Allow the microdroid app to use vm payload service
Bug: 243512047 Test: atest MicrodroidTestApp Change-Id: I651781a7cf87b3fa31828a1b46d33dc7f381614c
This commit is contained in:
Alice Wang
parent
33e03e09b4
commit
34c9f94938
4 changed files with 9 additions and 0 deletions
|
|
@ -51,6 +51,9 @@ binder_call(microdroid_manager, dice_service)
|
||||||
allow microdroid_manager { dice_node_service dice_maintenance_service }:service_manager find;
|
allow microdroid_manager { dice_node_service dice_maintenance_service }:service_manager find;
|
||||||
allow microdroid_manager dice_service:diced { derive demote_self };
|
allow microdroid_manager dice_service:diced { derive demote_self };
|
||||||
|
|
||||||
|
# microdroid_manager can add virtual_machine_payload_service
|
||||||
|
add_service(microdroid_manager, vm_payload_binder_service)
|
||||||
|
|
||||||
# microdroid_manager create /apex/vm-payload-metadata for apexd
|
# microdroid_manager create /apex/vm-payload-metadata for apexd
|
||||||
# TODO(b/199371341) create a new label for the file so that only microdroid_manager can create it.
|
# TODO(b/199371341) create a new label for the file so that only microdroid_manager can create it.
|
||||||
allow microdroid_manager apex_mnt_dir:dir w_dir_perms;
|
allow microdroid_manager apex_mnt_dir:dir w_dir_perms;
|
||||||
|
|
|
||||||
|
|
@ -47,3 +47,7 @@ allow microdroid_payload authfs_data_file:dir search;
|
||||||
# Read and write files authfs-proxied files.
|
# Read and write files authfs-proxied files.
|
||||||
allow microdroid_payload authfs_fuse:dir rw_dir_perms;
|
allow microdroid_payload authfs_fuse:dir rw_dir_perms;
|
||||||
allow microdroid_payload authfs_fuse:file create_file_perms;
|
allow microdroid_payload authfs_fuse:file create_file_perms;
|
||||||
|
|
||||||
|
# Allow use of virtual_machine_payload_service.
|
||||||
|
allow microdroid_payload vm_payload_binder_service:service_manager find;
|
||||||
|
binder_call(microdroid_payload, microdroid_manager)
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
adb u:object_r:adb_service:s0
|
adb u:object_r:adb_service:s0
|
||||||
android.security.dice.IDiceMaintenance u:object_r:dice_maintenance_service:s0
|
android.security.dice.IDiceMaintenance u:object_r:dice_maintenance_service:s0
|
||||||
android.security.dice.IDiceNode u:object_r:dice_node_service:s0
|
android.security.dice.IDiceNode u:object_r:dice_node_service:s0
|
||||||
|
virtual_machine_payload_service u:object_r:vm_payload_binder_service:s0
|
||||||
apexservice u:object_r:apex_service:s0
|
apexservice u:object_r:apex_service:s0
|
||||||
authfs_service u:object_r:authfs_binder_service:s0
|
authfs_service u:object_r:authfs_binder_service:s0
|
||||||
manager u:object_r:service_manager_service:s0
|
manager u:object_r:service_manager_service:s0
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,7 @@ type default_android_service, service_manager_type;
|
||||||
type dice_maintenance_service, service_manager_type;
|
type dice_maintenance_service, service_manager_type;
|
||||||
type dice_node_service, service_manager_type;
|
type dice_node_service, service_manager_type;
|
||||||
type hal_dice_service, service_manager_type;
|
type hal_dice_service, service_manager_type;
|
||||||
|
type vm_payload_binder_service, service_manager_type;
|
||||||
type service_manager_service, service_manager_type;
|
type service_manager_service, service_manager_type;
|
||||||
type system_linker;
|
type system_linker;
|
||||||
type vm_payload_key;
|
type vm_payload_key;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue