Merge "sepolicy: add f2fs ioctls"
diff --git a/private/domain.te b/private/domain.te
index 5a1eab1..c1dea0a 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -216,6 +216,7 @@
-appdomain # for oemfs
-bootanim # for oemfs
-recovery # for /tmp/update_binary in tmpfs
+ userdebug_or_eng(`-microdroid_launcher') # for executing shared libs on /mnt/apk in Microdroid
} { fs_type -rootfs }:file execute;
#
diff --git a/private/microdroid_launcher.te b/private/microdroid_launcher.te
new file mode 100644
index 0000000..5983cb7
--- /dev/null
+++ b/private/microdroid_launcher.te
@@ -0,0 +1,31 @@
+# microdroid_launcher is a binary that loads a shared library from an apk and
+# executes it by calling an entry point in the library. This can be considered
+# as the native counterpart of app_process for Java.
+
+type microdroid_launcher, domain, coredomain;
+type microdroid_launcher_exec, exec_type, file_type, system_file_type;
+
+# allow executing files on the zipfuse fs
+# TODO(b/188400186) uncomment the below when the zipfuse is mounted with
+# fscontext=u:object_r:zipfusefs:s0
+# allow microdroid_launcher zipfusefs:dir r_dir_perms;
+# allow microdroid_launcher zipfusefs:file rx_file_perms;
+# TODO(b/188400186) remove the below two rules
+userdebug_or_eng(`
+ allow microdroid_launcher fuse:dir r_dir_perms;
+ allow microdroid_launcher fuse:file rx_file_perms;
+')
+
+# Allow to communicate use, read and write over the adb connection.
+allow microdroid_launcher adbd:fd use;
+allow microdroid_launcher adbd:unix_stream_socket { read write };
+
+# Allow to use FDs inherited from the shell. This includes the FD opened for
+# the microdroid_launcher executable itself and the FD for adb connection.
+# TODO(b/186396070) remove this when this is executed from microdroid_manager
+userdebug_or_eng(`
+ allow microdroid_launcher shell:fd use;
+')
+
+# Allow to use terminal
+allow microdroid_launcher devpts:chr_file rw_file_perms;
diff --git a/private/shell.te b/private/shell.te
index 5831d54..231a63f 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -191,6 +191,10 @@
# Allow shell to read Virtual A/B related properties
get_prop(shell, virtual_ab_prop)
+# Allow shell to launch microdroid_launcher in its own domain
+# TODO(b/186396070) remove this when microdroid_manager can do this
+domain_auto_trans(shell, microdroid_launcher_exec, microdroid_launcher)
+
# Never allow others to set or get the perf.drop_caches property.
neverallow { domain -shell -init } perf_drop_caches_prop:property_service set;
neverallow { domain -shell -init -dumpstate } perf_drop_caches_prop:file read;