Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / f16527f6cf50430064f802dcc6f335e6cbbdfbc2^! / .
commitf16527f6cf50430064f802dcc6f335e6cbbdfbc2[log] [tgz]
authorJeff Vander Stoep <jeffv@google.com>Thu Mar 25 22:22:05 2021 +0100
committerJeff Vander Stoep <jeffv@google.com>Thu Mar 25 22:22:05 2021 +0100
treeae9cb4b739df1e828bae1448a40673954db7a282
parent002d9262fa7bf723a9a30e8403fa69cb9031302f [diff]
virtmanager: add selinux domain

Address any denials in the log - currently just adding
the virtualization service.

Bug: 183583115
Test: ps -AZ | grep virtmanager
u: r:virtmanager:s0             virtmanager   2453     1 10930880  4544 0                   0 S virtmanager
Change-Id: Ie034dcc3b1dbee610c591220358065b8508d81cf

diff --git a/apex/com.android.virt-file_contexts b/apex/com.android.virt-file_contexts
index 83b4b58..fe91fa2 100644
--- a/apex/com.android.virt-file_contexts
+++ b/apex/com.android.virt-file_contexts

@@ -1 +1,2 @@
 (/.*)?                   u:object_r:system_file:s0
+/bin/virtmanager         u:object_r:virtmanager_exec:s0

diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 3e66106..2a827d8 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil

@@ -120,6 +120,7 @@
     userspace_reboot_metadata_file
     vcn_management_service
     vibrator_manager_service
+    virtualization_service
     vpn_management_service
     vpnprofilestore_service
     watchdog_metadata_file

diff --git a/private/service_contexts b/private/service_contexts
index 826bc3a..303ecff 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -70,6 +70,7 @@
 carrier_config                            u:object_r:radio_service:s0
 clipboard                                 u:object_r:clipboard_service:s0
 com.android.net.IProxyService             u:object_r:IProxyService_service:s0
+android.system.virtmanager                u:object_r:virtualization_service:s0
 companiondevice                           u:object_r:companion_device_service:s0
 platform_compat                           u:object_r:platform_compat_service:s0
 platform_compat_native                    u:object_r:platform_compat_service:s0

diff --git a/private/virtmanager.te b/private/virtmanager.te
new file mode 100644
index 0000000..b2331d4
--- /dev/null
+++ b/private/virtmanager.te

@@ -0,0 +1,8 @@
+type virtmanager, domain, coredomain;
+type virtmanager_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(virtmanager)
+
+binder_use(virtmanager)
+
+add_service(virtmanager, virtualization_service)

diff --git a/public/service.te b/public/service.te
index e618cdb..a69118e 100644
--- a/public/service.te
+++ b/public/service.te

@@ -40,6 +40,7 @@
 type system_suspend_control_service, service_manager_type;
 type update_engine_service,     service_manager_type;
 type update_engine_stable_service, service_manager_type;
+type virtualization_service,    service_manager_type;
 type virtual_touchpad_service,  service_manager_type;
 type vold_service,              service_manager_type;
 type vpnprofilestore_service,   service_manager_type;