Allow virtualizationservice to use vsock ... to connect to the programs running in the guest VM Bug: 192904048 Test: atest MicrodroidHostTestCases Change-Id: Iccb48c14ace11cc940bb9ab1e07cc4926182e06e

commit: f408371097ec92d2322c599e25bfb2e1da36c36d [log] [tgz]
author: Jiyong Park <jiyong@google.com> Sat Jul 10 14:35:06 2021 +0900
committer: Jiyong Park <jiyong@google.com> Mon Jul 12 15:08:08 2021 +0900
tree: 5e7bb06d5049eaf4b93a6334ae9782db75fb1dd3
parent: 2abf1e293ba3b0a16b72c862770906ee3a67ba73 [diff] [blame]
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index 9b82e01..1bf14d8 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te

@@ -41,3 +41,6 @@
 allow virtualizationservice app_data_file:file { getattr read write };
 # shell_data_file is used for automated tests and manual debugging.
 allow virtualizationservice shell_data_file:file { getattr read write };
+
+# Let virtualizationservice to accept vsock connection from the guest VMs
+allow virtualizationservice self:vsock_socket { create_socket_perms_no_ioctl listen accept };
commit	f408371097ec92d2322c599e25bfb2e1da36c36d	[log] [tgz]
author	Jiyong Park <jiyong@google.com>	Sat Jul 10 14:35:06 2021 +0900
committer	Jiyong Park <jiyong@google.com>	Mon Jul 12 15:08:08 2021 +0900
tree	5e7bb06d5049eaf4b93a6334ae9782db75fb1dd3
parent	2abf1e293ba3b0a16b72c862770906ee3a67ba73 [diff] [blame]