8b80dacadc
When odsign spawns compos_verify it has our stdin/out connected to its console. But none of the VM processes use stdin/out at all; they log to logcat instead. So instead of allowing the access (which immediately leads to the same denials in virtualizationmanager), just suppress the audit logs. Bug: 293259827 Test: Exercise isolated compilation successfully with no denials seen. Change-Id: I454bb2fe106b656a9695511cbf09350402b30bdd
25 lines
1,004 B
Text
25 lines
1,004 B
Text
# Run by odsign to verify a CompOS signature
|
|
type compos_verify, domain, coredomain;
|
|
type compos_verify_exec, exec_type, file_type, system_file_type;
|
|
|
|
# Start a VM
|
|
binder_use(compos_verify);
|
|
virtualizationservice_use(compos_verify);
|
|
|
|
# Read instance image & write VM logs
|
|
allow compos_verify apex_module_data_file:dir search;
|
|
allow compos_verify apex_compos_data_file:dir rw_dir_perms;
|
|
allow compos_verify apex_compos_data_file:file { rw_file_perms create };
|
|
|
|
# Read CompOS info & signature files
|
|
allow compos_verify apex_art_data_file:dir search;
|
|
allow compos_verify apex_art_data_file:file r_file_perms;
|
|
|
|
# odsign runs us with its console as our stdin/stdout/stderr.
|
|
# But we never use them; logs go to logcat. Suppress the useless denials.
|
|
dontaudit compos_verify odsign:fd use;
|
|
dontaudit compos_verify odsign_devpts:chr_file { read write };
|
|
|
|
# Only odsign can enter the domain via exec
|
|
neverallow { domain -odsign } compos_verify:process transition;
|
|
neverallow * compos_verify:process dyntransition;
|