2df14574fa
r.android.com/2060021 made it possible for tombstone_transmit to remove the tombstone file from guest after reading it. This is the required Selinux policy for that. Bug: 232403725 Test: atest MicrodroidHostTestCases & check vm logs for avc: denials Change-Id: Ic071c0bd5ecb85f4ceae84e435afdec155fbba0b
10 lines
459 B
Text
10 lines
459 B
Text
type tombstone_transmit, domain, coredomain;
|
|
type tombstone_transmit_exec, exec_type, system_file_type, file_type;
|
|
|
|
init_daemon_domain(tombstone_transmit)
|
|
|
|
# permission required to read the file & remove it from directory
|
|
allow tombstone_transmit tombstone_data_file:dir { r_dir_perms write remove_name };
|
|
allow tombstone_transmit tombstone_data_file:file { r_file_perms unlink };
|
|
|
|
allow tombstone_transmit self:{ vsock_socket } create_socket_perms_no_ioctl;
|