commit	7c6b2705e9b65ecbf2bca3880f40b2fb603476c6	[log] [tgz]
author	Nikita Ioffe <ioffe@google.com>	Fri Sep 30 18:40:05 2022 +0100
committer	Nikita Ioffe <ioffe@google.com>	Mon Oct 03 21:03:42 2022 +0100
tree	3b1a24fb7464525075184457046ed4f4c79326ba
parent	7710a6dd5448bf60ef9e4f4cbbde3ddc71fb2a7c [diff]

Explicitly specify capabilities of root services in microdroid This is a semi-automatic change to simply specify the capabilities that these services have according to the sepolicy. List of capabilities for each service was obtained by running: `sesearch --allow -c capability,capability2 /tmp/microdroid-policy` The policy specifies that all processes have CAP_AUDIT_CONTROL, but it doesn't seem to be actually required, so it's omitted from the service definitions. Also switch tombstone_transmit to run as system user. Test: presubmit Test: atest --test-mapping packages/modules/Virtualization:avf-presubmit Test: run demo app and verify capabilities of microdroid_launcher Test: atest com.android.microdroid.test.MicrodroidTestCase#testTombstonesAreGeneratedUponCrash Bug: 243633980 Bug: 249796710 Change-Id: I19b0cefb07fc7480b3f9dc05cb708a899489fe65

tree: 3b1a24fb7464525075184457046ed4f4c79326ba

.prebuilt_info/
apex/
apkdmverity/
authfs/
avmd/
compos/
demo/
docs/
javalib/
launcher/
libs/
microdroid/
microdroid_manager/
pvmfw/
rialto/
tests/
virtualizationservice/
vm/
vmbase/
vmclient/
zipfuse/
rustfmt.toml ⇨ ../../../build/soong/scripts/rustfmt.toml
.clang-format
.gitignore
Android.bp
OWNERS
PREUPLOAD.cfg
README.md
TEST_MAPPING

README.md

Virtualization

This repository contains userspace services related to running virtual machines on Android, especially protected virtual machines. See the getting started documentation and Microdroid README for more information.