commit ad58b8d38a429880d873824145343d4735302bb7
author Keir Fraser <keirf@google.com> Mon Jul 11 14:27:40 2022 +0000
committer Keir Fraser <keirf@google.com> Wed Oct 05 08:36:15 2022 +0000
tree 97806802d1b576e64f8a35f2091a03cd29926c60
parent 7bc1648f4a5bcaa4db4552c5a45558f464b12dc9

Allow virtualizationservice to create and manage socket files in its data folder

...and crosvm to access a listener socket when passed to it by file
descriptor from virtualizationservice.

Bug: 235579465
Test: Start a VM
Change-Id: I7e89cfb4fb8a1ce845eaea64a33dbaad6bff9969

private/virtualizationservice.te

diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index 9ae5308..6e6b459 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te
@@ -29,6 +29,9 @@
 allow virtualizationservice virtualizationservice_data_file:file create_file_perms;
 allow virtualizationservice virtualizationservice_data_file:dir create_dir_perms;
 
+# Let virtualizationservice manage crosvm control sockets.
+allow virtualizationservice virtualizationservice_data_file:sock_file create_file_perms;
+
 # Allow to use fd (e.g. /dev/pts/0) inherited from adbd so that we can redirect output from
 # crosvm to the console
 allow virtualizationservice adbd:fd use;