Allow piping console output to clients

Any virtualization service client should be able to use a pipe for the
VM log fds.

We previously had some support for this in crosvm (but appdomain is
the wrong label), but not for virtualizationservice. Instead I've
centralised it in the virtualizationservice_use macro so it applies to
exactly those things that can start a VM.

I've removed read permission from crosvm; it doesn't seem to be
needed, and logically it shouldn't be.

Test: Patch in https://r.android.com/1997004, see no denials
Change-Id: Ia9cff469c552dd297ed02932e9e91a5a8cc2c13f
This commit is contained in:
Alan Stokes 2022-02-23 17:12:27 +00:00
parent 275836a9af
commit 23161e51cc
2 changed files with 2 additions and 1 deletions

View file

@ -59,7 +59,6 @@ allow crosvm {
# Allow crosvm to pipe console log to shell or app which could be the owner of a VM. # Allow crosvm to pipe console log to shell or app which could be the owner of a VM.
allow crosvm adbd:fd use; allow crosvm adbd:fd use;
allow crosvm adbd:unix_stream_socket { read write }; allow crosvm adbd:unix_stream_socket { read write };
allow crosvm appdomain:fifo_file { read write };
# The console log can also be written to /data/local/tmp. This is not safe as the log then can be # The console log can also be written to /data/local/tmp. This is not safe as the log then can be
# visible to the processes which don't own the VM. Therefore, this is a debugging only feature. # visible to the processes which don't own the VM. Therefore, this is a debugging only feature.

View file

@ -191,6 +191,8 @@ binder_call(virtualizationservice, $1)
# Let the client pass file descriptors to virtualizationservice and on # Let the client pass file descriptors to virtualizationservice and on
# to crosvm # to crosvm
allow { virtualizationservice crosvm } $1:fd use; allow { virtualizationservice crosvm } $1:fd use;
# Allow piping console log to the client
allow { virtualizationservice crosvm } $1:fifo_file write;
# Allow client to read/write vsock created by virtualizationservice to # Allow client to read/write vsock created by virtualizationservice to
# communicate with the VM that it created. Notice that we do not grant # communicate with the VM that it created. Notice that we do not grant
# permission to create a vsock; the client can only connect to VMs # permission to create a vsock; the client can only connect to VMs