From 8ff6c55fc42f7cb845f722da60c36e11b6505884 Mon Sep 17 00:00:00 2001
From: Jiakai Zhang <jiakaiz@google.com>
Date: Thu, 12 Oct 2023 13:48:00 +0000
Subject: [PATCH] Allow profman to read from memfd created by artd.

Bug: 257532944

Change-Id: I13a953c533b1789eb06158a5ffa227fa986870fc
---
 private/profman.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/private/profman.te b/private/profman.te
index 390f83e62..7ad49b2f0 100644
--- a/private/profman.te
+++ b/private/profman.te
@@ -10,3 +10,8 @@ allow profman {
 
 # Allow profman to use file descriptors passed from privileged programs.
 allow profman { artd installd }:fd use;
+
+# Allow profman to read from memfd created by artd.
+# profman needs to read the embedded profile that artd extracts from an APK,
+# which is passed by a memfd.
+allow profman artd_tmpfs:file { getattr read map lock };