| Jeongik Cha | 77a3ca6 | 2024-04-09 15:02:28 +0900 | [diff] [blame] | 1 | type vmlauncher_app, domain; |
| 2 | typeattribute vmlauncher_app coredomain; |
| 3 | |
| 4 | app_domain(vmlauncher_app) |
| Jeongik Cha | fd12807 | 2024-09-20 18:08:17 +0900 | [diff] [blame] | 5 | net_domain(vmlauncher_app) |
| Jeongik Cha | 77a3ca6 | 2024-04-09 15:02:28 +0900 | [diff] [blame] | 6 | |
| 7 | allow vmlauncher_app app_api_service:service_manager find; |
| 8 | allow vmlauncher_app system_api_service:service_manager find; |
| 9 | |
| 10 | allow vmlauncher_app shell_data_file:dir search; |
| 11 | allow vmlauncher_app shell_data_file:file { read open write }; |
| 12 | virtualizationservice_use(vmlauncher_app) |
| 13 | |
| 14 | is_flag_enabled(RELEASE_AVF_SUPPORT_CUSTOM_VM_WITH_PARAVIRTUALIZED_DEVICES, ` |
| 15 | # TODO(b/332677707): remove them when display service uses binder RPC. |
| 16 | allow vmlauncher_app virtualization_service:service_manager find; |
| 17 | allow vmlauncher_app virtualizationservice:binder call; |
| 18 | allow vmlauncher_app crosvm:binder { call transfer }; |
| 19 | ') |
| Yi-Yo Chiang | 15bdfcb | 2024-05-10 18:01:47 +0800 | [diff] [blame] | 20 | |
| 21 | userdebug_or_eng(` |
| 22 | # Create pty/pts and connect it to the guest terminal. |
| 23 | create_pty(vmlauncher_app) |
| 24 | # Allow other processes to access the pts. |
| 25 | allow vmlauncher_app vmlauncher_app_devpts:chr_file setattr; |
| 26 | ') |