Merge "Allow VMs to log to shell pts" am: 550f10eaeb am: 0fa23e0be1 am: c538798bb0 am: 409639ad09

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2617777 Change-Id: I96d84f94c55730c7ea96178a0ab5ecab8ab301ac Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-06-09 11:43:01 +00:00 · 2023-06-09 11:43:01 +00:00 · 2e74422464
commit 2e74422464
parent 186b4cbb64 409639ad09
2 changed files with 4 additions and 0 deletions
--- a/private/crosvm.te
+++ b/private/crosvm.te
@ -69,6 +69,7 @@ allow crosvm {
 # Allow crosvm to pipe console log to shell or app which could be the owner of a VM.
 allow crosvm adbd:fd use;
 allow crosvm adbd:unix_stream_socket { read write };
+allow crosvm devpts:chr_file { read write getattr ioctl };

 # crosvm tries to use netlink sockets as part its APCI implementation, but we don't need it for AVF (b/228077254)
 dontaudit crosvm self:netlink_generic_socket create_socket_perms_no_ioctl;
--- a/private/virtualizationmanager.te
+++ b/private/virtualizationmanager.te
@ -7,6 +7,9 @@ type virtualizationmanager_exec, system_file_type, exec_type, file_type;
 allow virtualizationmanager adbd:fd use;
 allow virtualizationmanager adbd:unix_stream_socket { read write };

+# Allow writing VM logs to the shell console
+allow virtualizationmanager devpts:chr_file { read write getattr ioctl };
+
 # Let the virtualizationmanager domain use Binder.
 binder_use(virtualizationmanager)