Add /dev/vsock permissions to microdroid microdroid_manager needs to know its own CID until the full RPC binder support is landed. Bug: 191845268 Test: run MicrodroidDemoApp Test: atest MicrodroidHostTestCases Change-Id: I8f6c667f0827d1089baa21417c2b0ba382d94d26

commit: 2e0fb00f2271b1ac94e18c38ee8d94a493b63c8e [log] [tgz]
author: Inseob Kim <inseob@google.com> Sat Aug 21 02:37:01 2021 +0900
committer: Inseob Kim <inseob@google.com> Tue Aug 24 14:23:18 2021 +0900
tree: d7551ac35850d1f99b182e0fb8a9998d35ebfc9a
parent: 97935f4898dee97fa955548cb801bd800b45e4d0 [diff]
diff --git a/microdroid/system/private/microdroid_manager.te b/microdroid/system/private/microdroid_manager.te
index 3e450f6..f84f5f0 100644
--- a/microdroid/system/private/microdroid_manager.te
+++ b/microdroid/system/private/microdroid_manager.te

@@ -36,4 +36,11 @@
 allow microdroid_manager system_bootstrap_lib_file:dir r_dir_perms;
 allow microdroid_manager system_bootstrap_lib_file:file { execute read open getattr map };
 
+# Allow microdroid_manager to ioctl /dev/vsock.
+# TODO(b/191845268): remove the below rules
+allow microdroid_manager device:chr_file r_file_perms;
+allowxperm microdroid_manager device:chr_file ioctl {
+    IOCTL_VM_SOCKETS_GET_LOCAL_CID
+};
+
 neverallow microdroid_manager { file_type fs_type }:file execute_no_trans;
commit	2e0fb00f2271b1ac94e18c38ee8d94a493b63c8e	[log] [tgz]
author	Inseob Kim <inseob@google.com>	Sat Aug 21 02:37:01 2021 +0900
committer	Inseob Kim <inseob@google.com>	Tue Aug 24 14:23:18 2021 +0900
tree	d7551ac35850d1f99b182e0fb8a9998d35ebfc9a
parent	97935f4898dee97fa955548cb801bd800b45e4d0 [diff]