commit 4b80a3fc3d896a80330446ebfaf277dd6cd59987
author Andrew Walbran <qwandor@google.com> Fri May 21 13:21:43 2021 +0000
committer Andrew Walbran <qwandor@google.com> Fri May 21 14:47:30 2021 +0000
tree 9981dc6e79e669e495e5796512f271fa66acda50
parent 654c5b0ea8efa595d7c56c80c639dcfd61a646d1

Rename VirtManager to VirtualizationService.

Bug: 188042280
Test: atest VirtualizationTestCases
Change-Id: Ia46a0dda923cb30382cbcba64aeb569685041d2b

private/virtualizationservice.te

diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
new file mode 100644
index 0000000..4c6f1f9
--- /dev/null
+++ b/private/virtualizationservice.te
@@ -0,0 +1,25 @@
+type virtualizationservice, domain, coredomain;
+type virtualizationservice_exec, system_file_type, exec_type, file_type;
+
+# When init runs a file labelled with virtualizationservice_exec, run it in the
+# virtualizationservice domain.
+init_daemon_domain(virtualizationservice)
+
+# Let the virtualizationservice domain use Binder.
+binder_use(virtualizationservice)
+
+# Let the virtualizationservice domain register the virtualization_service with ServiceManager.
+add_service(virtualizationservice, virtualization_service)
+
+# When virtualizationservice execs a file with the crosvm_exec label, run it in the crosvm domain.
+domain_auto_trans(virtualizationservice, crosvm_exec, crosvm)
+
+# Let virtualizationservice exec other files (e.g. mk_cdisk) in the same domain.
+allow virtualizationservice system_file:file execute_no_trans;
+
+# Let virtualizationservice kill crosvm.
+allow virtualizationservice crosvm:process sigkill;
+
+# Let virtualizationservice access its data directory.
+allow virtualizationservice virtualizationservice_data_file:file create_file_perms;
+allow virtualizationservice virtualizationservice_data_file:dir create_dir_perms;