From 34c9f949387c9e8921ce208ee4c6d1c08df5c954 Mon Sep 17 00:00:00 2001 From: Alice Wang Date: Wed, 5 Oct 2022 13:47:32 +0000 Subject: [PATCH] Allow the microdroid app to use vm payload service Bug: 243512047 Test: atest MicrodroidTestApp Change-Id: I651781a7cf87b3fa31828a1b46d33dc7f381614c --- microdroid/system/private/microdroid_manager.te | 3 +++ microdroid/system/private/microdroid_payload.te | 4 ++++ microdroid/system/private/service_contexts | 1 + microdroid/system/public/type.te | 1 + 4 files changed, 9 insertions(+) diff --git a/microdroid/system/private/microdroid_manager.te b/microdroid/system/private/microdroid_manager.te index 06fb9790e..714450cec 100644 --- a/microdroid/system/private/microdroid_manager.te +++ b/microdroid/system/private/microdroid_manager.te @@ -51,6 +51,9 @@ binder_call(microdroid_manager, dice_service) allow microdroid_manager { dice_node_service dice_maintenance_service }:service_manager find; allow microdroid_manager dice_service:diced { derive demote_self }; +# microdroid_manager can add virtual_machine_payload_service +add_service(microdroid_manager, vm_payload_binder_service) + # microdroid_manager create /apex/vm-payload-metadata for apexd # TODO(b/199371341) create a new label for the file so that only microdroid_manager can create it. allow microdroid_manager apex_mnt_dir:dir w_dir_perms; diff --git a/microdroid/system/private/microdroid_payload.te b/microdroid/system/private/microdroid_payload.te index 4ea187b95..851a85a3b 100644 --- a/microdroid/system/private/microdroid_payload.te +++ b/microdroid/system/private/microdroid_payload.te @@ -47,3 +47,7 @@ allow microdroid_payload authfs_data_file:dir search; # Read and write files authfs-proxied files. allow microdroid_payload authfs_fuse:dir rw_dir_perms; allow microdroid_payload authfs_fuse:file create_file_perms; + +# Allow use of virtual_machine_payload_service. +allow microdroid_payload vm_payload_binder_service:service_manager find; +binder_call(microdroid_payload, microdroid_manager) diff --git a/microdroid/system/private/service_contexts b/microdroid/system/private/service_contexts index 76bae22fc..721f6beef 100644 --- a/microdroid/system/private/service_contexts +++ b/microdroid/system/private/service_contexts @@ -1,6 +1,7 @@ adb u:object_r:adb_service:s0 android.security.dice.IDiceMaintenance u:object_r:dice_maintenance_service:s0 android.security.dice.IDiceNode u:object_r:dice_node_service:s0 +virtual_machine_payload_service u:object_r:vm_payload_binder_service:s0 apexservice u:object_r:apex_service:s0 authfs_service u:object_r:authfs_binder_service:s0 manager u:object_r:service_manager_service:s0 diff --git a/microdroid/system/public/type.te b/microdroid/system/public/type.te index b4c49c831..7dfd862b0 100644 --- a/microdroid/system/public/type.te +++ b/microdroid/system/public/type.te @@ -6,6 +6,7 @@ type default_android_service, service_manager_type; type dice_maintenance_service, service_manager_type; type dice_node_service, service_manager_type; type hal_dice_service, service_manager_type; +type vm_payload_binder_service, service_manager_type; type service_manager_service, service_manager_type; type system_linker; type vm_payload_key;