vendor_microdroid_file shouldn't be overwrited
If malicious process in the host overwrites microdroid vendor image,
unexpected behavior could be happened.
Bug: 285854379
Test: adb shell /apex/com.android.virt/bin/vm run-microdroid --vendor /vendor/etc/avf/microdroid/microdroid_vendor.img
Change-Id: I18ce5112b75b2793c85bb59c137715beb602a5f3
diff --git a/private/virtualizationmanager.te b/private/virtualizationmanager.te
index 871d3f2..40d95c6 100644
--- a/private/virtualizationmanager.te
+++ b/private/virtualizationmanager.te
@@ -97,6 +97,10 @@
# Allow virtualizationmanager to read microdroid related files in vendor partition
r_dir_file(virtualizationmanager, vendor_microdroid_file)
+# Do not allow writing vendor_microdroid_file from any process.
+neverallow { domain recovery_only(`userdebug_or_eng(`-fastbootd')') } vendor_microdroid_file:dir no_w_dir_perms;
+neverallow { domain recovery_only(`userdebug_or_eng(`-fastbootd')') } vendor_microdroid_file:file no_w_file_perms;
+
# Allow reading files under /proc/[crosvm pid]/, for collecting CPU & memory usage inside VM.
r_dir_file(virtualizationmanager, crosvm);
diff --git a/public/file.te b/public/file.te
index 142e167..01143f7 100644
--- a/public/file.te
+++ b/public/file.te
@@ -256,6 +256,7 @@
# system. ABI stability of these libs is vendor's responsibility.
type vendor_public_framework_file, vendor_file_type, file_type;
# Type for all microdroid related files in the vendor partition.
+# Files having this type should be read-only.
type vendor_microdroid_file, vendor_file_type, file_type;
# Input configuration