[rpc_binder] Enable connection with vm_payload_service Bug: 222479468 Test: atest MicrodroidTests Change-Id: I85d4d2e2272143b0a1b044c307792feffde4cdf6

commit: a818fa2ee28f8d2487101801be7648062fdc4ec7 [log] [tgz]
author: Alice Wang <aliceywang@google.com> Tue Oct 25 09:42:39 2022 +0000
committer: Alice Wang <aliceywang@google.com> Thu Nov 10 08:00:36 2022 +0000
tree: b0e93b16da069c5c84449461f0d320929444ef23
parent: 9691a41b0a9d84177f87c6b6f86c0c633df5fa3d [diff]
diff --git a/microdroid/system/private/compos_key_helper.te b/microdroid/system/private/compos_key_helper.te
index 8ec131c..c9d7647 100644
--- a/microdroid/system/private/compos_key_helper.te
+++ b/microdroid/system/private/compos_key_helper.te

@@ -17,3 +17,6 @@
 
 # Write to /dev/kmsg.
 allow compos_key_helper kmsg_device:chr_file rw_file_perms;
+
+# Communicate with microdroid manager to get DICE information
+unix_socket_connect(compos_key_helper, vm_payload_service, microdroid_manager)

diff --git a/microdroid/system/private/file_contexts b/microdroid/system/private/file_contexts
index 7968ff3..13f5d0e 100644
--- a/microdroid/system/private/file_contexts
+++ b/microdroid/system/private/file_contexts

@@ -73,6 +73,7 @@
 /dev/socket/tombstoned_crash u:object_r:tombstoned_crash_socket:s0
 /dev/socket/tombstoned_java_trace u:object_r:tombstoned_java_trace_socket:s0
 /dev/socket/tombstoned_intercept u:object_r:tombstoned_intercept_socket:s0
+/dev/socket/vm_payload_service u:object_r:vm_payload_service_socket:s0
 /dev/sys/block/by-name/userdata(/.*)?	u:object_r:userdata_sysdev:s0
 /dev/sys/fs/by-name/userdata(/.*)?	u:object_r:userdata_sysdev:s0
 /dev/tty		u:object_r:owntty_device:s0

diff --git a/microdroid/system/private/microdroid_payload.te b/microdroid/system/private/microdroid_payload.te
index 1375442..9ac4697 100644
--- a/microdroid/system/private/microdroid_payload.te
+++ b/microdroid/system/private/microdroid_payload.te

@@ -59,3 +59,6 @@
 # Allow use of virtual_machine_payload_service.
 allow microdroid_payload vm_payload_binder_service:service_manager find;
 binder_call(microdroid_payload, microdroid_manager)
+
+# Allow payload to communicate with microdroid manager
+unix_socket_connect(microdroid_payload, vm_payload_service, microdroid_manager)

diff --git a/microdroid/system/public/file.te b/microdroid/system/public/file.te
index 47d29aa..8ed60fb 100644
--- a/microdroid/system/public/file.te
+++ b/microdroid/system/public/file.te

@@ -43,6 +43,7 @@
 type vendor_data_file, file_type, data_file_type;
 type vendor_file, file_type, vendor_file_type;
 type vendor_service_contexts_file, vendor_file_type, file_type;
+type vm_payload_service_socket, file_type, coredomain_socket;
 
 # file system types
 type binderfs, fs_type;
commit	a818fa2ee28f8d2487101801be7648062fdc4ec7	[log] [tgz]
author	Alice Wang <aliceywang@google.com>	Tue Oct 25 09:42:39 2022 +0000
committer	Alice Wang <aliceywang@google.com>	Thu Nov 10 08:00:36 2022 +0000
tree	b0e93b16da069c5c84449461f0d320929444ef23
parent	9691a41b0a9d84177f87c6b6f86c0c633df5fa3d [diff]