tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/private/su.te
David Brazdil 55d808c28c Start using virtmgr for running VMs 
Split virtualizationservice policy into rules that should remain with
the global service and rules that now apply to virtmgr - a child process
of the client that runs the VM on its behalf.

The virtualizationservice domain remains responsible for:
 * allocating CIDs (access to props)
 * creating temporary VM directories (virtualization_data_file, chown)
 * receiving tombstones from VMs
 * pushing atoms to statsd
 * removing memlock rlimit from virtmgr

The new virtualizationmanager domain becomes responsible for:
 * executing crosvm
 * creating vsock connections, handling callbacks
 * preparing APEXes
 * pushing ramdumps to tombstoned
 * collecting stats for telemetry atoms

The `virtualizationservice_use` macro is changed to allow client domains
to transition to the virtmgr domain upon executing it as their child,
and to allow communication over UDS.

Clients are not allowed to communicate with virtualizationservice via
Binder, only virtmgr is now allowed to do that.

Bug: 250685929
Test: atest -p packages/modules/Virtualization:avf-presubmit
Change-Id: Iefdccd908fc28e5d8c6f4566290e79ed88ade70b
2023-01-05 17:39:39 +00:00

35 lines
1.2 KiB
Text
Raw Blame History

userdebug_or_eng(`
typeattribute su coredomain;
domain_auto_trans(shell, su_exec, su)
# Allow dumpstate to call su on userdebug / eng builds to collect
# additional information.
domain_auto_trans(dumpstate, su_exec, su)
# Make sure that dumpstate runs the same from the "su" domain as
# from the "init" domain.
domain_auto_trans(su, dumpstate_exec, dumpstate)
# Put the incident command into its domain so it is the same on user, userdebug and eng.
domain_auto_trans(su, incident_exec, incident)
# Put the odrefresh command into its domain.
domain_auto_trans(su, odrefresh_exec, odrefresh)
# Put the perfetto command into its domain so it is the same on user, userdebug and eng.
domain_auto_trans(su, perfetto_exec, perfetto)
# Put the virtmgr command into its domain.
domain_auto_trans(su, virtualizationmanager_exec, virtualizationmanager)
# su is also permissive to permit setenforce.
permissive su;
app_domain(su)
# Do not audit accesses to keystore2 namespace for the su domain.
dontaudit su keystore2_key_type:{ keystore2 keystore2_key } *;
# Allow root to set MTE permissive mode.
set_prop(su, permissive_mte_prop);
')
Reference in a new issue View git blame Copy permalink