| commit | b1416128b511405258d49438b2b396b5a03f0de9 | [log] [tgz] |
|---|---|---|
| author | Nikita Ioffe <ioffe@google.com> | Tue Oct 22 12:18:49 2024 +0000 |
| committer | Nikita Ioffe <ioffe@google.com> | Mon Nov 11 14:00:20 2024 +0000 |
| tree | d09965bfd22414433b70a05d5674b658eb8c4f0b | |
| parent | 9954838e3c19615a866235d01261995ee44c78ec [diff] |
virtmngr: get secontext of the caller app This patch uses getprevcon from libselinux to get the secontext of the caller process (i.e. the process that "owns" the VM). Since virtmngr is started by the "VM owner" process by forking+execing virtmngr process as a child, we can make use of the getprevcon function in the libselinux. This function returns the secontext before the last exec. In this patch we simply log the callers secontext, in the follow up patches the callers secontext will be used to check if the VM is allowed to access the requested secure services. Bug: 360102915 Test: atest MicrodroidTests Change-Id: Ia484c6e44efd703ace1eb2f6f72675e153dfa5a4
Android Virtualization Framework (AVF) provides secure and private execution environments for executing code. AVF is ideal for security-oriented use cases that require stronger isolation assurances over those offered by Android’s app sandbox.
Visit our public doc site to learn more about what AVF is, what it is for, and how it is structured. This repository contains source code for userspace components of AVF.
If you want a quick start, see the getting started guideline and follow the steps there.
For in-depth explanations about individual topics and components, visit the following links.
AVF components:
AVF APIs:
How-Tos: