virtmanager: add selinux domain

Address any denials in the log - currently just adding
the virtualization service.

Bug: 183583115
Test: ps -AZ | grep virtmanager
u: r:virtmanager:s0             virtmanager   2453     1 10930880  4544 0                   0 S virtmanager
Change-Id: Ie034dcc3b1dbee610c591220358065b8508d81cf
This commit is contained in:
Jeff Vander Stoep 2021-03-25 22:22:05 +01:00
parent 002d9262fa
commit f16527f6cf
5 changed files with 12 additions and 0 deletions

View file

@ -1 +1,2 @@
(/.*)? u:object_r:system_file:s0
/bin/virtmanager u:object_r:virtmanager_exec:s0

View file

@ -120,6 +120,7 @@
userspace_reboot_metadata_file
vcn_management_service
vibrator_manager_service
virtualization_service
vpn_management_service
vpnprofilestore_service
watchdog_metadata_file

View file

@ -70,6 +70,7 @@ cacheinfo u:object_r:cacheinfo_service:s0
carrier_config u:object_r:radio_service:s0
clipboard u:object_r:clipboard_service:s0
com.android.net.IProxyService u:object_r:IProxyService_service:s0
android.system.virtmanager u:object_r:virtualization_service:s0
companiondevice u:object_r:companion_device_service:s0
platform_compat u:object_r:platform_compat_service:s0
platform_compat_native u:object_r:platform_compat_service:s0

8
private/virtmanager.te Normal file
View file

@ -0,0 +1,8 @@
type virtmanager, domain, coredomain;
type virtmanager_exec, system_file_type, exec_type, file_type;
init_daemon_domain(virtmanager)
binder_use(virtmanager)
add_service(virtmanager, virtualization_service)

View file

@ -40,6 +40,7 @@ type system_suspend_control_internal_service, service_manager_type;
type system_suspend_control_service, service_manager_type;
type update_engine_service, service_manager_type;
type update_engine_stable_service, service_manager_type;
type virtualization_service, service_manager_type;
type virtual_touchpad_service, service_manager_type;
type vold_service, service_manager_type;
type vpnprofilestore_service, service_manager_type;