Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / c0b4a91a90885033263ee8261593a0445bc9c75a^! / .
commitc0b4a91a90885033263ee8261593a0445bc9c75a[log] [tgz]
authorAndrew Walbran <qwandor@google.com>Thu Aug 05 14:09:52 2021 +0000
committerAndrew Walbran <qwandor@google.com>Fri Aug 06 13:57:17 2021 +0000
treed55e2a4ef257adc1029f577af6d7a005b31eff1d
parent1644afe507c8b2840ecc502dc8da6de7712e4570 [diff]
crosvm now takes all files by FD.

Bug: 192256642
Test: `atest VirtualizationTestCases MicrodroidHostTestCases` on Cuttlefish
Change-Id: I8de557269ba56095b0264a65035296627fba8145

diff --git a/private/crosvm.te b/private/crosvm.te
index 7426ef9..95f09bb 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te

@@ -31,14 +31,9 @@
 # Allow searching the directory where the composite disk images are.
 allow crosvm virtualizationservice_data_file:dir search;
 
-# TODO(b/193402941) delete this. This for now is required because crosvm needs to open the files for
-# the GPT headers of the composite disks.
-allow crosvm virtualizationservice_data_file:file open;
-
 # Don't allow crosvm to open files that it doesn't own.
 neverallow crosvm {
-  #TODO(b/193402941) uncomment the following line
-  #virtualizationservice_data_file
+  virtualizationservice_data_file
   staging_data_file
   apk_data_file
   app_data_file

diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index f92c94f..c51b995 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te

@@ -9,8 +9,6 @@
 binder_use(virtualizationservice)
 # ... and host a binder service
 binder_service(virtualizationservice)
-# It needs to call back to app
-binder_call(virtualizationservice, appdomain)
 
 # Allow calling into the system server so that it can check permissions.
 binder_call(virtualizationservice, system_server)
@@ -36,6 +34,8 @@
 define(`virtualizationservice_use', `
 # Let the client call virtualizationservice.
 binder_call($1, virtualizationservice)
+# Let virtualizationservice call back to the client.
+binder_call(virtualizationservice, $1)
 # Let the client pass file descriptors to virtualizationservice.
 allow virtualizationservice $1:fd use;
 ')
@@ -43,7 +43,9 @@
 # Let the shell user call virtualizationservice (and virtualizationservice call back to shell) for
 # debugging.
 virtualizationservice_use(shell)
-binder_call(virtualizationservice, shell)
+
+# Let apps use virtualizationservice.
+virtualizationservice_use(appdomain)
 
 # Allow to use fd (e.g. /dev/pts/0) inherited from adbd so that we can redirect output from
 # crosvm to the console