tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Allow virtualizationservice to use vsock"

Browse source
This commit is contained in:
Jiyong Park 2021-07-12 18:00:57 +00:00 committed by Gerrit Code Review
commit d76c98182c
2 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
private/shell.te
View file

@ -205,3 +205,7 @@ read_fstab(shell)
# Allow shell read access to /apex/apex-info-list.xml for CTS.
allow shell apex_info_file:file r_file_perms;
# Allow shell (the vm tool) the access to vsock created by virtualization
# service
allow shell virtualizationservice:vsock_socket { read write };

3
private/virtualizationservice.te
View file

@ -41,3 +41,6 @@ allow virtualizationservice apk_data_file:file { getattr read };
allow virtualizationservice app_data_file:file { getattr read write };
# shell_data_file is used for automated tests and manual debugging.
allow virtualizationservice shell_data_file:file { getattr read write };
# Let virtualizationservice to accept vsock connection from the guest VMs
allow virtualizationservice self:vsock_socket { create_socket_perms_no_ioctl listen accept };