Disallow microdroid from running arbitrary domains
Test: atest MicrodroidHostTestCases
Test: atest ComposHostTestCases
Change-Id: I43bf09d85efa4276e929babd854c49ccedfd8058
diff --git a/microdroid/system/private/microdroid_manager.te b/microdroid/system/private/microdroid_manager.te
index fa7f12c..ac81c90 100644
--- a/microdroid/system/private/microdroid_manager.te
+++ b/microdroid/system/private/microdroid_manager.te
@@ -15,12 +15,6 @@
domain_auto_trans(microdroid_manager, microdroid_app_exec, microdroid_app)
domain_auto_trans(microdroid_manager, compos_exec, compos)
-# Let microdroid_manager exec other files (e.g. payload command) in the same domain.
-# TODO(b/189706019) we need to a domain for the app process.
-allow microdroid_manager system_file:file execute_no_trans;
-# Until then, allow microdroid_manager to execute the shell or other system executables.
-allow microdroid_manager {shell_exec toolbox_exec}:file rx_file_perms;
-
# Let microdroid_manager kernel-log.
allow microdroid_manager kmsg_device:chr_file w_file_perms;
@@ -28,11 +22,12 @@
set_prop(microdroid_manager, vmsecret_keymint_prop);
# Let microdroid_manager read a config file from /mnt/apk (fusefs)
-# TODO(b/188400186) remove the below two rules
+# TODO(b/188400186) remove the below rule
userdebug_or_eng(`
- allow microdroid_manager fuse:dir r_dir_perms;
- allow microdroid_manager fuse:file rx_file_perms;
+ r_dir_file(microdroid_manager, fuse)
')
# Let microdroid_manager to create a vsock connection back to the host VM
allow microdroid_manager self:vsock_socket { create_socket_perms_no_ioctl };
+
+neverallow microdroid_manager { file_type fs_type }:file execute_no_trans;