Add virtualizationservice.state.last_cid

It is a system property that keeps the last CID used by the virtualizationservice. Although the information is local to the process, a new system property is justified because the information has to be kept across multiple runs of the process. A file however is not desirable because the information shouldn't be persisted. Bug: 196015427 Test: atest MicrodroidHostTestCases Change-Id: If8ca4b6ad8d9c8cb3bb33dc9ef45de0ae6481d15
2021-09-16 21:06:20 +09:00 · 2021-09-16 21:06:20 +09:00 · b804de2943
commit b804de2943
parent e494c51bc9
3 changed files with 12 additions and 0 deletions
--- a/private/property.te
+++ b/private/property.te
@ -40,6 +40,7 @@ system_internal_prop(verity_status_prop)
 system_internal_prop(zygote_wrap_prop)
 system_internal_prop(ctl_mediatranscoding_prop)
 system_internal_prop(ctl_odsign_prop)
+system_internal_prop(virtualizationservice_prop)

 ###
 ### Neverallow rules
--- a/private/property_contexts
+++ b/private/property_contexts
@ -1233,3 +1233,6 @@ ro.bootanim.quiescent.enabled u:object_r:bootanim_config_prop:s0 exact bool

 # dck properties
 ro.gms.dck.eligible_wcc u:object_r:dck_prop:s0 exact int
+
+# virtualization service properties
+virtualizationservice.state.last_cid u:object_r:virtualizationservice_prop:s0 exact uint
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te
@ -54,3 +54,11 @@ allow virtualizationservice staging_data_file:file r_file_perms;

 # Let virtualizationservice to accept vsock connection from the guest VMs
 allow virtualizationservice self:vsock_socket { create_socket_perms_no_ioctl listen accept };
+
+# Allow virtualizationservice to read/write its own sysprop. Only the process can do so.
+set_prop(virtualizationservice, virtualizationservice_prop)
+neverallow {
+  domain
+  -init
+  -virtualizationservice
+} virtualizationservice_prop:property_service set;