Don't prevent crosvm from accessing vendor-owned VM disk images There can be VM disk images that are specific to the underlying SoC. e.g. in case where SoC-specific hardware is dedicated to a VM and the VM needs drivers (or HALs) for the hardware. Don't prevent crosvm from reading such a SoC-specific VM disk images. Note that this doesn't actually allow crosvm to do that in AOSP. Such an allow rule could be added in downstreams where such use cases exist. Bug: 193605879 Test: m Change-Id: If19c0b6adae4c91676b142324c2903879548a135

commit: 3fee5a43c1e84038cb389e6974b03a147155282a [log] [tgz]
author: Jiyong Park <jiyong@google.com> Mon Aug 09 09:24:45 2021 +0900
committer: Jiyong Park <jiyong@google.com> Mon Aug 09 11:13:54 2021 +0900
tree: 769456e3d7591a965e604510f9c2327cf39c705b
parent: cb779773b7016d61100b7d741fb18835435f88d3 [diff] [blame]
diff --git a/private/crosvm.te b/private/crosvm.te
index 7426ef9..70ab655 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te

@@ -61,3 +61,17 @@
 # The console log can also be written to /data/local/tmp. This is not safe as the log then can be
 # visible to the processes which don't own the VM. Therefore, this is a debugging only feature.
 userdebug_or_eng(`allow crosvm shell_data_file:file w_file_perms;')
+
+# Don't allow crosvm to have access to ordinary vendor files that are not for VMs.
+full_treble_only(`
+  neverallow crosvm {
+    vendor_file_type
+    -vendor_vm_file
+    -vendor_vm_data_file
+    # These types are not required for crosvm, but the access is granted to globally in domain.te
+    # thus should be exempted here.
+    -vendor_configs_file
+    -vndk_sp_file
+    -vendor_task_profiles_file
+  }:file *;
+')
commit	3fee5a43c1e84038cb389e6974b03a147155282a	[log] [tgz]
author	Jiyong Park <jiyong@google.com>	Mon Aug 09 09:24:45 2021 +0900
committer	Jiyong Park <jiyong@google.com>	Mon Aug 09 11:13:54 2021 +0900
tree	769456e3d7591a965e604510f9c2327cf39c705b
parent	cb779773b7016d61100b7d741fb18835435f88d3 [diff] [blame]