Revert^2 "Add microfuchsia selinux policies"
8794c8c3546472ffd3cfb378df6514e9bb8fc576
Change-Id: Ie1f098a651674c788f1978fa44b5dbd5151270b8
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index b7364bd..865051c 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -184,6 +184,7 @@
"android.security.metrics": EXCEPTION_NO_FUZZER,
"android.service.gatekeeper.IGateKeeperService": []string{"gatekeeperd_service_fuzzer"},
"android.system.composd": EXCEPTION_NO_FUZZER,
+ "android.system.microfuchsiad": EXCEPTION_NO_FUZZER,
// TODO(b/294158658): add fuzzer
"android.hardware.security.keymint.IRemotelyProvisionedComponent/avf": EXCEPTION_NO_FUZZER,
"android.system.virtualizationservice": []string{"virtualizationmanager_fuzzer"},
diff --git a/flagging/Android.bp b/flagging/Android.bp
index 5117fab..dc3b6a0 100644
--- a/flagging/Android.bp
+++ b/flagging/Android.bp
@@ -22,6 +22,7 @@
"RELEASE_AVF_ENABLE_DEVICE_ASSIGNMENT",
"RELEASE_AVF_ENABLE_LLPVM_CHANGES",
"RELEASE_AVF_ENABLE_NETWORK",
+ "RELEASE_AVF_ENABLE_MICROFUCHSIA",
"RELEASE_READ_FROM_NEW_STORAGE",
"RELEASE_HARDWARE_BLUETOOTH_RANGING_SERVICE",
"RELEASE_UNLOCKED_STORAGE_API",
diff --git a/private/microfuchsiad.te b/private/microfuchsiad.te
new file mode 100644
index 0000000..f02acaf
--- /dev/null
+++ b/private/microfuchsiad.te
@@ -0,0 +1,18 @@
+is_flag_enabled(RELEASE_AVF_ENABLE_MICROFUCHSIA, `
+ type microfuchsiad, domain, coredomain;
+ type microfuchsiad_exec, system_file_type, exec_type, file_type;
+
+ # Host dynamic AIDL services
+ init_daemon_domain(microfuchsiad)
+ binder_use(microfuchsiad)
+ add_service(microfuchsiad, microfuchsia_service)
+
+ # Call back into system server
+ binder_call(microfuchsiad, system_server)
+
+ # Start a VM
+ virtualizationservice_use(microfuchsiad)
+
+ # Create pty devices
+ allow microfuchsiad devpts:chr_file { read write open getattr ioctl };
+')
diff --git a/private/service.te b/private/service.te
index 6c55ed4..80d5168 100644
--- a/private/service.te
+++ b/private/service.te
@@ -34,6 +34,9 @@
type vm_tethering_service, system_server_service, service_manager_type;
type vmnic_service, service_manager_type;
')
+is_flag_enabled(RELEASE_AVF_ENABLE_MICROFUCHSIA, `
+ type microfuchsia_service, service_manager_type;
+')
type uce_service, service_manager_type;
type wearable_sensing_service, app_api_service, system_server_service, service_manager_type;
diff --git a/private/service_contexts b/private/service_contexts
index d1eecd5..f81491a 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -174,6 +174,9 @@
android.system.virtualizationservice_internal.IVmnic u:object_r:vmnic_service:s0
android.system.vmtethering.IVmTethering u:object_r:vm_tethering_service:s0
')
+is_flag_enabled(RELEASE_AVF_ENABLE_MICROFUCHSIA, `
+ android.system.microfuchsiad u:object_r:microfuchsia_service:s0
+')
ambient_context u:object_r:ambient_context_service:s0
app_binding u:object_r:app_binding_service:s0
app_hibernation u:object_r:app_hibernation_service:s0