commit 094e8e81a2f30bcf505b66223a1333cfc815b9f7
author Inseob Kim <inseob@google.com> Fri Nov 17 18:03:46 2023 +0900
committer Inseob Kim <inseob@google.com> Wed Nov 22 05:28:20 2023 +0000
tree c7a710af2969fca32e00da3580cd593eda47b929
parent 9868a0ce1145bf6b3caaad69782e4afd1ce391a2

Flag-guard vfio_handler policies

vfio_handler will be active only if device assignment feature is turned
on.

Bug: 306563735
Test: microdroid tests with and without the flag
Change-Id: I5559dfca1a29852b65481c95f37edc9977ee9d7d

apex/Android.bp

diff --git a/apex/Android.bp b/apex/Android.bp
index 21054fc..04fd5f6 100644
--- a/apex/Android.bp
+++ b/apex/Android.bp
@@ -205,11 +205,10 @@
   ],
 }
 
-filegroup {
+file_contexts {
   name: "com.android.virt-file_contexts",
-  srcs: [
-    "com.android.virt-file_contexts",
-  ],
+  defaults: ["contexts_flags_defaults"],
+  srcs: ["com.android.virt-file_contexts"],
 }
 
 filegroup {

apex/com.android.virt-file_contexts

diff --git a/apex/com.android.virt-file_contexts b/apex/com.android.virt-file_contexts
index afe9f51..78720aa 100644
--- a/apex/com.android.virt-file_contexts
+++ b/apex/com.android.virt-file_contexts
@@ -3,4 +3,6 @@
 /bin/fd_server             u:object_r:fd_server_exec:s0
 /bin/virtmgr               u:object_r:virtualizationmanager_exec:s0
 /bin/virtualizationservice u:object_r:virtualizationservice_exec:s0
-/bin/vfio_handler          u:object_r:vfio_handler_exec:s0
+is_flag_enabled(RELEASE_AVF_ENABLE_DEVICE_ASSIGNMENT, `
+    /bin/vfio_handler          u:object_r:vfio_handler_exec:s0
+')