tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Allow VS to run derive_classpath" am: 46680d001f

Browse source 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1934974

Change-Id: I6a93796930975730253009927b5be00d383fadbc
This commit is contained in:
Treehugger Robot 2022-01-07 09:25:57 +00:00 committed by Automerger Merge Worker
commit a3723d7061
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
private/virtualizationservice.te
View file

@ -52,6 +52,10 @@ allow virtualizationservice apex_data_file:dir search;
allow virtualizationservice staging_data_file:file r_file_perms;
allow virtualizationservice staging_data_file:dir search;
# Run derive_classpath in our domain
allow virtualizationservice derive_classpath_exec:file rx_file_perms;
allow virtualizationservice apex_mnt_dir:dir r_dir_perms;
# Let virtualizationservice to accept vsock connection from the guest VMs
allow virtualizationservice self:vsock_socket { create_socket_perms_no_ioctl listen accept };
@ -61,6 +65,7 @@ allowxperm virtualizationservice kvm_device:chr_file ioctl KVM_CHECK_EXTENSION;
# Allow virtualizationservice to read/write its own sysprop. Only the process can do so.
set_prop(virtualizationservice, virtualizationservice_prop)
neverallow {
domain
-init