15bdfcb180
* Allow vmlauncher_app to create pty/pts * Allow vmlauncher_app to change permission of created pts * Allow shell to read/write vmlauncher_app pts adb shell can open and communicate with vmlauncher_app via the pts device. VM console would be available on the pts. Bug: 335362012 Test: adb shell -t microcom /dev/pts/0 Test: No new avc denials in logcat Change-Id: If630235b486bf5ffffb45aeac3e29438029edb04
25 lines
929 B
Text
25 lines
929 B
Text
type vmlauncher_app, domain;
|
|
typeattribute vmlauncher_app coredomain;
|
|
|
|
app_domain(vmlauncher_app)
|
|
|
|
allow vmlauncher_app app_api_service:service_manager find;
|
|
allow vmlauncher_app system_api_service:service_manager find;
|
|
|
|
allow vmlauncher_app shell_data_file:dir search;
|
|
allow vmlauncher_app shell_data_file:file { read open write };
|
|
virtualizationservice_use(vmlauncher_app)
|
|
|
|
is_flag_enabled(RELEASE_AVF_SUPPORT_CUSTOM_VM_WITH_PARAVIRTUALIZED_DEVICES, `
|
|
# TODO(b/332677707): remove them when display service uses binder RPC.
|
|
allow vmlauncher_app virtualization_service:service_manager find;
|
|
allow vmlauncher_app virtualizationservice:binder call;
|
|
allow vmlauncher_app crosvm:binder { call transfer };
|
|
')
|
|
|
|
userdebug_or_eng(`
|
|
# Create pty/pts and connect it to the guest terminal.
|
|
create_pty(vmlauncher_app)
|
|
# Allow other processes to access the pts.
|
|
allow vmlauncher_app vmlauncher_app_devpts:chr_file setattr;
|
|
')
|