virtmgr: don't check label for vendor initiated VMs Checking for a prefix on the label is a bad practice and doesn't enforce the relevant constraint (that the file isn't writable), so just skip the check altogether for now. Note that we have a separate check that verifes the files must come from the vendor partition and that isn't changing in this commit. Bug: 397499254 Bug: 393087663 Test: m Change-Id: Iaa3201a78effb63184e80c51bf4c2550298ea299

commit: c8f2704b3b891186591341db1d5b3d37b9e08762 [log] [tgz]
author: Frederick Mayle <fmayle@google.com> Wed Feb 26 12:35:26 2025 -0800
committer: Frederick Mayle <fmayle@google.com> Wed Feb 26 13:40:53 2025 -0800
tree: 295541abe85070c6d8c0a0f649bee16a331488f6
parent: 2192baf0e8f6577bdaf076fbda8c70679c2f7269 [diff]
diff --git a/android/virtmgr/src/aidl.rs b/android/virtmgr/src/aidl.rs
index eefaa65..28f36fd 100644
--- a/android/virtmgr/src/aidl.rs
+++ b/android/virtmgr/src/aidl.rs

@@ -1592,9 +1592,8 @@
         | "virtualizationservice_data_file" // files created by VS / VirtMgr
         | "vendor_microdroid_file" // immutable dm-verity protected partition (/vendor/etc/avf/microdroid/.*)
          => Ok(()),
-        // It is difficult to require specific label types for vendor initiated VM's files, so we
-        // allow anything with a vendor prefix.
-        t if calling_partition == CallingPartition::Vendor && t.starts_with("vendor_")  => Ok(()),
+        // It is difficult to require specific label types for vendor initiated VM's files.
+        _ if calling_partition == CallingPartition::Vendor => Ok(()),
         _ => bail!("Label {} is not allowed", context),
     }
 }
commit	c8f2704b3b891186591341db1d5b3d37b9e08762	[log] [tgz]
author	Frederick Mayle <fmayle@google.com>	Wed Feb 26 12:35:26 2025 -0800
committer	Frederick Mayle <fmayle@google.com>	Wed Feb 26 13:40:53 2025 -0800
tree	295541abe85070c6d8c0a0f649bee16a331488f6
parent	2192baf0e8f6577bdaf076fbda8c70679c2f7269 [diff]