commit 3e61a33df59cd6848721000d36d286bd456b49eb
author David Brazdil <dbrazdil@google.com> Tue Dec 20 08:17:05 2022 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Dec 20 08:17:05 2022 +0000
tree 0220ae668958c9067c7824d3832bc10fca58c604
parent 9c3f1940324460230fadfe198f6430558decca79
parent 5fcfbe49da8fa9e8f30c43869aa0ee5068ad7a5f

Merge "Create virtmgr domain and initial policy"

apex/com.android.virt-file_contexts

diff --git a/apex/com.android.virt-file_contexts b/apex/com.android.virt-file_contexts
index cc712ff..caef62d 100644
--- a/apex/com.android.virt-file_contexts
+++ b/apex/com.android.virt-file_contexts
@@ -1,4 +1,5 @@
 (/.*)?                     u:object_r:system_file:s0
 /bin/crosvm                u:object_r:crosvm_exec:s0
 /bin/fd_server             u:object_r:fd_server_exec:s0
+/bin/virtmgr               u:object_r:virtmgr_exec:s0
 /bin/virtualizationservice u:object_r:virtualizationservice_exec:s0

private/app.te

diff --git a/private/app.te b/private/app.te
index ae8b206..a7939b0 100644
--- a/private/app.te
+++ b/private/app.te
@@ -95,8 +95,9 @@
 # Exception for crash_dump to allow for app crash reporting.
 # Exception for renderscript binaries (/system/bin/bcc, /system/bin/ld.mc)
 # to allow renderscript to create privileged executable files.
+# Exception for virtmgr to allow running VMs as child processes.
 neverallow { appdomain -shell userdebug_or_eng(`-su') }
-    { domain -appdomain -crash_dump -rs }:process { transition };
+    { domain -appdomain -crash_dump -rs -virtmgr }:process { transition };
 neverallow { appdomain -shell userdebug_or_eng(`-su') }
     { domain -appdomain }:process { dyntransition };
 

private/virtmgr.te

diff --git a/private/virtmgr.te b/private/virtmgr.te
new file mode 100644
index 0000000..225b6cb
--- /dev/null
+++ b/private/virtmgr.te
@@ -0,0 +1,8 @@
+# Domain for a child process that manages virtual machines on behalf of its parent.
+
+type virtmgr, domain, coredomain;
+type virtmgr_exec, system_file_type, exec_type, file_type;
+
+# Allow virtmgr to communicate use, read and write over the adb connection.
+allow virtmgr adbd:fd use;
+allow virtmgr adbd:unix_stream_socket { read write };

public/te_macros

diff --git a/public/te_macros b/public/te_macros
index ab42534..3bb3904 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -190,9 +190,15 @@
 binder_call($1, virtualizationservice)
 # Let virtualizationservice call back to the client.
 binder_call(virtualizationservice, $1)
-# Let the client pass file descriptors to virtualizationservice and on
+# Transition to virtmgr when the client executes it.
+domain_auto_trans($1, virtmgr_exec, virtmgr)
+# Allow virtmgr to communicate over UDS with the client.
+allow virtmgr $1:unix_stream_socket { getattr read write };
+# Allow virtmgr and the client to signal each other using pipes.
+allow virtmgr $1:fifo_file { getattr read write };
+# Let the client pass file descriptors to virtualizationservice/virtmgr and on
 # to crosvm
-allow { virtualizationservice crosvm } $1:fd use;
+allow { virtualizationservice virtmgr crosvm } $1:fd use;
 # Allow piping console log to the client
 allow { virtualizationservice crosvm } $1:fifo_file { getattr write};
 # Allow client to read/write vsock created by virtualizationservice to