From ea3e08d53ddd1a71ab34166fe7ff842d1e46bccd Mon Sep 17 00:00:00 2001
From: Jaewan Kim <jaewan@google.com>
Date: Mon, 17 Jun 2024 09:29:05 +0000
Subject: [PATCH] Allow shell to read AVF DT nodes

Hostside test needs to check existence of /proc/device-tree/avf/guest
to check whether AVF debug policy is installed.

Bug: 345118393
Test: Verified manually on tangorpro-user
(cherry picked from https://android-review.googlesource.com/q/commit:168e04da79db850714afd018a6e88da983c89579)
Merged-In: I33d6bd1bd7c5513395f162e2bcbbfd15c1b80bcd
Change-Id: I33d6bd1bd7c5513395f162e2bcbbfd15c1b80bcd
---
 private/shell.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/private/shell.te b/private/shell.te
index 263db8ceb..e421ec6c0 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -436,6 +436,9 @@ userdebug_or_eng(`
   allowxperm shell vmlauncher_app_devpts:chr_file ioctl unpriv_tty_ioctls;
 ')
 
+# Allow CTS to check whether AVF debug policy is installed
+allow shell { proc_dt_avf sysfs_dt_avf }:dir search;
+
 # Allow access to ion memory allocation device.
 allow shell ion_device:chr_file rw_file_perms;