This is an AIDL service exposed by Virtualization Service to system
server (VirtualizationSystemService).
The implementation is Rust so no fuzzer is required.
I've put this behind the flag on general principle.
Bug: 294177871
Test: atest MicrodroidTests
Change-Id: Ia867fe27fb2e76d9688e4ba650ebf7b3f51ee597
Instead of centralized one se_flags module under system/sepolicy,
additional se_flags modules can be defined anywhere to support defining
downstream branches' own flagging.
Bug: 321875465
Test: TH
Test: soong test
Change-Id: I6e45c859b7f09e27ba1d60033b0db1424472cb63
vfio_handler will be active only if device assignment feature is turned
on.
Bug: 306563735
Test: microdroid tests with and without the flag
Change-Id: I5559dfca1a29852b65481c95f37edc9977ee9d7d
We should wrap the parameter because it will contain multiple lines of
codes which can probably contain comma.
Bug: 306563735
Test: build and see sepolicy output
Change-Id: I2f56f0a1ec2d5b14570fb9c5bb178d488bc023c9
This adds two macros which can be used in te files and contexts files.
* is_flag_enabled(flag_name, codes)
* is_flag_disabled(flag_name, codes)
Also flag-guarding requires to process input files before any
validations. Property contexts test and seapp contexts test are
modified a little to handle that.
Bug: 306563735
Test: build with manual guarding
Change-Id: Ia1c6d00b7aab0da3901c19f16d553153aace018c