Merge "Microdroid boot process is controlled by microdroid_manager"
diff --git a/microdroid/system/private/apkdmverity.te b/microdroid/system/private/apkdmverity.te
index 8974a1d..0c0ef41 100644
--- a/microdroid/system/private/apkdmverity.te
+++ b/microdroid/system/private/apkdmverity.te
@@ -6,6 +6,10 @@
# allow domain transition from init
init_daemon_domain(apkdmverity)
+# apkdmverity is using bootstrap bionic
+allow apkdmverity system_bootstrap_lib_file:dir r_dir_perms;
+allow apkdmverity system_bootstrap_lib_file:file { execute read open getattr map };
+
# apkdmverity accesses "payload metadata disk" which points to
# a /dev/vd* block device file.
allow apkdmverity block_device:dir r_dir_perms;
@@ -20,6 +24,9 @@
# allow apkdmverity to create loop devices with /dev/loop-control
allow apkdmverity loop_control_device:chr_file rw_file_perms;
+# allow apkdmverity to read the roothash passed from microdroid_manager
+get_prop(apkdmverity, microdroid_manager_roothash_prop)
+
# allow apkdmverity to access loop devices
allow apkdmverity loop_device:blk_file rw_file_perms;
allowxperm apkdmverity loop_device:blk_file ioctl {
diff --git a/microdroid/system/private/domain.te b/microdroid/system/private/domain.te
index a3dfb27..ac5ad6c 100644
--- a/microdroid/system/private/domain.te
+++ b/microdroid/system/private/domain.te
@@ -218,9 +218,13 @@
allow domain self:global_capability_class_set audit_control;
allow domain self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_write };
-# workaround for supressing property accesses.
-# TODO: remove these
-set_prop(domain, property_type -vmsecret_keymint_prop)
+# workaround for suppressing property accesses.
+# TODO(b/199007910): remove these
+set_prop(domain, {
+ property_type
+ -vmsecret_keymint_prop
+ -microdroid_manager_roothash_prop
+})
# auditallow { domain -init } property_type:property_service set;
# auditallow { domain -init } property_type:file rw_file_perms;
diff --git a/microdroid/system/private/microdroid_manager.te b/microdroid/system/private/microdroid_manager.te
index 893469c..f1d3140 100644
--- a/microdroid/system/private/microdroid_manager.te
+++ b/microdroid/system/private/microdroid_manager.te
@@ -44,4 +44,14 @@
IOCTL_VM_SOCKETS_GET_LOCAL_CID
};
+# Allow microdroid_manager to start the services apkdmverity and zipfuse
+set_prop(microdroid_manager, ctl_apkdmverity_prop)
+set_prop(microdroid_manager, ctl_zipfuse_prop)
+
+# Allow microdroid_manager to wait for linkerconfig to be ready
+get_prop(microdroid_manager, apex_config_prop)
+
+# Allow microdroid_manager to pass the roothash to apkdmverity
+set_prop(microdroid_manager, microdroid_manager_roothash_prop)
+
neverallow microdroid_manager { file_type fs_type }:file execute_no_trans;
diff --git a/microdroid/system/private/property.te b/microdroid/system/private/property.te
index d3d413e..58942b6 100644
--- a/microdroid/system/private/property.te
+++ b/microdroid/system/private/property.te
@@ -14,3 +14,18 @@
-microdroid_manager
-hal_keymint_server
} vmsecret_keymint_prop:file no_rw_file_perms;
+
+# microdroid_manager_roothash_prop can only be set by microdroid_manager
+# and read by apkdmverity
+neverallow {
+ domain
+ -init
+ -microdroid_manager
+} microdroid_manager_roothash_prop:property_service set;
+
+neverallow {
+ domain
+ -init
+ -microdroid_manager
+ -apkdmverity
+} microdroid_manager_roothash_prop:file no_rw_file_perms;
diff --git a/microdroid/system/private/property_contexts b/microdroid/system/private/property_contexts
index 61cd68d..f2ce09a 100644
--- a/microdroid/system/private/property_contexts
+++ b/microdroid/system/private/property_contexts
@@ -21,6 +21,9 @@
ctl.stop$apexd u:object_r:ctl_apexd_prop:s0
+ctl.start$apkdmverity u:object_r:ctl_apkdmverity_prop:s0
+ctl.start$zipfuse u:object_r:ctl_zipfuse_prop:s0
+
ctl.fuse_ u:object_r:ctl_fuse_prop:s0
ctl.console u:object_r:ctl_console_prop:s0
ctl. u:object_r:ctl_default_prop:s0
@@ -97,3 +100,7 @@
ro.apex.updatable u:object_r:exported_default_prop:s0 exact bool
keystore.boot_level u:object_r:keystore_listen_prop:s0 exact int
+
+apex_config.done u:object_r:apex_config_prop:s0 exact bool
+
+microdroid_manager.apk_roothash u:object_r:microdroid_manager_roothash_prop:s0 exact string
diff --git a/microdroid/system/public/property.te b/microdroid/system/public/property.te
index f5dc758..577353a 100644
--- a/microdroid/system/public/property.te
+++ b/microdroid/system/public/property.te
@@ -5,6 +5,7 @@
type cold_boot_done_prop, property_type;
type ctl_adbd_prop, property_type;
type ctl_apexd_prop, property_type;
+type ctl_apkdmverity_prop, property_type;
type ctl_console_prop, property_type;
type ctl_default_prop, property_type;
type ctl_fuse_prop, property_type;
@@ -15,6 +16,7 @@
type ctl_sigstop_prop, property_type;
type ctl_start_prop, property_type;
type ctl_stop_prop, property_type;
+type ctl_zipfuse_prop, property_type;
type debug_prop, property_type;
type default_prop, property_type;
type exported_default_prop, property_type;
@@ -31,6 +33,8 @@
type usb_control_prop, property_type;
type vendor_default_prop, property_type;
type vmsecret_keymint_prop, property_type;
+type apex_config_prop, property_type;
+type microdroid_manager_roothash_prop, property_type;
allow property_type tmpfs:filesystem associate;