SEPolicy for compos_verify_key.
Remove some allow rules for odsign, since it no longer directly
modifies CompOs files. Instead allow it to run compos_verify_key in
its own domain.
Grant compos_verify_key what it needs to access the CompOs files and
start up the VM.
Currently we directly connect to the CompOs VM; that will change once
some in-flight CLs have landed.
As part of this I moved the virtualizationservice_use macro to
te_macros so I can use it here. I also expanded it to include
additional grants needed by any VM client that were previously done
for individual domains (and then deleted those rules as now
redundant).
I also removed the grant of VM access to all apps; instead we allow it
for untrusted apps, on userdebug or eng builds only. (Temporarily at
least.)
Bug: 193603140
Test: Manual - odsign successfully runs the VM at boot when needed.
Change-Id: I62f9ad8c7ea2fb9ef2d468331e26822d08e3c828
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index f7dfdeb..b4561fa 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -170,3 +170,8 @@
# according to the heuristic of lockdown.
allow untrusted_app_all self:lockdown integrity;
')
+
+# Allow running a VM for test/demo purposes
+userdebug_or_eng(`
+ virtualizationservice_use(untrusted_app_all)
+')