Add virtualizationservice.state.last_cid It is a system property that keeps the last CID used by the virtualizationservice. Although the information is local to the process, a new system property is justified because the information has to be kept across multiple runs of the process. A file however is not desirable because the information shouldn't be persisted. Bug: 196015427 Test: atest MicrodroidHostTestCases Change-Id: If8ca4b6ad8d9c8cb3bb33dc9ef45de0ae6481d15

commit: b804de2943e43463db795fa8ea29466e0c4172cf [log] [tgz]
author: Jiyong Park <jiyong@google.com> Thu Sep 16 21:06:20 2021 +0900
committer: Jiyong Park <jiyong@google.com> Fri Sep 17 09:35:58 2021 +0900
tree: 36cf61e61e73366adc533e9cbd36429ca67c32ee
parent: e494c51bc9e261a666cfc1ef57c1a8cd48f06321 [diff] [blame]
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index 0c09509..3b23449 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te

@@ -54,3 +54,11 @@
 
 # Let virtualizationservice to accept vsock connection from the guest VMs
 allow virtualizationservice self:vsock_socket { create_socket_perms_no_ioctl listen accept };
+
+# Allow virtualizationservice to read/write its own sysprop. Only the process can do so.
+set_prop(virtualizationservice, virtualizationservice_prop)
+neverallow {
+  domain
+  -init
+  -virtualizationservice
+} virtualizationservice_prop:property_service set;
commit	b804de2943e43463db795fa8ea29466e0c4172cf	[log] [tgz]
author	Jiyong Park <jiyong@google.com>	Thu Sep 16 21:06:20 2021 +0900
committer	Jiyong Park <jiyong@google.com>	Fri Sep 17 09:35:58 2021 +0900
tree	36cf61e61e73366adc533e9cbd36429ca67c32ee
parent	e494c51bc9e261a666cfc1ef57c1a8cd48f06321 [diff] [blame]