Label hypervisor test properties
Bug: 298306391 Change-Id: I160101325989f58ef3403ec5be20895468c2ccbb Test: TH, atest CustomPvmfwHostTestCases
This commit is contained in:
parent
726bcb500c
commit
4183cbb63c
3 changed files with 13 additions and 1 deletions
|
@ -53,8 +53,9 @@ system_internal_prop(ctl_odsign_prop)
|
|||
system_internal_prop(virtualizationservice_prop)
|
||||
system_internal_prop(ctl_apex_load_prop)
|
||||
system_internal_prop(enable_16k_pages_prop)
|
||||
|
||||
system_internal_prop(sensors_config_prop)
|
||||
system_internal_prop(hypervisor_pvmfw_prop)
|
||||
system_internal_prop(hypervisor_virtualizationmanager_prop)
|
||||
|
||||
# Properties which can't be written outside system
|
||||
system_restricted_prop(device_config_virtualization_framework_native_prop)
|
||||
|
|
|
@ -700,6 +700,9 @@ external_storage.cross_user.enabled u:object_r:storage_config_prop:s0 exact bool
|
|||
ro.fuse.bpf.enabled u:object_r:storage_config_prop:s0 exact bool
|
||||
ro.fuse.bpf.is_running u:object_r:vold_status_prop:s0 exact bool
|
||||
|
||||
hypervisor.pvmfw.path u:object_r:hypervisor_pvmfw_prop:s0 exact string
|
||||
hypervisor.virtualizationmanager.debug_policy.path u:object_r:hypervisor_virtualizationmanager_prop:s0 exact string
|
||||
|
||||
# hypervisor.*: configured by the vendor to advertise capabilities of their
|
||||
# hypervisor to virtualizationservice.
|
||||
hypervisor.memory_reclaim.supported u:object_r:hypervisor_restricted_prop:s0 exact bool
|
||||
|
|
|
@ -65,6 +65,14 @@ allow virtualizationmanager self:vsock_socket { create_socket_perms_no_ioctl lis
|
|||
get_prop(virtualizationmanager, hypervisor_prop)
|
||||
get_prop(virtualizationmanager, hypervisor_restricted_prop)
|
||||
|
||||
# Allow virtualizationmanager to be read custom pvmfw.img configuration
|
||||
userdebug_or_eng(`get_prop(virtualizationmanager, hypervisor_pvmfw_prop)')
|
||||
dontaudit virtualizationmanager hypervisor_pvmfw_prop:file read;
|
||||
|
||||
# Allow virtualizationmanager to be read custom virtualizationmanager configuration
|
||||
userdebug_or_eng(`get_prop(virtualizationmanager, hypervisor_virtualizationmanager_prop)')
|
||||
dontaudit virtualizationmanager hypervisor_virtualizationmanager_prop:file read;
|
||||
|
||||
# Allow virtualizationmanager service to talk to tombstoned to push guest ramdumps
|
||||
unix_socket_connect(virtualizationmanager, tombstoned_crash, tombstoned)
|
||||
|
||||
|
|
Loading…
Reference in a new issue