Merge "Use regular file for VM DTBO" into main am: 995ee52887 am: b32ef340d1

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2691526

Change-Id: I542fd1f1db642b371f416fbf7f69a30547f41360
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Treehugger Robot 2023-08-07 10:16:33 +00:00 committed by Automerger Merge Worker
commit 710264c80c
4 changed files with 14 additions and 11 deletions

View file

@ -84,7 +84,7 @@ allow crosvm shell_data_file:file write;
# crosvm tries to read serial device, including the write-only pipe from virtualizationmanager (to
# forward console/log to the host logcat).
# crosvm only needs write permission, so dontaudit read
dontaudit crosvm virtualizationmanager:fifo_file read;
dontaudit crosvm virtualizationmanager:fifo_file { read getattr };
# Required for crosvm to start gdb-server to enable debugging of guest kernel.
allow crosvm self:tcp_socket { bind create read setopt write accept listen };
@ -96,9 +96,9 @@ allow crosvm node:tcp_socket node_bind;
allow crosvm vfio_device:chr_file rw_file_perms;
allow crosvm vfio_device:dir r_dir_perms;
# Allow crosvm to access VM DTBO via a pipe created by vfio handler.
allow crosvm vfio_handler:fd use;
allow crosvm vfio_handler:fifo_file r_file_perms;
# Allow crosvm to access VM DTBO via a file created by virtualizationmanager.
allow crosvm virtualizationmanager:fd use;
allow crosvm virtualizationservice_data_file:file read;
# Don't allow crosvm to open files that it doesn't own.
# This is important because a malicious application could try to start a VM with a composite disk

View file

@ -20,5 +20,12 @@ allow vfio_handler vfio_device:dir r_dir_perms;
allow vfio_handler sysfs:dir r_dir_perms;
allow vfio_handler sysfs:file rw_file_perms;
# Allow vfio_handler to write to VM DTBO via a file created by virtualizationmanager.
allow vfio_handler virtualizationmanager:fd use;
allow vfio_handler virtualizationservice_data_file:file write;
# vfio_handler can only use fd from virtualizationmanager, and can't open files itself
neverallow vfio_handler virtualizationservice_data_file:file { open create };
# Only vfio_handler can add vfio_handler_service
neverallow { domain -vfio_handler } vfio_handler_service:service_manager add;

View file

@ -89,7 +89,3 @@ r_dir_file(virtualizationmanager, crosvm);
# For debug purposes we try to get the canonical path from /proc/self/fd/N. That triggers
# a harmless denial for CompOS log files, so ignore that.
dontaudit virtualizationmanager apex_module_data_file:dir search;
# Allow virtualizationmanager to access VM DTBO via a pipe created by vfio handler.
allow virtualizationmanager vfio_handler:fd use;
allow virtualizationmanager vfio_handler:fifo_file r_file_perms;

View file

@ -35,6 +35,7 @@ allow virtualizationservice self:capability chown;
# directories, it needs the permission to unlink the files created by virtualizationmanager.
allow virtualizationservice virtualizationservice_data_file:dir create_dir_perms;
allow virtualizationservice virtualizationservice_data_file:{ file sock_file } unlink;
allow virtualizationservice virtualizationservice_data_file:file write;
# Allow to use fd (e.g. /dev/pts/0) inherited from adbd so that we can redirect output from
# crosvm to the console
@ -62,9 +63,8 @@ allow virtualizationservice tombstoned:fd use;
allow virtualizationservice vfio_device:chr_file getattr;
allow virtualizationservice vfio_device:dir r_dir_perms;
# Allow virtualizationservice to access VM DTBO via a pipe created by vfio handler.
allow virtualizationservice vfio_handler:fd use;
allow virtualizationservice vfio_handler:fifo_file r_file_perms;
# Allow virtualizationservice to access VM DTBO via a file created by virtualizationmanager.
allow virtualizationservice virtualizationmanager:fd use;
neverallow {
domain