tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/apex
History
David Brazdil 55d808c28c Start using virtmgr for running VMs 
Split virtualizationservice policy into rules that should remain with
the global service and rules that now apply to virtmgr - a child process
of the client that runs the VM on its behalf.

The virtualizationservice domain remains responsible for:
 * allocating CIDs (access to props)
 * creating temporary VM directories (virtualization_data_file, chown)
 * receiving tombstones from VMs
 * pushing atoms to statsd
 * removing memlock rlimit from virtmgr

The new virtualizationmanager domain becomes responsible for:
 * executing crosvm
 * creating vsock connections, handling callbacks
 * preparing APEXes
 * pushing ramdumps to tombstoned
 * collecting stats for telemetry atoms

The `virtualizationservice_use` macro is changed to allow client domains
to transition to the virtmgr domain upon executing it as their child,
and to allow communication over UDS.

Clients are not allowed to communicate with virtualizationservice via
Binder, only virtmgr is now allowed to do that.

Bug: 250685929
Test: atest -p packages/modules/Virtualization:avf-presubmit
Change-Id: Iefdccd908fc28e5d8c6f4566290e79ed88ade70b
2023-01-05 17:39:39 +00:00
..
Android.bp Add sepolicy for new module. 2022-09-23 10:40:47 -07:00
apex.test-file_contexts Cleanup sepolicy related to APEX pre/post-install hooks 2021-09-17 17:55:12 +01:00
com.android.adbd-file_contexts Move adbd to an apex. 2019-10-29 14:58:09 -07:00
com.android.adservices-file_contexts Add file contexts for AdServices APEX 2022-02-21 09:55:07 +00:00
com.android.appsearch-file_contexts Add apex structure to appsearch module. 2019-11-25 11:30:38 -08:00
com.android.art-file_contexts Reconcile file_contexts files for Release and Debug ART APEXes. 2022-08-01 09:13:46 +01:00
com.android.art.debug-file_contexts Reconcile file_contexts files for Release and Debug ART APEXes. 2022-08-01 09:13:46 +01:00
com.android.bluetooth-file_contexts Changing sepolicy file to the right apex name 2022-02-01 15:59:30 -08:00
com.android.bootanimation-file_contexts Set context for files in the com.android.bootanimation apex 2019-05-29 13:49:41 -07:00
com.android.btservices-file_contexts Include bluetooth cert in mac_permissions.xml 2022-06-21 22:00:01 +00:00
com.android.car.framework-file_contexts Add sepolicy for com.android.car.framework module 2021-10-07 00:45:19 +00:00
com.android.cellbroadcast-file_contexts Create a cellbroadcast apex 2019-11-09 23:35:37 -08:00
com.android.compos-file_contexts Modify sepolicy for compos key changes 2022-02-17 12:14:40 +00:00
com.android.conscrypt-file_contexts Add SEPolicy tags for concrypt cacerts. 2022-12-21 06:42:21 +00:00
com.android.cronet-file_contexts Add file_contexts for apex com.android.cronet 2019-12-05 16:58:36 +08:00
com.android.devicelock-file_contexts Add sepolicy for new module. 2022-09-23 10:40:47 -07:00
com.android.extservices-file_contexts Add file contexts for com.android.extservices APEX. 2020-01-17 13:47:30 +00:00
com.android.federatedcompute-file_contexts Add file contexts for FederatedCompute. 2022-09-21 03:40:13 +00:00
com.android.geotz-file_contexts Changes associated with the new geotz module 2020-11-20 22:15:48 +00:00
com.android.gki-file_contexts Support GKI updates 2020-08-10 16:10:38 -07:00
com.android.healthconnect-file_contexts Add file contexts for HealthConnect APEX 2022-08-12 19:03:11 +00:00
com.android.i18n-file_contexts "Add shared library into i18n APEX and add the required sepolicy" Attempt 2 2020-05-05 16:36:51 +01:00
com.android.ipsec-file_contexts Add file_contexts for com.android.ipsec 2019-11-08 22:03:33 +00:00
com.android.media-file_contexts add mediatranscoding to apex file context 2020-12-09 14:26:14 -08:00
com.android.media.swcodec-file_contexts Move mediaswcodec service to APEX 2019-03-05 14:54:14 -08:00
com.android.mediaprovider-file_contexts Structure MediaProvider as an APEX. 2019-12-03 13:35:46 -07:00
com.android.neuralnetworks-file_contexts Add file contexts for com.android.neuralnetworks APEX package. 2019-07-18 09:58:48 +00:00
com.android.ondevicepersonalization-file_contexts Add file contexts for OnDevicePersonalization. 2022-03-11 08:31:41 +00:00
com.android.os.statsd-file_contexts Update selinux policy for statsd apex 2020-02-13 15:42:23 -08:00
com.android.permission-file_contexts Add APEX module for permission. 2019-10-11 12:29:35 -07:00
com.android.resolv-file_contexts Remove permission for APEX manifest. 2018-11-24 17:19:05 +00:00
com.android.rkpd-file_contexts Add SELinux policy changes for rkpd 2022-09-23 05:09:00 +00:00
com.android.runtime-file_contexts Support linkerconfig in Runtime APEX 2020-12-02 11:41:38 +09:00
com.android.scheduling-file_contexts Add file contexts for com.android.scheduling 2020-12-10 14:55:22 +00:00
com.android.sdkext-file_contexts Revert^2 "Introduce derive_classpath." 2021-03-19 11:23:00 +00:00
com.android.sepolicy-file_contexts Add file_contexts for sepolicy mainline module 2021-11-12 14:55:54 +01:00
com.android.tethering-file_contexts Add clatd to apex/com.android.tethering-file_contexts 2022-01-11 17:04:05 +08:00
com.android.tzdata-file_contexts Remove permission for APEX manifest. 2018-11-24 17:19:05 +00:00
com.android.uwb-file_contexts sepolicy: Add entry for uwb apex 2021-07-29 18:44:50 -07:00
com.android.virt-file_contexts Start using virtmgr for running VMs 2023-01-05 17:39:39 +00:00
com.android.vndk-file_contexts Add file_contexts for "com.android.vndk" APEX 2019-09-18 10:35:39 +09:00
com.android.wifi-file_contexts sepolicy: Add entry for wifi apex mainline module 2019-11-25 20:51:50 +00:00