Merge "Introducing vm_tethering_service as system_server_service" into main am: 9d04376e55

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3121391 Change-Id: I4f3ab70bcd4f8965d00ad84a7cd5fc4afaa29913 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-06-14 05:46:25 +00:00 · 2024-06-14 05:46:25 +00:00 · e4890ed894
commit e4890ed894
parent 10171d408d 9d04376e55
4 changed files with 5 additions and 1 deletions
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@ -190,6 +190,7 @@ var (
 		"android.system.virtualizationservice_internal.IVfioHandler":          EXCEPTION_NO_FUZZER,
 		"android.system.virtualizationservice_internal.IVmnic":                EXCEPTION_NO_FUZZER,
 		"android.system.virtualizationmaintenance":                            EXCEPTION_NO_FUZZER,
+		"android.system.vmtethering.IVmTethering":                             EXCEPTION_NO_FUZZER,
 		"ambient_context":               EXCEPTION_NO_FUZZER,
 		"app_binding":                   EXCEPTION_NO_FUZZER,
 		"app_hibernation":               EXCEPTION_NO_FUZZER,
--- a/private/service.te
+++ b/private/service.te
@ -31,7 +31,8 @@ is_flag_enabled(RELEASE_AVF_ENABLE_LLPVM_CHANGES, `
    type virtualization_maintenance_service, service_manager_type;
 ')
 is_flag_enabled(RELEASE_AVF_ENABLE_NETWORK, `
-    type vmnic_service, service_manager_type;
+    type vm_tethering_service, system_server_service, service_manager_type;
+    type vmnic_service,        service_manager_type;
 ')

 type uce_service,                   service_manager_type;
--- a/private/service_contexts
+++ b/private/service_contexts
@ -172,6 +172,7 @@ is_flag_enabled(RELEASE_AVF_ENABLE_LLPVM_CHANGES, `
 ')
 is_flag_enabled(RELEASE_AVF_ENABLE_NETWORK, `
    android.system.virtualizationservice_internal.IVmnic u:object_r:vmnic_service:s0
+    android.system.vmtethering.IVmTethering              u:object_r:vm_tethering_service:s0
 ')
 ambient_context                           u:object_r:ambient_context_service:s0
 app_binding                               u:object_r:app_binding_service:s0
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te
@ -28,6 +28,7 @@ is_flag_enabled(RELEASE_AVF_ENABLE_NETWORK, `
    # Let virtualizationservice find and communicate with vmnic.
    allow virtualizationservice vmnic_service:service_manager find;
    binder_call(virtualizationservice, vmnic)
+    allow virtualizationservice vm_tethering_service:service_manager find;
 ')

 # Allow the virtualizationservice domain to serve a remotely provisioned component for