Set neverallow for hypervisor test properties
Bug: 298306391 Change-Id: I754af47d063bb26549cd1793951b09262cadd95a Test: TH
This commit is contained in:
Jaewan Kim
parent
4183cbb63c
commit
796ec5f0cb
1 changed files with 2 additions and 0 deletions
|
|
@ -68,10 +68,12 @@ get_prop(virtualizationmanager, hypervisor_restricted_prop)
|
||||||
# Allow virtualizationmanager to be read custom pvmfw.img configuration
|
# Allow virtualizationmanager to be read custom pvmfw.img configuration
|
||||||
userdebug_or_eng(`get_prop(virtualizationmanager, hypervisor_pvmfw_prop)')
|
userdebug_or_eng(`get_prop(virtualizationmanager, hypervisor_pvmfw_prop)')
|
||||||
dontaudit virtualizationmanager hypervisor_pvmfw_prop:file read;
|
dontaudit virtualizationmanager hypervisor_pvmfw_prop:file read;
|
||||||
|
neverallow { domain -init -dumpstate userdebug_or_eng(`-virtualizationmanager') } hypervisor_pvmfw_prop:file no_rw_file_perms;
|
||||||
|
|
||||||
# Allow virtualizationmanager to be read custom virtualizationmanager configuration
|
# Allow virtualizationmanager to be read custom virtualizationmanager configuration
|
||||||
userdebug_or_eng(`get_prop(virtualizationmanager, hypervisor_virtualizationmanager_prop)')
|
userdebug_or_eng(`get_prop(virtualizationmanager, hypervisor_virtualizationmanager_prop)')
|
||||||
dontaudit virtualizationmanager hypervisor_virtualizationmanager_prop:file read;
|
dontaudit virtualizationmanager hypervisor_virtualizationmanager_prop:file read;
|
||||||
|
neverallow { domain -init -dumpstate userdebug_or_eng(`-virtualizationmanager') } hypervisor_virtualizationmanager_prop:file no_rw_file_perms;
|
||||||
|
|
||||||
# Allow virtualizationmanager service to talk to tombstoned to push guest ramdumps
|
# Allow virtualizationmanager service to talk to tombstoned to push guest ramdumps
|
||||||
unix_socket_connect(virtualizationmanager, tombstoned_crash, tombstoned)
|
unix_socket_connect(virtualizationmanager, tombstoned_crash, tombstoned)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue