Label hypervisor test properties
Bug: 298306391 Change-Id: I160101325989f58ef3403ec5be20895468c2ccbb Test: TH, atest CustomPvmfwHostTestCases
This commit is contained in:
Jaewan Kim
parent
726bcb500c
commit
4183cbb63c
3 changed files with 13 additions and 1 deletions
|
|
@ -53,8 +53,9 @@ system_internal_prop(ctl_odsign_prop)
|
||||||
system_internal_prop(virtualizationservice_prop)
|
system_internal_prop(virtualizationservice_prop)
|
||||||
system_internal_prop(ctl_apex_load_prop)
|
system_internal_prop(ctl_apex_load_prop)
|
||||||
system_internal_prop(enable_16k_pages_prop)
|
system_internal_prop(enable_16k_pages_prop)
|
||||||
|
|
||||||
system_internal_prop(sensors_config_prop)
|
system_internal_prop(sensors_config_prop)
|
||||||
|
system_internal_prop(hypervisor_pvmfw_prop)
|
||||||
|
system_internal_prop(hypervisor_virtualizationmanager_prop)
|
||||||
|
|
||||||
# Properties which can't be written outside system
|
# Properties which can't be written outside system
|
||||||
system_restricted_prop(device_config_virtualization_framework_native_prop)
|
system_restricted_prop(device_config_virtualization_framework_native_prop)
|
||||||
|
|
|
||||||
|
|
@ -700,6 +700,9 @@ external_storage.cross_user.enabled u:object_r:storage_config_prop:s0 exact bool
|
||||||
ro.fuse.bpf.enabled u:object_r:storage_config_prop:s0 exact bool
|
ro.fuse.bpf.enabled u:object_r:storage_config_prop:s0 exact bool
|
||||||
ro.fuse.bpf.is_running u:object_r:vold_status_prop:s0 exact bool
|
ro.fuse.bpf.is_running u:object_r:vold_status_prop:s0 exact bool
|
||||||
|
|
||||||
|
hypervisor.pvmfw.path u:object_r:hypervisor_pvmfw_prop:s0 exact string
|
||||||
|
hypervisor.virtualizationmanager.debug_policy.path u:object_r:hypervisor_virtualizationmanager_prop:s0 exact string
|
||||||
|
|
||||||
# hypervisor.*: configured by the vendor to advertise capabilities of their
|
# hypervisor.*: configured by the vendor to advertise capabilities of their
|
||||||
# hypervisor to virtualizationservice.
|
# hypervisor to virtualizationservice.
|
||||||
hypervisor.memory_reclaim.supported u:object_r:hypervisor_restricted_prop:s0 exact bool
|
hypervisor.memory_reclaim.supported u:object_r:hypervisor_restricted_prop:s0 exact bool
|
||||||
|
|
|
||||||
|
|
@ -65,6 +65,14 @@ allow virtualizationmanager self:vsock_socket { create_socket_perms_no_ioctl lis
|
||||||
get_prop(virtualizationmanager, hypervisor_prop)
|
get_prop(virtualizationmanager, hypervisor_prop)
|
||||||
get_prop(virtualizationmanager, hypervisor_restricted_prop)
|
get_prop(virtualizationmanager, hypervisor_restricted_prop)
|
||||||
|
|
||||||
|
# Allow virtualizationmanager to be read custom pvmfw.img configuration
|
||||||
|
userdebug_or_eng(`get_prop(virtualizationmanager, hypervisor_pvmfw_prop)')
|
||||||
|
dontaudit virtualizationmanager hypervisor_pvmfw_prop:file read;
|
||||||
|
|
||||||
|
# Allow virtualizationmanager to be read custom virtualizationmanager configuration
|
||||||
|
userdebug_or_eng(`get_prop(virtualizationmanager, hypervisor_virtualizationmanager_prop)')
|
||||||
|
dontaudit virtualizationmanager hypervisor_virtualizationmanager_prop:file read;
|
||||||
|
|
||||||
# Allow virtualizationmanager service to talk to tombstoned to push guest ramdumps
|
# Allow virtualizationmanager service to talk to tombstoned to push guest ramdumps
|
||||||
unix_socket_connect(virtualizationmanager, tombstoned_crash, tombstoned)
|
unix_socket_connect(virtualizationmanager, tombstoned_crash, tombstoned)
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue