Allow use of VS's data files for VM partitions These files are only writable by Virtualization Service and Virtualization Manager, so we can trust them. Bug: 274407309 Test: TH Change-Id: I71671c8555197fa9acf314046911c6a2517d2cce

commit: fe4bb0c37f52ad3b18c03498444b8ff4129ade2b [log] [tgz]
author: Alan Stokes <alanstokes@google.com> Mon Mar 20 14:15:36 2023 +0000
committer: Alan Stokes <alanstokes@google.com> Mon Mar 20 14:15:36 2023 +0000
tree: 6ff0d52cd84fead6a0be51bd330a73e1e92c34be
parent: 02723e553433f4c4e240d4b86953aeec7bba3ed2 [diff]
diff --git a/virtualizationmanager/src/aidl.rs b/virtualizationmanager/src/aidl.rs
index e015d9d..749d75f 100644
--- a/virtualizationmanager/src/aidl.rs
+++ b/virtualizationmanager/src/aidl.rs

@@ -725,10 +725,11 @@
 /// user devices (W^X).
 fn check_label_is_allowed(context: &SeContext) -> Result<()> {
     match context.selinux_type()? {
-        | "system_file" // immutable dm-verity protected partition
         | "apk_data_file" // APKs of an installed app
-        | "staging_data_file" // updated/staged APEX images
         | "shell_data_file" // test files created via adb shell
+        | "staging_data_file" // updated/staged APEX images
+        | "system_file" // immutable dm-verity protected partition
+        | "virtualizationservice_data_file" // files created by VS / VirtMgr
          => Ok(()),
         _ => bail!("Label {} is not allowed", context),
     }
commit	fe4bb0c37f52ad3b18c03498444b8ff4129ade2b	[log] [tgz]
author	Alan Stokes <alanstokes@google.com>	Mon Mar 20 14:15:36 2023 +0000
committer	Alan Stokes <alanstokes@google.com>	Mon Mar 20 14:15:36 2023 +0000
tree	6ff0d52cd84fead6a0be51bd330a73e1e92c34be
parent	02723e553433f4c4e240d4b86953aeec7bba3ed2 [diff]