Add domain for compos binaries Bug: 191263171 Test: atest MicrodroidHostTestCases Test: atest ComposHostTestCases Change-Id: I1fd35d0efe83d2cecaa41580e6d1d0b8f6242b3f

commit: 7560aed40a59eb264f04e8a921c38f4021061f76 [log] [tgz]
author: Inseob Kim <inseob@google.com> Tue Jul 20 09:57:57 2021 +0000
committer: Inseob Kim <inseob@google.com> Fri Jul 23 06:01:39 2021 +0000
tree: ec7878ea5463b68b2c3f25dce49762493fbb4b87
parent: f778a0bd8956a2a846575c6d5802ded9e3be378b [diff] [blame]
diff --git a/microdroid/system/private/compos.te b/microdroid/system/private/compos.te
new file mode 100644
index 0000000..ecb5dad
--- /dev/null
+++ b/microdroid/system/private/compos.te

@@ -0,0 +1,15 @@
+# TODO(b/193504816): move this to compos APEX
+type compos, domain, coredomain;
+type compos_exec, exec_type, file_type, system_file_type;
+
+type compos_key_cmd, domain, coredomain;
+type compos_key_cmd_exec, exec_type, file_type, system_file_type;
+
+binder_use(compos)
+use_keystore(compos)
+
+allow compos self:vsock_socket { create_socket_perms_no_ioctl listen accept };
+
+allow compos microdroid_manager:fd use;
+
+allow compos kmsg_device:chr_file w_file_perms;
commit	7560aed40a59eb264f04e8a921c38f4021061f76	[log] [tgz]
author	Inseob Kim <inseob@google.com>	Tue Jul 20 09:57:57 2021 +0000
committer	Inseob Kim <inseob@google.com>	Fri Jul 23 06:01:39 2021 +0000
tree	ec7878ea5463b68b2c3f25dce49762493fbb4b87
parent	f778a0bd8956a2a846575c6d5802ded9e3be378b [diff] [blame]