Merge "[cleanup] Remove microdroid_service_context and its usages"

commit: ca7bbf06817024d0f2928d7c542fa1c9cf580337 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Thu Nov 24 10:35:58 2022 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Nov 24 10:35:58 2022 +0000
tree: bb439a49f583f5e440825954fb152c75464f0635
parent: d547a5a7a271078e3d8873170a8527431fa3317c [diff]
parent: 4a608c196098dfc2b8b5c8537ab6ff5bce5fa4ac [diff]
diff --git a/microdroid/system/private/domain.te b/microdroid/system/private/domain.te
index d1798a9..ec6b7f8 100644
--- a/microdroid/system/private/domain.te
+++ b/microdroid/system/private/domain.te

@@ -53,10 +53,6 @@
 # added to individual domains, but this sets safe defaults for all processes.
 allowxperm domain binder_device:chr_file ioctl { unpriv_binder_ioctls };
 
-# /dev/binderfs needs to be accessed by everyone too!
-allow domain binderfs:dir { getattr search };
-allow domain binderfs_logs_proc:dir search;
-
 allow domain ptmx_device:chr_file rw_file_perms;
 allow domain random_device:chr_file rw_file_perms;
 allow domain proc_random:dir r_dir_perms;

diff --git a/microdroid/system/private/genfs_contexts b/microdroid/system/private/genfs_contexts
index 254dbe8..14dbb90 100644
--- a/microdroid/system/private/genfs_contexts
+++ b/microdroid/system/private/genfs_contexts

@@ -360,12 +360,9 @@
 genfscon binder /binder u:object_r:binder_device:s0
 genfscon binder /hwbinder u:object_r:hwbinder_device:s0
 genfscon binder /vndbinder u:object_r:vndbinder_device:s0
-genfscon binder /binder_logs u:object_r:binderfs_logs:s0
-genfscon binder /binder_logs/proc u:object_r:binderfs_logs_proc:s0
 
 genfscon inotifyfs / u:object_r:inotify:s0
 genfscon vfat / u:object_r:vfat:s0
-genfscon binder / u:object_r:binderfs:s0
 genfscon exfat / u:object_r:exfat:s0
 genfscon debugfs / u:object_r:debugfs:s0
 genfscon fuse / u:object_r:fuse:s0

diff --git a/microdroid/system/private/microdroid_manager.te b/microdroid/system/private/microdroid_manager.te
index e1db47b..8765f75 100644
--- a/microdroid/system/private/microdroid_manager.te
+++ b/microdroid/system/private/microdroid_manager.te

@@ -51,6 +51,9 @@
 # Let microdroid_manager to create a vsock connection back to the host VM
 allow microdroid_manager self:vsock_socket { create_socket_perms_no_ioctl };
 
+# Allow microdroid_manager to read the CID of the VM.
+allow microdroid_manager vsock_device:chr_file { ioctl open read };
+
 # microdroid_manager is using bootstrap bionic
 use_bootstrap_libs(microdroid_manager)
 

diff --git a/microdroid/system/public/file.te b/microdroid/system/public/file.te
index 46ead43..5616160 100644
--- a/microdroid/system/public/file.te
+++ b/microdroid/system/public/file.te

@@ -47,9 +47,6 @@
 type vm_payload_service_socket, file_type, coredomain_socket;
 
 # file system types
-type binderfs, fs_type;
-type binderfs_logs, fs_type;
-type binderfs_logs_proc, fs_type;
 type binfmt_miscfs, fs_type;
 type cgroup, fs_type;
 type cgroup_v2, fs_type;
commit	ca7bbf06817024d0f2928d7c542fa1c9cf580337	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Thu Nov 24 10:35:58 2022 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Thu Nov 24 10:35:58 2022 +0000
tree	bb439a49f583f5e440825954fb152c75464f0635
parent	d547a5a7a271078e3d8873170a8527431fa3317c [diff]
parent	4a608c196098dfc2b8b5c8537ab6ff5bce5fa4ac [diff]