Allow vmlauncher_app to create ptys to communicate with shell * Allow vmlauncher_app to create pty/pts * Allow vmlauncher_app to change permission of created pts * Allow shell to read/write vmlauncher_app pts adb shell can open and communicate with vmlauncher_app via the pts device. VM console would be available on the pts. Bug: 335362012 Test: adb shell -t microcom /dev/pts/0 Test: No new avc denials in logcat Change-Id: If630235b486bf5ffffb45aeac3e29438029edb04

commit: 15bdfcb1804922e2f2260a60868599ef2c4baed1 [log] [tgz]
author: Yi-Yo Chiang <yochiang@google.com> Fri May 10 18:01:47 2024 +0800
committer: Yi-Yo Chiang <yochiang@google.com> Thu May 23 15:03:49 2024 +0800
tree: 07acf250ce4c9c3bf1f2a033c3b1e0c97981f6a3
parent: 4fa0ed2bc111e572c1fb6b703d05075ae5dd792a [diff] [blame]
diff --git a/private/shell.te b/private/shell.te
index dbdd132..263db8c 100644
--- a/private/shell.te
+++ b/private/shell.te

@@ -430,6 +430,12 @@
 # Allow reads (but not writes) of the MGLRU state
 allow shell sysfs_lru_gen_enabled:file r_file_perms;
 
+# Allow communicating with the VM terminal.
+userdebug_or_eng(`
+  allow shell vmlauncher_app_devpts:chr_file rw_file_perms;
+  allowxperm shell vmlauncher_app_devpts:chr_file ioctl unpriv_tty_ioctls;
+')
+
 # Allow access to ion memory allocation device.
 allow shell ion_device:chr_file rw_file_perms;
commit	15bdfcb1804922e2f2260a60868599ef2c4baed1	[log] [tgz]
author	Yi-Yo Chiang <yochiang@google.com>	Fri May 10 18:01:47 2024 +0800
committer	Yi-Yo Chiang <yochiang@google.com>	Thu May 23 15:03:49 2024 +0800
tree	07acf250ce4c9c3bf1f2a033c3b1e0c97981f6a3
parent	4fa0ed2bc111e572c1fb6b703d05075ae5dd792a [diff] [blame]