Merge "Don't prevent crosvm from accessing vendor-owned VM disk images" am: 11d2b1c5c9 am: 88e069900e

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1789271

Change-Id: I06bef31e792e6f8c6e6745e9281dbaf518674016

private/compat/31.0/31.0.ignore.cil

@@ -19,4 +19,6 @@
     untrusted_app_30
     proc_vendor_sched
     sysfs_vendor_sched
+    vendor_vm_file
+    vendor_vm_data_file
   ))

private/crosvm.te

@@ -61,3 +61,17 @@ allow crosvm appdomain:fifo_file { read write };
 # The console log can also be written to /data/local/tmp. This is not safe as the log then can be
 # visible to the processes which don't own the VM. Therefore, this is a debugging only feature.
 userdebug_or_eng(`allow crosvm shell_data_file:file w_file_perms;')
+
+# Don't allow crosvm to have access to ordinary vendor files that are not for VMs.
+full_treble_only(`
+  neverallow crosvm {
+    vendor_file_type
+    -vendor_vm_file
+    -vendor_vm_data_file
+    # These types are not required for crosvm, but the access is granted to globally in domain.te
+    # thus should be exempted here.
+    -vendor_configs_file
+    -vndk_sp_file
+    -vendor_task_profiles_file
+  }:file *;
+')

private/domain.te

@@ -476,6 +476,7 @@ full_treble_only(`
     coredomain
     # TODO(b/37168747): clean up fwk access to /vendor
     -crash_dump
+    -crosvm # loads vendor-specific disk images
     -init # starts vendor executables
     -iorap_inode2filename
     -iorap_prefetcherd

public/file.te

@@ -247,6 +247,11 @@ type vendor_keylayout_file, vendor_file_type, file_type;
 type vendor_keychars_file, vendor_file_type, file_type;
 type vendor_idc_file, vendor_file_type, file_type;
 
+# SoC-specific virtual machine disk files
+type vendor_vm_file, vendor_file_type, file_type;
+# SoC-specific virtual machine disk files that are mutable
+type vendor_vm_data_file, vendor_file_type, file_type;
+
 # /metadata partition itself
 type metadata_file, file_type;
 # Vold files within /metadata