SEPolicy for compos_verify_key.
Remove some allow rules for odsign, since it no longer directly
modifies CompOs files. Instead allow it to run compos_verify_key in
its own domain.
Grant compos_verify_key what it needs to access the CompOs files and
start up the VM.
Currently we directly connect to the CompOs VM; that will change once
some in-flight CLs have landed.
As part of this I moved the virtualizationservice_use macro to
te_macros so I can use it here. I also expanded it to include
additional grants needed by any VM client that were previously done
for individual domains (and then deleted those rules as now
redundant).
I also removed the grant of VM access to all apps; instead we allow it
for untrusted apps, on userdebug or eng builds only. (Temporarily at
least.)
Bug: 193603140
Test: Manual - odsign successfully runs the VM at boot when needed.
Change-Id: I62f9ad8c7ea2fb9ef2d468331e26822d08e3c828
diff --git a/private/crosvm.te b/private/crosvm.te
index 6f3ab3d..5ec50b5 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te
@@ -49,7 +49,7 @@
}:file write;
# Allow crosvm to pipe console log to shell or app which could be the owner of a VM.
-allow crosvm { adbd appdomain }:fd use;
+allow crosvm adbd:fd use;
allow crosvm adbd:unix_stream_socket { read write };
allow crosvm appdomain:fifo_file { read write };