Alan Stokes
72cac09097
Add rules for dex2oat.
...
This is necessary (but not sufficient) to allow CompOsTestCase to
run. Without it we have problems because
system/sepolicy/apex/com.android.art-file_contexts references
dex2oat_exec, and we get an error:
SELinux : Context u:object_r:dex2oat_exec:s0 is not valid (left unmapped).
Bug: 194474784
Test: atest CompOsTestCase (with memory fix patched in)
Change-Id: If229b9891c8fb1acce8d0502675c1712bfed180c
2021-07-23 12:26:26 +01:00
Treehugger Robot
6a4bc81a2b
Merge changes I43bf09d8,I1fd35d0e
...
* changes:
Disallow microdroid from running arbitrary domains
Add domain for compos binaries
2021-07-23 09:29:53 +00:00
Inseob Kim
a89d6aa301
Disallow microdroid from running arbitrary domains
...
Test: atest MicrodroidHostTestCases
Test: atest ComposHostTestCases
Change-Id: I43bf09d85efa4276e929babd854c49ccedfd8058
2021-07-23 06:58:52 +00:00
Jiyong Park
f326072b40
Add more rules around cgroup files in microdroid
...
The added rules are copied from Android.
Bug: 193118995
Bug: 193118220
Test: adb shell /apex/com.android.virt/bin/vm run-app
/data/local/tmp/virt/MicrodroidDemoApp.apk
/data/local/tmp/virt/MicrodroidDemoApp.apk.idsig
/data/local/tmp/virt/instance.img assets/vm_config.json doesn't show
a selinux denial like the below:
avc: denied { create } for pid=1 comm="init" name="cpus"
scontext=u:r:init:s0 tcontext=u:object_r:cgroup:s0 tclass=file
permissive=0
Change-Id: I3d958e4788fdee5993ff1048e86b81cd93b72b03
2021-07-23 15:48:17 +09:00
Inseob Kim
7560aed40a
Add domain for compos binaries
...
Bug: 191263171
Test: atest MicrodroidHostTestCases
Test: atest ComposHostTestCases
Change-Id: I1fd35d0efe83d2cecaa41580e6d1d0b8f6242b3f
2021-07-23 06:01:39 +00:00
Inseob Kim
e1389977e0
Move microdroid sepolicy to system/sepolicy
...
Bug: 190511750
Test: boot microdroid
Change-Id: I4aa4a56e9be5103d70469c3508110a973f3e4f12
2021-07-19 07:48:34 +00:00
