commit f60a1e0b905b5314794547ac792b347af1517985
author Seungjae Yoo <seungjaeyoo@google.com> Mon May 20 14:15:22 2024 +0900
committer Seungjae Yoo <seungjaeyoo@google.com> Mon May 20 14:15:22 2024 +0900
tree eea7c771d9ac323fd3e826ea2483addc8c79f975
parent 60f55289f88da59391e248a4df22f1993aebd4e7

Set sepolicy for vmnic in AVF

Bug: 340376951
Test: Presubmit
Change-Id: I5f48ff4a459805de2f74d160c1b61473c6de0466

private/virtualizationservice.te

diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index 99c2a3b..a72f30f 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te
@@ -24,6 +24,12 @@
     binder_call(virtualizationservice, vfio_handler)
 ')
 
+is_flag_enabled(RELEASE_AVF_ENABLE_NETWORK, `
+    # Let virtualizationservice find and communicate with vmnic.
+    allow virtualizationservice vmnic_service:service_manager find;
+    binder_call(virtualizationservice, vmnic)
+')
+
 # Allow the virtualizationservice domain to serve a remotely provisioned component for
 # pVM remote attestation.
 hal_server_domain(virtualizationservice, hal_remotelyprovisionedcomponent_avf)