Open virtmgr / crosvm / libavf for vendor clients
Vendor domains are required to customize SEPolicy to use AVF. This
allows vendors to use virtualizationservice_use and early_virtmgr_use
macros, and to link against libavf.
Bug: 384424151
Test: run a VM from vendor clients
Change-Id: I6f6edca0a926f2cc8521b14a997b9b96f23926de
diff --git a/private/compat/202404/202404.ignore.cil b/private/compat/202404/202404.ignore.cil
index 1c108cf..2284bb3 100644
--- a/private/compat/202404/202404.ignore.cil
+++ b/private/compat/202404/202404.ignore.cil
@@ -26,4 +26,7 @@
dynamic_instrumentation_service
intrusion_detection_service
wifi_mainline_supplicant_service
+ crosvm
+ early_virtmgr
+ virtualizationmanager
))
diff --git a/private/crosvm.te b/private/crosvm.te
index 750df24..a377e7a 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te
@@ -1,4 +1,7 @@
-type crosvm, domain, coredomain;
+until_board_api(202504, `
+ type crosvm, domain, coredomain;
+')
+
type crosvm_exec, system_file_type, exec_type, file_type;
type crosvm_tmpfs, file_type;
diff --git a/private/domain.te b/private/domain.te
index 4563895..684cc9e 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -1170,6 +1170,8 @@
# Vendor components still can invoke shell commands via /system/bin/sh
-shell_exec
-toolbox_exec
+ -virtualizationmanager_exec
+ is_flag_enabled(RELEASE_AVF_ENABLE_EARLY_VM, `-early_virtmgr_exec')
}:file { entrypoint execute execute_no_trans };
')
@@ -1254,6 +1256,8 @@
# Vendor components still can invoke shell commands via /system/bin/sh
-shell_exec
-toolbox_exec
+ -virtualizationmanager_exec
+ is_flag_enabled(RELEASE_AVF_ENABLE_EARLY_VM, `-early_virtmgr_exec')
}:file *;
')
diff --git a/private/early_virtmgr.te b/private/early_virtmgr.te
index e244be2..d1579fe 100644
--- a/private/early_virtmgr.te
+++ b/private/early_virtmgr.te
@@ -1,8 +1,8 @@
is_flag_enabled(RELEASE_AVF_ENABLE_EARLY_VM, `
- # Domain for a child process that manages early VMs available before /data mount, on behalf of
- # its parent.
- type early_virtmgr, domain, coredomain;
- type early_virtmgr_exec, system_file_type, exec_type, file_type;
+ until_board_api(202504, `
+ type early_virtmgr, domain, coredomain;
+ type early_virtmgr_exec, system_file_type, exec_type, file_type;
+ ')
use_bootstrap_libs(early_virtmgr)
diff --git a/private/virtualizationmanager.te b/private/virtualizationmanager.te
index ca72279..259c402 100644
--- a/private/virtualizationmanager.te
+++ b/private/virtualizationmanager.te
@@ -1,7 +1,7 @@
-# Domain for a child process that manages virtual machines on behalf of its parent.
-
-type virtualizationmanager, domain, coredomain;
-type virtualizationmanager_exec, system_file_type, exec_type, file_type;
+until_board_api(202504, `
+ type virtualizationmanager, domain, coredomain;
+ type virtualizationmanager_exec, system_file_type, exec_type, file_type;
+')
# Allow virtualizationmanager to communicate use, read and write over the adb connection.
allow virtualizationmanager adbd:fd use;