commit 7c6b2705e9b65ecbf2bca3880f40b2fb603476c6
author Nikita Ioffe <ioffe@google.com> Fri Sep 30 18:40:05 2022 +0100
committer Nikita Ioffe <ioffe@google.com> Mon Oct 03 21:03:42 2022 +0100
tree 3b1a24fb7464525075184457046ed4f4c79326ba
parent 7710a6dd5448bf60ef9e4f4cbbde3ddc71fb2a7c

Explicitly specify capabilities of root services in microdroid

This is a semi-automatic change to simply specify the capabilities that
these services have according to the sepolicy.

List of capabilities for each service was obtained by running:
`sesearch --allow -c capability,capability2 /tmp/microdroid-policy`

The policy specifies that all processes have CAP_AUDIT_CONTROL, but it
doesn't seem to be actually required, so it's omitted from the service
definitions.

Also switch tombstone_transmit to run as system user.

Test: presubmit
Test: atest --test-mapping packages/modules/Virtualization:avf-presubmit
Test: run demo app and verify capabilities of microdroid_launcher
Test: atest com.android.microdroid.test.MicrodroidTestCase#testTombstonesAreGeneratedUponCrash
Bug: 243633980
Bug: 249796710
Change-Id: I19b0cefb07fc7480b3f9dc05cb708a899489fe65

microdroid_manager/microdroid_manager.rc

diff --git a/microdroid_manager/microdroid_manager.rc b/microdroid_manager/microdroid_manager.rc
index 60d8ab7..74a219d 100644
--- a/microdroid_manager/microdroid_manager.rc
+++ b/microdroid_manager/microdroid_manager.rc
@@ -4,3 +4,5 @@
     setenv RUST_LOG info
     # TODO(jooyung) remove this when microdroid_manager becomes a daemon
     oneshot
+    # SYS_BOOT is required to exec kexecload from microdroid_manager
+    capabilities AUDIT_CONTROL SYS_ADMIN SYS_BOOT