| Jeongik Cha | 77a3ca6 | 2024-04-09 15:02:28 +0900 | [diff] [blame] | 1 | type vmlauncher_app, domain; |
| 2 | typeattribute vmlauncher_app coredomain; |
| 3 | |
| 4 | app_domain(vmlauncher_app) |
| Jeongik Cha | fd12807 | 2024-09-20 18:08:17 +0900 | [diff] [blame] | 5 | net_domain(vmlauncher_app) |
| Jeongik Cha | 77a3ca6 | 2024-04-09 15:02:28 +0900 | [diff] [blame] | 6 | |
| 7 | allow vmlauncher_app app_api_service:service_manager find; |
| 8 | allow vmlauncher_app system_api_service:service_manager find; |
| 9 | |
| 10 | allow vmlauncher_app shell_data_file:dir search; |
| 11 | allow vmlauncher_app shell_data_file:file { read open write }; |
| 12 | virtualizationservice_use(vmlauncher_app) |
| 13 | |
| Akilesh Kailash | 0acb511 | 2024-10-14 22:58:41 -0700 | [diff] [blame] | 14 | allow vmlauncher_app fsck_exec:file { r_file_perms execute execute_no_trans }; |
| Akilesh Kailash | e7cd0eb | 2024-11-30 08:10:11 -0800 | [diff] [blame] | 15 | allow vmlauncher_app crosvm:fd use; |
| 16 | allow vmlauncher_app crosvm_tmpfs:file { map read write }; |
| Jiyong Park | 7ebed47 | 2025-03-01 10:24:56 -0800 | [diff] [blame] | 17 | allow vmlauncher_app crosvm_exec:file rx_file_perms; |
| Akilesh Kailash | e7cd0eb | 2024-11-30 08:10:11 -0800 | [diff] [blame] | 18 | |
| 19 | allow vmlauncher_app privapp_data_file:sock_file { create unlink write getattr }; |
| Akilesh Kailash | 0acb511 | 2024-10-14 22:58:41 -0700 | [diff] [blame] | 20 | |
| Jeongik Cha | 77a3ca6 | 2024-04-09 15:02:28 +0900 | [diff] [blame] | 21 | is_flag_enabled(RELEASE_AVF_SUPPORT_CUSTOM_VM_WITH_PARAVIRTUALIZED_DEVICES, ` |
| 22 | # TODO(b/332677707): remove them when display service uses binder RPC. |
| 23 | allow vmlauncher_app virtualization_service:service_manager find; |
| 24 | allow vmlauncher_app virtualizationservice:binder call; |
| 25 | allow vmlauncher_app crosvm:binder { call transfer }; |
| 26 | ') |
| Yi-Yo Chiang | 15bdfcb | 2024-05-10 18:01:47 +0800 | [diff] [blame] | 27 | |
| Seungjae Yoo | d1d6602 | 2024-10-31 10:08:37 +0900 | [diff] [blame] | 28 | is_flag_enabled(RELEASE_AVF_ENABLE_NETWORK, ` |
| 29 | allow vmlauncher_app self:vsock_socket { create_socket_perms_no_ioctl listen accept }; |
| 30 | ') |
| 31 | |
| Yi-Yo Chiang | 15bdfcb | 2024-05-10 18:01:47 +0800 | [diff] [blame] | 32 | userdebug_or_eng(` |
| 33 | # Create pty/pts and connect it to the guest terminal. |
| 34 | create_pty(vmlauncher_app) |
| 35 | # Allow other processes to access the pts. |
| 36 | allow vmlauncher_app vmlauncher_app_devpts:chr_file setattr; |
| 37 | ') |
| Jaewan Kim | aff35ea | 2024-10-14 17:00:52 +0900 | [diff] [blame] | 38 | |
| 39 | # TODO(b/372664601): Remove this when we don't need linux_vm_setup |
| 40 | set_prop(vmlauncher_app, debug_prop); |