commit 77a3ca6b4c380efc801c38ead86f5526fa772736
author Jeongik Cha <jeongik@google.com> Tue Apr 09 15:02:28 2024 +0900
committer Jeongik Cha <jeongik@google.com> Tue Apr 09 22:01:06 2024 +0900
tree a5b20bd50faeb0ebb39a74fcf629b4e2b13c25c7
parent bc71c77f9433e93d3090615fece922da574ca25e

Introduce vmlauncher_app domain

Bug: 333485208
Test: check display
Change-Id: I64c09f09615e89cf24398c01b8f87b0136be0a7f

private/vmlauncher_app.te

diff --git a/private/vmlauncher_app.te b/private/vmlauncher_app.te
new file mode 100644
index 0000000..dcc4f55
--- /dev/null
+++ b/private/vmlauncher_app.te
@@ -0,0 +1,18 @@
+type vmlauncher_app, domain;
+typeattribute vmlauncher_app coredomain;
+
+app_domain(vmlauncher_app)
+
+allow vmlauncher_app app_api_service:service_manager find;
+allow vmlauncher_app system_api_service:service_manager find;
+
+allow vmlauncher_app shell_data_file:dir search;
+allow vmlauncher_app shell_data_file:file { read open write };
+virtualizationservice_use(vmlauncher_app)
+
+is_flag_enabled(RELEASE_AVF_SUPPORT_CUSTOM_VM_WITH_PARAVIRTUALIZED_DEVICES, `
+  # TODO(b/332677707): remove them when display service uses binder RPC.
+  allow vmlauncher_app virtualization_service:service_manager find;
+  allow vmlauncher_app virtualizationservice:binder call;
+  allow vmlauncher_app crosvm:binder { call transfer };
+')