Merge "Allow microdroid_manager to read /proc/bootconfig"

2021-12-07 11:06:07 +00:00 · 2021-12-07 11:06:07 +00:00 · f05ad45789
commit f05ad45789
parent edf5fa0091 3db645b83d
1 changed files with 4 additions and 0 deletions
--- a/microdroid/system/private/microdroid_manager.te
+++ b/microdroid/system/private/microdroid_manager.te
@ -73,4 +73,8 @@ get_prop(microdroid_manager, bootloader_prop)
 # Allow microdroid_manager to shutdown the device when verification fails
 set_prop(microdroid_manager, powerctl_prop)

+# Allow microdroid_manager to read bootconfig so that it can reject a bootconfig
+# that is different from what is recorded in the instance.img file.
+allow microdroid_manager proc_bootconfig:file r_file_perms;
+
 neverallow microdroid_manager { file_type fs_type }:file execute_no_trans;