Merge "Move mediaprovider_app to common code"

commit: 16c9c6a55772bdd3a8607cd48be58f1bbcd6f62e [log] [tgz]
author: Rick Yiu <rickyiu@google.com> Tue Aug 17 07:55:03 2021 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Aug 17 07:55:03 2021 +0000
tree: a58f382e5f4c608992cdfcd83e78de9c8245b073
parent: 49b13bc0f37a19d631591964a135cf87fa00110d [diff]
parent: bc2fe2d944fb1e7bb5f3c72b4355fea56bea6451 [diff]
diff --git a/TEST_MAPPING b/TEST_MAPPING
index db12ffe..83021d0 100644
--- a/TEST_MAPPING
+++ b/TEST_MAPPING

@@ -14,6 +14,9 @@
                 }
 
             ]
+        },
+        {
+            "name": "MicrodroidHostTestCases"
         }
     ]
 }

diff --git a/apex/com.android.compos-file_contexts b/apex/com.android.compos-file_contexts
index d678ca6..35d20c0 100644
--- a/apex/com.android.compos-file_contexts
+++ b/apex/com.android.compos-file_contexts

@@ -1,4 +1,2 @@
 (/.*)?                   u:object_r:system_file:s0
-/bin/compos_key_main     u:object_r:compos_exec:s0
 /bin/compsvc             u:object_r:compos_exec:s0
-/bin/compsvc_worker      u:object_r:compos_exec:s0

diff --git a/microdroid/system/private/authfs.te b/microdroid/system/private/authfs.te
index e8c340b..7bd39e4 100644
--- a/microdroid/system/private/authfs.te
+++ b/microdroid/system/private/authfs.te

@@ -9,6 +9,7 @@
 # Allow basic rules to implement FUSE.
 # TODO(195554831): Move the privilege to authfs_service
 allow authfs fuse_device:chr_file rw_file_perms;
+allow authfs self:global_capability_class_set sys_admin;
 
 # Allow mounting authfs.
 # TODO(195554831): Move the privilege to authfs_service.

diff --git a/microdroid/system/private/authfs_service.te b/microdroid/system/private/authfs_service.te
index c3d356e..f81a8f2 100644
--- a/microdroid/system/private/authfs_service.te
+++ b/microdroid/system/private/authfs_service.te

@@ -16,6 +16,9 @@
 # Allow domain transition into authfs.
 domain_auto_trans(authfs_service, authfs_exec, authfs)
 
+# Allow mounting the FUSE filesystem.
+allow authfs_service self:global_capability_class_set sys_admin;
+
 # Allow creating/deleting mount directories.
 allow authfs_service authfs_data_file:dir create_dir_perms;
 

diff --git a/microdroid/system/private/compos.te b/microdroid/system/private/compos.te
index 9e6b2bb..b8ad335 100644
--- a/microdroid/system/private/compos.te
+++ b/microdroid/system/private/compos.te

@@ -4,11 +4,11 @@
 
 allow compos self:vsock_socket { create_socket_perms_no_ioctl listen accept };
 
-# Talk to binder services (for keystore)
+# Allow using keystore and authfs_service binder services
 binder_use(compos);
-
-# Allow payloads to use keystore
 use_keystore(compos);
+allow compos authfs_binder_service:service_manager find;
+binder_call(compos, authfs_service);
 
 # Allow payloads to use and manage their keys
 allow compos vm_payload_key:keystore2_key {
@@ -18,3 +18,15 @@
     rebind
     use
 };
+
+# Although the compos should not really read/write the FD on authfs_fuse, this
+# is apparently required for the binder driver to pass the FDs to compos from
+# authfs_service.
+allow compos authfs_fuse:file { read write };
+
+# Allow getattr (in fact, getxattr) as a workaround to retrieve fs-verity
+# metadata. See b/196635431.
+allow compos authfs_fuse:file getattr;
+
+# Allow domain transition into dex2oat.
+domain_auto_trans(compos, dex2oat_exec, dex2oat)

diff --git a/microdroid/system/private/dex2oat.te b/microdroid/system/private/dex2oat.te
index 6bfd05e..cde824b 100644
--- a/microdroid/system/private/dex2oat.te
+++ b/microdroid/system/private/dex2oat.te

