd_prop)
 
+# Allow pulling the SELinux policy for CTS purposes
+allow adbd selinuxfs:dir r_dir_perms;
+allow adbd selinuxfs:file r_file_perms;
+allow adbd kernel:security read_policy;
+
 # adbd tries to run mdnsd, but mdnsd doesn't exist. Just dontaudit ctl permissions.
 # TODO(b/200902288): patch adb and remove this rule
 dontaudit adbd { ctl_default_prop ctl_start_prop }:property_service set;