Merge "Allow microdroid_manager to run kexec"

microdroid/system/private/file_contexts

@@ -123,6 +123,7 @@
 /system/bin/apkdmverity          u:object_r:apkdmverity_exec:s0
 /system/bin/authfs               u:object_r:authfs_exec:s0
 /system/bin/authfs_service       u:object_r:authfs_service_exec:s0
+/system/bin/kexec_load           u:object_r:kexec_exec:s0
 /system/etc/cgroups\.json               u:object_r:cgroup_desc_file:s0
 /system/etc/task_profiles/cgroups_[0-9]+\.json               u:object_r:cgroup_desc_api_file:s0
 /system/etc/event-log-tags              u:object_r:system_event_log_tags_file:s0

microdroid/system/private/kexec.te

@@ -0,0 +1,12 @@
+# kexec loads a crashdump kernel into memory using the kexec_file_load syscall.
+type kexec, domain, coredomain;
+type kexec_exec, exec_type, file_type, system_file_type;
+
+# allow kexec to write into /dev/kmsg for logging
+allow kexec kmsg_device:chr_file w_file_perms;
+
+# kexec is launched by microdroid_manager with fork/execvp.
+allow kexec microdroid_manager:fd use;
+
+# allow kexec to have SYS_BOOT
+allow kexec self:capability sys_boot;

microdroid/system/private/microdroid_manager.te

@@ -33,6 +33,9 @@ domain_auto_trans(microdroid_manager, compos_exec, compos)
 domain_auto_trans(microdroid_manager, apkdmverity_exec, apkdmverity)
 domain_auto_trans(microdroid_manager, zipfuse_exec, zipfuse)
 
+# Allow microdroid_manager to run kexec to load crashkernel
+domain_auto_trans(microdroid_manager, kexec_exec, kexec)
+
 # Let microdroid_manager kernel-log.
 allow microdroid_manager kmsg_device:chr_file w_file_perms;
 
@@ -76,6 +79,10 @@ set_prop(microdroid_manager, powerctl_prop)
 # that is different from what is recorded in the instance.img file.
 allow microdroid_manager proc_bootconfig:file r_file_perms;
 
+# microdroid_manager needs to read /proc/cmdline to see if crashkernel= parameter is set
+# or not; if set, it executes kexec to load the crashkernel into memory.
+allow microdroid_manager proc_cmdline:file r_file_perms;
+
 # Allow microdroid_manager to read/write failure serial device
 allow microdroid_manager serial_device:chr_file w_file_perms;
 

microdroid/system/private/microdroid_payload.te

@@ -27,8 +27,15 @@ allow microdroid_payload microdroid_manager:vsock_socket { read write };
 # Write to /dev/kmsg.
 allow microdroid_payload kmsg_device:chr_file rw_file_perms;
 
-# Only microdroid_payload and apk verity binaries can be run by microdroid_manager
-neverallow microdroid_manager { domain -crash_dump -microdroid_payload -apkdmverity -zipfuse }:process transition;
+# Only microdroid_payload and a few other critical binaries can be run by microdroid_manager
+neverallow microdroid_manager {
+  domain
+  -crash_dump
+  -microdroid_payload
+  -apkdmverity
+  -zipfuse
+  -kexec
+}:process transition;
 
 # Allow microdroid_payload to open binder servers via vsock.
 allow microdroid_payload self:vsock_socket { create_socket_perms_no_ioctl listen accept };