@@ -3,3 +3,22 @@
 type dex2oat_exec, system_file_type, exec_type, file_type;
 
 allow dex2oat tmpfs:file { read getattr map };
+
+# Allow dex2oat to use FDs from authfs_service via compos.
+allow dex2oat authfs_service:fd use;
+allow dex2oat compos:fd use;
+
+# Allow dex2oat to read/write FDs on authfs_fuse filesystem.
+allow dex2oat authfs_fuse:file rw_file_perms;
+
+# Minijail uses pipe for the parent process to signal the child (as a fallback
+# mechanism, since Android does not support minijail's preload).
+# TODO(196109647): We can probably remove this once the minijail preload is
+# supported on Android.
+allow dex2oat compos:fifo_file read;
+
+# Allow acquiring advisory lock on /system/framework/<arch>/*
+allow dex2oat system_file:file lock;
+
+# Allow dex2oat to read /apex/apex-info-list.xml
+allow dex2oat apex_info_file:file r_file_perms;

diff --git a/microdroid/system/public/attributes b/microdroid/system/public/attributes
index cf516dd..ffc2b3b 100644
--- a/microdroid/system/public/attributes
+++ b/microdroid/system/public/attributes

@@ -7,6 +7,9 @@
 # in tools/checkfc.c
 attribute dev_type;
 
+# Attribute for block devices.
+attribute bdev_type;
+
 # All types used for processes.
 attribute domain;
 

diff --git a/microdroid/system/public/device.te b/microdroid/system/public/device.te
index 8d286a6..bdc3b28 100644
--- a/microdroid/system/public/device.te
+++ b/microdroid/system/public/device.te

@@ -1,7 +1,7 @@
 type ashmem_device, dev_type, mlstrustedobject;
 type ashmem_libcutils_device, dev_type, mlstrustedobject;
 type binder_device, dev_type, mlstrustedobject;
-type block_device, dev_type;
+type block_device, dev_type, bdev_type;
 type console_device, dev_type;
 type device, dev_type, fs_type;
 type dm_device, dev_type;

diff --git a/private/crosvm.te b/private/crosvm.te
index 70ab655..6f3ab3d 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te

@@ -31,14 +31,9 @@
 # Allow searching the directory where the composite disk images are.
 allow crosvm virtualizationservice_data_file:dir search;
 
-# TODO(b/193402941) delete this. This for now is required because crosvm needs to open the files for
-# the GPT headers of the composite disks.
-allow crosvm virtualizationservice_data_file:file open;
-
 # Don't allow crosvm to open files that it doesn't own.
 neverallow crosvm {
-  #TODO(b/193402941) uncomment the following line
-  #virtualizationservice_data_file
+  virtualizationservice_data_file
   staging_data_file
   apk_data_file
   app_data_file

diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index f92c94f..c51b995 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te

@@ -9,8 +9,6 @@
 binder_use(virtualizationservice)
 # ... and host a binder service
 binder_service(virtualizationservice)
-# It needs to call back to app
-binder_call(virtualizationservice, appdomain)
 
 # Allow calling into the system server so that it can check permissions.
 binder_call(virtualizationservice, system_server)
@@ -36,6 +34,8 @@
 define(`virtualizationservice_use', `
 # Let the client call virtualizationservice.
 binder_call($1, virtualizationservice)
+# Let virtualizationservice call back to the client.
+binder_call(virtualizationservice, $1)
 # Let the client pass file descriptors to virtualizationservice.
 allow virtualizationservice $1:fd use;
 ')
@@ -43,7 +43,9 @@
 # Let the shell user call virtualizationservice (and virtualizationservice call back to shell) for
 # debugging.
 virtualizationservice_use(shell)
-binder_call(virtualizationservice, shell)
+
+# Let apps use virtualizationservice.
+virtualizationservice_use(appdomain)
 
 # Allow to use fd (e.g. /dev/pts/0) inherited from adbd so that we can redirect output from
 # crosvm to the console
commit	16c9c6a55772bdd3a8607cd48be58f1bbcd6f62e	[log] [tgz]
author	Rick Yiu <rickyiu@google.com>	Tue Aug 17 07:55:03 2021 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Tue Aug 17 07:55:03 2021 +0000
tree	a58f382e5f4c608992cdfcd83e78de9c8245b073
parent	49b13bc0f37a19d631591964a135cf87fa00110d [diff]
parent	bc2fe2d944fb1e7bb5f3c72b4355fea56bea6451 [diff]