Merge "Implement compat file generator"

commit: f7a825bc46f814ea0d8ef4400c32f7d5bda0a6d4 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Mon Feb 07 06:15:18 2022 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Mon Feb 07 06:15:18 2022 +0000
tree: 3a1056bd097d5754808106142437595eeb27d14a
parent: b20cb78404c49ef0ebcade21c0457e86fd0b40d9 [diff]
parent: 9eadc832209b308439b7ff5941a3976c42bf9739 [diff]
diff --git a/private/crosvm.te b/private/crosvm.te
index ec58875..426cb28 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te

@@ -89,3 +89,10 @@
   -app_data_file
   userdebug_or_eng(`-shell_data_file')
 }:file read;
+
+# Only virtualizationservice can run crosvm
+neverallow {
+  domain
+  -crosvm
+  -virtualizationservice
+} crosvm_exec:file no_x_file_perms;
commit	f7a825bc46f814ea0d8ef4400c32f7d5bda0a6d4	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Mon Feb 07 06:15:18 2022 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Mon Feb 07 06:15:18 2022 +0000
tree	3a1056bd097d5754808106142437595eeb27d14a
parent	b20cb78404c49ef0ebcade21c0457e86fd0b40d9 [diff]
parent	9eadc832209b308439b7ff5941a3976c42bf9739 [diff]