Merge "Create virtmgr domain and initial policy" am: 3e61a33df5

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2317789 Change-Id: Idf0ae233e4ddb32038721929d953a5306e957053 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-12-20 09:01:43 +00:00 · 2022-12-20 09:01:43 +00:00 · b5a4f52de7
commit b5a4f52de7
parent 25dbb36b21 3e61a33df5
4 changed files with 19 additions and 3 deletions
--- a/apex/com.android.virt-file_contexts
+++ b/apex/com.android.virt-file_contexts
@ -1,4 +1,5 @@
 (/.*)?                     u:object_r:system_file:s0
 /bin/crosvm                u:object_r:crosvm_exec:s0
 /bin/fd_server             u:object_r:fd_server_exec:s0
+/bin/virtmgr               u:object_r:virtmgr_exec:s0
 /bin/virtualizationservice u:object_r:virtualizationservice_exec:s0
--- a/private/app.te
+++ b/private/app.te
@ -95,8 +95,9 @@ neverallow appdomain system_server:udp_socket {
 # Exception for crash_dump to allow for app crash reporting.
 # Exception for renderscript binaries (/system/bin/bcc, /system/bin/ld.mc)
 # to allow renderscript to create privileged executable files.
+# Exception for virtmgr to allow running VMs as child processes.
 neverallow { appdomain -shell userdebug_or_eng(`-su') }
-    { domain -appdomain -crash_dump -rs }:process { transition };
+    { domain -appdomain -crash_dump -rs -virtmgr }:process { transition };
 neverallow { appdomain -shell userdebug_or_eng(`-su') }
    { domain -appdomain }:process { dyntransition };

--- a/private/virtmgr.te
+++ b/private/virtmgr.te
@ -0,0 +1,8 @@
+# Domain for a child process that manages virtual machines on behalf of its parent.
+
+type virtmgr, domain, coredomain;
+type virtmgr_exec, system_file_type, exec_type, file_type;
+
+# Allow virtmgr to communicate use, read and write over the adb connection.
+allow virtmgr adbd:fd use;
+allow virtmgr adbd:unix_stream_socket { read write };
--- a/public/te_macros
+++ b/public/te_macros
@ -190,9 +190,15 @@ allow $1 virtualization_service:service_manager find;
 binder_call($1, virtualizationservice)
 # Let virtualizationservice call back to the client.
 binder_call(virtualizationservice, $1)
-# Let the client pass file descriptors to virtualizationservice and on
+# Transition to virtmgr when the client executes it.
+domain_auto_trans($1, virtmgr_exec, virtmgr)
+# Allow virtmgr to communicate over UDS with the client.
+allow virtmgr $1:unix_stream_socket { getattr read write };
+# Allow virtmgr and the client to signal each other using pipes.
+allow virtmgr $1:fifo_file { getattr read write };
+# Let the client pass file descriptors to virtualizationservice/virtmgr and on
 # to crosvm
-allow { virtualizationservice crosvm } $1:fd use;
+allow { virtualizationservice virtmgr crosvm } $1:fd use;
 # Allow piping console log to the client
 allow { virtualizationservice crosvm } $1:fifo_file { getattr write};
 # Allow client to read/write vsock created by virtualizationservice to