Label hypervisor test properties Bug: 298306391 Change-Id: I160101325989f58ef3403ec5be20895468c2ccbb Test: TH, atest CustomPvmfwHostTestCases

commit: 4183cbb63c7387f5458876ec23ce674b1d3d2384 [log] [tgz]
author: Jaewan Kim <jaewan@google.com> Thu Aug 31 07:58:08 2023 +0000
committer: Jaewan Kim <jaewan@google.com> Fri Sep 01 02:43:38 2023 +0000
tree: 5af9c01c7c678da3dcce44999df51cb0b5d8e605
parent: 726bcb500c9f55d23eb9f31d3959e10bf8eee482 [diff]
diff --git a/private/property.te b/private/property.te
index def39f0..90cfad2 100644
--- a/private/property.te
+++ b/private/property.te

@@ -53,8 +53,9 @@
 system_internal_prop(virtualizationservice_prop)
 system_internal_prop(ctl_apex_load_prop)
 system_internal_prop(enable_16k_pages_prop)
-
 system_internal_prop(sensors_config_prop)
+system_internal_prop(hypervisor_pvmfw_prop)
+system_internal_prop(hypervisor_virtualizationmanager_prop)
 
 # Properties which can't be written outside system
 system_restricted_prop(device_config_virtualization_framework_native_prop)

diff --git a/private/property_contexts b/private/property_contexts
index 1f4e95f..39dd3b5 100644
--- a/private/property_contexts
+++ b/private/property_contexts

@@ -700,6 +700,9 @@
 ro.fuse.bpf.enabled u:object_r:storage_config_prop:s0 exact bool
 ro.fuse.bpf.is_running u:object_r:vold_status_prop:s0 exact bool
 
+hypervisor.pvmfw.path                              u:object_r:hypervisor_pvmfw_prop:s0 exact string
+hypervisor.virtualizationmanager.debug_policy.path u:object_r:hypervisor_virtualizationmanager_prop:s0 exact string
+
 # hypervisor.*: configured by the vendor to advertise capabilities of their
 # hypervisor to virtualizationservice.
 hypervisor.memory_reclaim.supported u:object_r:hypervisor_restricted_prop:s0 exact bool

diff --git a/private/virtualizationmanager.te b/private/virtualizationmanager.te
index b6bcd98..095a27d 100644
--- a/private/virtualizationmanager.te
+++ b/private/virtualizationmanager.te

@@ -65,6 +65,14 @@
 get_prop(virtualizationmanager, hypervisor_prop)
 get_prop(virtualizationmanager, hypervisor_restricted_prop)
 
+# Allow virtualizationmanager to be read custom pvmfw.img configuration
+userdebug_or_eng(`get_prop(virtualizationmanager, hypervisor_pvmfw_prop)')
+dontaudit virtualizationmanager hypervisor_pvmfw_prop:file read;
+
+# Allow virtualizationmanager to be read custom virtualizationmanager configuration
+userdebug_or_eng(`get_prop(virtualizationmanager, hypervisor_virtualizationmanager_prop)')
+dontaudit virtualizationmanager hypervisor_virtualizationmanager_prop:file read;
+
 # Allow virtualizationmanager service to talk to tombstoned to push guest ramdumps
 unix_socket_connect(virtualizationmanager, tombstoned_crash, tombstoned)
commit	4183cbb63c7387f5458876ec23ce674b1d3d2384	[log] [tgz]
author	Jaewan Kim <jaewan@google.com>	Thu Aug 31 07:58:08 2023 +0000
committer	Jaewan Kim <jaewan@google.com>	Fri Sep 01 02:43:38 2023 +0000
tree	5af9c01c7c678da3dcce44999df51cb0b5d8e605
parent	726bcb500c9f55d23eb9f31d3959e10bf8eee482 [diff]