Allow vmlauncher_app to create ptys to communicate with shell * Allow vmlauncher_app to create pty/pts * Allow vmlauncher_app to change permission of created pts * Allow shell to read/write vmlauncher_app pts adb shell can open and communicate with vmlauncher_app via the pts device. VM console would be available on the pts. Bug: 335362012 Test: adb shell -t microcom /dev/pts/0 Test: No new avc denials in logcat Change-Id: If630235b486bf5ffffb45aeac3e29438029edb04

commit: 15bdfcb1804922e2f2260a60868599ef2c4baed1 [log] [tgz]
author: Yi-Yo Chiang <yochiang@google.com> Fri May 10 18:01:47 2024 +0800
committer: Yi-Yo Chiang <yochiang@google.com> Thu May 23 15:03:49 2024 +0800
tree: 07acf250ce4c9c3bf1f2a033c3b1e0c97981f6a3
parent: 4fa0ed2bc111e572c1fb6b703d05075ae5dd792a [diff] [blame]
diff --git a/private/vmlauncher_app.te b/private/vmlauncher_app.te
index dcc4f55..f0f372b 100644
--- a/private/vmlauncher_app.te
+++ b/private/vmlauncher_app.te

@@ -16,3 +16,10 @@
   allow vmlauncher_app virtualizationservice:binder call;
   allow vmlauncher_app crosvm:binder { call transfer };
 ')
+
+userdebug_or_eng(`
+  # Create pty/pts and connect it to the guest terminal.
+  create_pty(vmlauncher_app)
+  # Allow other processes to access the pts.
+  allow vmlauncher_app vmlauncher_app_devpts:chr_file setattr;
+')
commit	15bdfcb1804922e2f2260a60868599ef2c4baed1	[log] [tgz]
author	Yi-Yo Chiang <yochiang@google.com>	Fri May 10 18:01:47 2024 +0800
committer	Yi-Yo Chiang <yochiang@google.com>	Thu May 23 15:03:49 2024 +0800
tree	07acf250ce4c9c3bf1f2a033c3b1e0c97981f6a3
parent	4fa0ed2bc111e572c1fb6b703d05075ae5dd792a [diff] [blame]