tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge changes I82f0c2ef,I013894de

Browse source 
* changes:
  Let VirtualizationService access hypervisor properties
  Tag new hypervisor properties
This commit is contained in:
Andrew Scull 2022-02-02 13:54:11 +00:00 committed by Gerrit Code Review
commit 7e07941d3d
2 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
private/property_contexts
View file

@ -737,7 +737,9 @@ ro.boot.vbmeta.avb_version u:object_r:bootloader_prop:s0 exact string
ro.boot.verifiedbootstate u:object_r:bootloader_prop:s0 exact string
ro.boot.veritymode u:object_r:bootloader_prop:s0 exact string
# Properties specific to virtualized deployments of Android
ro.boot.hypervisor.protected_vm.supported u:object_r:hypervisor_prop:s0 exact bool
ro.boot.hypervisor.version u:object_r:hypervisor_prop:s0 exact string
ro.boot.hypervisor.vm.supported u:object_r:hypervisor_prop:s0 exact bool
# These ro.X properties are set to values of ro.boot.X by property_service.
ro.baseband u:object_r:bootloader_prop:s0 exact string

3
private/virtualizationservice.te
View file

@ -64,6 +64,9 @@ allow virtualizationservice self:vsock_socket { create_socket_perms_no_ioctl lis
# Allow virtualizationservice to read/write its own sysprop. Only the process can do so.
set_prop(virtualizationservice, virtualizationservice_prop)
# Allow virtualizationservice to inspect hypervisor capabilities.
get_prop(virtualizationservice, hypervisor_prop)
# Allow writing stats to statsd
unix_socket_send(virtualizationservice, statsdw, statsd)