Restrict access to virtualization service's vsocks
VS never needs to connect, it only accepts incoming connections for
tombstones. So we can remove the connection permission.
And no other host process (except dumpstate) ever needs access to
these sockets, so add an appropriate neverallow.
Bug: 347661724
Test: atest MicrodroidHostTestCases MicrodroidTestApp
Change-Id: I6c975842dc284a722ac19e3ab8cf4a79b98e8c25
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index 3d0aac0..fd5cf36 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te
@@ -84,10 +84,10 @@
allow virtualizationservice apex_virt_data_file:dir create_dir_perms;
allow virtualizationservice apex_virt_data_file:file create_file_perms;
-# Let virtualizationservice to accept vsock connection from the guest VMs to singleton services
+# Accept vsock connection from the guest VMs to singleton services
# such as the guest tombstone server.
-allow virtualizationservice self:vsock_socket { create_socket_perms_no_ioctl listen accept };
-neverallow { domain -virtualizationservice } virtualizationservice:vsock_socket { accept bind create connect listen };
+allow virtualizationservice self:vsock_socket { create read getattr write setattr lock append bind getopt setopt shutdown map listen accept };
+neverallow { domain -virtualizationservice -dumpstate } virtualizationservice:vsock_socket *;
# Allow virtualizationservice to read/write its own sysprop. Only the process can do so.
set_prop(virtualizationservice, virtualizationservice_prop)