2dba72540c
Give microdroid_manager and the DICE HAL access to the AVF chosen node properties that are used to indicate that the VM is booting in strict more and that the current boot is provisioning a new VM instance. Bug: 221051866 Bug: 217376291 Test: atest MicrodroidTests Change-Id: Ie8451fc80671557086f8d825ad01600f9cb4557a
14 lines
503 B
Text
14 lines
503 B
Text
type hal_dice_default, domain;
|
|
hal_server_domain(hal_dice_default, hal_dice)
|
|
|
|
# Block crash dumps to ensure the DICE secrets are not leaked.
|
|
typeattribute hal_dice_default no_crash_dump_domain;
|
|
|
|
type hal_dice_default_exec, exec_type, vendor_file_type, file_type;
|
|
init_daemon_domain(hal_dice_default)
|
|
|
|
# hal_dice_default is using bootstrap bionic
|
|
use_bootstrap_libs(hal_dice_default)
|
|
|
|
allow hal_dice_default sysfs_dt_avf:file r_file_perms;
|
|
allow hal_dice_default open_dice_device:chr_file rw_file_perms;
|