Merge "Merge RQ3A.210905.001 to aosp-master - DO NOT MERGE"
diff --git a/microdroid/system/private/microdroid_payload.te b/microdroid/system/private/microdroid_payload.te
index 87edb31..6079ed1 100644
--- a/microdroid/system/private/microdroid_payload.te
+++ b/microdroid/system/private/microdroid_payload.te
@@ -29,3 +29,13 @@
# Only microdroid_payload can be run by microdroid_manager
neverallow microdroid_manager { domain -crash_dump -microdroid_payload }:process transition;
+
+# Allow microdroid_payload to open binder servers via vsock.
+allow microdroid_payload self:vsock_socket { create_socket_perms listen accept };
+
+# Allow microdroid_payload to ioctl /dev/vsock.
+# TODO(b/199259751): remove the below rules
+allow microdroid_payload device:chr_file r_file_perms;
+allowxperm microdroid_payload device:chr_file ioctl {
+ IOCTL_VM_SOCKETS_GET_LOCAL_CID
+};
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index eb93529..f33cff9 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -117,9 +117,10 @@
alg_socket nfc_socket kcm_socket qipcrtr_socket smc_socket xdp_socket
} *;
-# Apps can read/write vsock created by virtualizationservice to communicate with the VM that they own,
-# but nothing more than that (e.g. creating a new vsock, etc.)
-neverallow all_untrusted_apps virtualizationservice:vsock_socket ~{ getattr read write };
+# Apps can read/write an already open vsock (e.g. created by
+# virtualizationservice) but nothing more than that (e.g. creating a
+# new vsock, etc.)
+neverallow all_untrusted_apps *:vsock_socket ~{ getattr read write };
# Disallow sending RTM_GETLINK messages on netlink sockets.
neverallow all_untrusted_apps domain:netlink_route_socket { bind nlmsg_readpriv };
diff --git a/private/platform_app.te b/private/platform_app.te
index 55ccbde..a69c45e 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -108,6 +108,9 @@
# Allow platform apps to act as Perfetto producers.
perfetto_producer(platform_app)
+# Allow platform apps to create VMs
+virtualizationservice_use(platform_app)
+
###
### Neverallow rules
###
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index 0128dfe..98d83af 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -176,11 +176,6 @@
# the profiler (which would be profiling the app that is sending the signal).
allow untrusted_app_all simpleperf:process signal;
-# Allow running a VM for test/demo purposes
-userdebug_or_eng(`
- virtualizationservice_use(untrusted_app_all)
-')
-
with_native_coverage(`
# Allow writing coverage information to /data/misc/trace
allow domain method_trace_data_file:dir create_dir_perms;
diff --git a/public/service.te b/public/service.te
index 9cc3189..56ac649 100644
--- a/public/service.te
+++ b/public/service.te
@@ -43,7 +43,7 @@
type system_suspend_control_service, service_manager_type;
type update_engine_service, service_manager_type;
type update_engine_stable_service, service_manager_type;
-type virtualization_service, app_api_service, service_manager_type;
+type virtualization_service, service_manager_type;
type virtual_touchpad_service, service_manager_type;
type vold_service, service_manager_type;
type vr_hwc_service, service_manager_type;