Snap for 11473031 from 4aa156fa1a528e148cf7882dc9504563f9e1ff69 to 24Q2-release Change-Id: I9307979882e1da2ff20e6f5359c238548b7424b4

commit: 9728aefab99481c885c3ad3b2f4bcd7552b6f60d [log] [tgz]
author: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> Wed Feb 21 00:24:59 2024 +0000
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> Wed Feb 21 00:24:59 2024 +0000
tree: fc73827d9000e7815f26de977e74dd7462b0d455
parent: ba7491545704d26323251638c2ed3c62325ca456 [diff]
parent: 4aa156fa1a528e148cf7882dc9504563f9e1ff69 [diff]
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index 972f376..fcc7304 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te

@@ -33,6 +33,9 @@
 binder_call(virtualizationservice, remote_provisioning_service)
 allow virtualizationservice remote_provisioning_service:service_manager find;
 
+# Allow virtualizationservice to manage VM secrets via Secretkeeper.
+hal_client_domain(virtualizationservice, hal_secretkeeper)
+
 # Let virtualizationservice remove memlock rlimit of virtualizationmanager. This is necessary
 # to mlock VM memory and page tables.
 allow virtualizationservice self:capability sys_resource;
commit	9728aefab99481c885c3ad3b2f4bcd7552b6f60d	[log] [tgz]
author	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	Wed Feb 21 00:24:59 2024 +0000
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	Wed Feb 21 00:24:59 2024 +0000
tree	fc73827d9000e7815f26de977e74dd7462b0d455
parent	ba7491545704d26323251638c2ed3c62325ca456 [diff]
parent	4aa156fa1a528e148cf7882dc9504563f9e1ff69 [diff]