Merge "Allow VM clients access to hypervisor capability" am: 391f2b26fc am: eb03dcc59c am: 8f2e879b23

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1970590 Change-Id: I3675f068ba1605fba56a0c098b98b810db0f597a
2022-02-04 10:14:01 +00:00 · 2022-02-04 10:14:01 +00:00 · 67cd76be91
commit 67cd76be91
parent 4b5d769ca0 8f2e879b23
1 changed files with 2 additions and 0 deletions
--- a/public/te_macros
+++ b/public/te_macros
@ -196,6 +196,8 @@ allow { virtualizationservice crosvm } $1:fd use;
 # permission to create a vsock; the client can only connect to VMs
 # that it owns.
 allow $1 virtualizationservice:vsock_socket { getattr read write };
+# Allow client to inspect hypervisor capabilities
+get_prop($1, hypervisor_prop)
 ')

 #####################################