| Andrew Walbran | 4b80a3f | 2021-05-21 13:21:43 +0000 | [diff] [blame] | 1 | type virtualizationservice, domain, coredomain; |
| 2 | type virtualizationservice_exec, system_file_type, exec_type, file_type; |
| 3 | |
| David Brazdil | 55d808c | 2022-12-15 13:38:42 +0000 | [diff] [blame^] | 4 | # The domain needs to be a 'mlstrustedsubject' to change the memlock rlimit of |
| 5 | # the virtualizationmanager domain running at a more constrained MLS level. |
| 6 | typeattribute virtualizationservice mlstrustedsubject; |
| 7 | |
| Andrew Walbran | 4b80a3f | 2021-05-21 13:21:43 +0000 | [diff] [blame] | 8 | # When init runs a file labelled with virtualizationservice_exec, run it in the |
| 9 | # virtualizationservice domain. |
| 10 | init_daemon_domain(virtualizationservice) |
| 11 | |
| 12 | # Let the virtualizationservice domain use Binder. |
| 13 | binder_use(virtualizationservice) |
| 14 | |
| 15 | # Let the virtualizationservice domain register the virtualization_service with ServiceManager. |
| 16 | add_service(virtualizationservice, virtualization_service) |
| 17 | |
| David Brazdil | 55d808c | 2022-12-15 13:38:42 +0000 | [diff] [blame^] | 18 | # Let virtualizationservice remove memlock rlimit of virtualizationmanager. This is necessary |
| 19 | # to mlock VM memory and page tables. |
| David Brazdil | 88f98d9 | 2022-10-28 13:57:58 +0100 | [diff] [blame] | 20 | allow virtualizationservice self:capability sys_resource; |
| David Brazdil | 55d808c | 2022-12-15 13:38:42 +0000 | [diff] [blame^] | 21 | allow virtualizationservice virtualizationmanager:process setrlimit; |
| David Brazdil | 88f98d9 | 2022-10-28 13:57:58 +0100 | [diff] [blame] | 22 | |
| David Brazdil | 55d808c | 2022-12-15 13:38:42 +0000 | [diff] [blame^] | 23 | # Let virtualizationservice set the owner of a VM's temporary directory. |
| 24 | allow virtualizationservice self:capability chown; |
| Andrew Walbran | 4b80a3f | 2021-05-21 13:21:43 +0000 | [diff] [blame] | 25 | |
| David Brazdil | 55d808c | 2022-12-15 13:38:42 +0000 | [diff] [blame^] | 26 | # Let virtualizationservice create and delete temporary directories of VMs. To remove old |
| 27 | # directories, it needs the permission to unlink the files created by virtualizationmanager. |
| Andrew Walbran | 4b80a3f | 2021-05-21 13:21:43 +0000 | [diff] [blame] | 28 | allow virtualizationservice virtualizationservice_data_file:dir create_dir_perms; |
| David Brazdil | 55d808c | 2022-12-15 13:38:42 +0000 | [diff] [blame^] | 29 | allow virtualizationservice virtualizationservice_data_file:{ file sock_file } unlink; |
| Keir Fraser | ad58b8d | 2022-07-11 14:27:40 +0000 | [diff] [blame] | 30 | |
| Jiyong Park | 5e20d83 | 2021-07-12 21:11:33 +0900 | [diff] [blame] | 31 | # Allow to use fd (e.g. /dev/pts/0) inherited from adbd so that we can redirect output from |
| 32 | # crosvm to the console |
| 33 | allow virtualizationservice adbd:fd use; |
| 34 | allow virtualizationservice adbd:unix_stream_socket { read write }; |
| Andrew Walbran | 9b2fa1b | 2021-07-01 15:58:26 +0000 | [diff] [blame] | 35 | |
| David Brazdil | 55d808c | 2022-12-15 13:38:42 +0000 | [diff] [blame^] | 36 | # Let virtualizationservice to accept vsock connection from the guest VMs to singleton services |
| 37 | # such as the guest tombstone server. |
| Jiyong Park | f408371 | 2021-07-10 14:35:06 +0900 | [diff] [blame] | 38 | allow virtualizationservice self:vsock_socket { create_socket_perms_no_ioctl listen accept }; |
| Jiyong Park | b804de2 | 2021-09-16 21:06:20 +0900 | [diff] [blame] | 39 | |
| 40 | # Allow virtualizationservice to read/write its own sysprop. Only the process can do so. |
| 41 | set_prop(virtualizationservice, virtualizationservice_prop) |
| Alan Stokes | 3fad86b | 2022-01-04 17:34:53 +0000 | [diff] [blame] | 42 | |
| Alan Stokes | 8a881c1 | 2022-01-21 12:18:08 +0000 | [diff] [blame] | 43 | # Allow writing stats to statsd |
| 44 | unix_socket_send(virtualizationservice, statsdw, statsd) |
| 45 | |
| Shikha Panwar | a9f1dc9 | 2022-03-24 09:05:59 +0000 | [diff] [blame] | 46 | # Allow virtualization service to talk to tombstoned to push guest tombstones |
| 47 | unix_socket_connect(virtualizationservice, tombstoned_crash, tombstoned) |
| 48 | |
| 49 | # Append to tombstone files passed as fds from tombstoned |
| 50 | allow virtualizationservice tombstone_data_file:file { append getattr }; |
| 51 | allow virtualizationservice tombstoned:fd use; |
| 52 | |
| Jiyong Park | b804de2 | 2021-09-16 21:06:20 +0900 | [diff] [blame] | 53 | neverallow { |
| 54 | domain |
| 55 | -init |
| 56 | -virtualizationservice |
| 57 | } virtualizationservice_prop:property_service set; |
| Alan Stokes | 991087c | 2022-08-31 16:09:44 +0100 | [diff] [blame] | 58 | |
| 59 | neverallow { |
| 60 | domain |
| 61 | -init |
| David Brazdil | 55d808c | 2022-12-15 13:38:42 +0000 | [diff] [blame^] | 62 | -virtualizationmanager |
| Alan Stokes | 991087c | 2022-08-31 16:09:44 +0100 | [diff] [blame] | 63 | -virtualizationservice |
| 64 | } virtualizationservice_data_file:file { open create }; |
| David Brazdil | 55d808c | 2022-12-15 13:38:42 +0000 | [diff] [blame^] | 65 | |
| 66 | neverallow virtualizationservice { |
| 67 | domain |
| 68 | -virtualizationmanager |
| 69 | -virtualizationservice |
| 70 | }:process setrlimit; |