| Jeongik Cha | 77a3ca6 | 2024-04-09 15:02:28 +0900 | [diff] [blame] | 1 | type vmlauncher_app, domain; |
| 2 | typeattribute vmlauncher_app coredomain; |
| 3 | |
| 4 | app_domain(vmlauncher_app) |
| Jeongik Cha | fd12807 | 2024-09-20 18:08:17 +0900 | [diff] [blame] | 5 | net_domain(vmlauncher_app) |
| Jeongik Cha | 77a3ca6 | 2024-04-09 15:02:28 +0900 | [diff] [blame] | 6 | |
| 7 | allow vmlauncher_app app_api_service:service_manager find; |
| 8 | allow vmlauncher_app system_api_service:service_manager find; |
| 9 | |
| 10 | allow vmlauncher_app shell_data_file:dir search; |
| 11 | allow vmlauncher_app shell_data_file:file { read open write }; |
| 12 | virtualizationservice_use(vmlauncher_app) |
| 13 | |
| Akilesh Kailash | 0acb511 | 2024-10-14 22:58:41 -0700 | [diff] [blame] | 14 | allow vmlauncher_app fsck_exec:file { r_file_perms execute execute_no_trans }; |
| 15 | |
| Jeongik Cha | 77a3ca6 | 2024-04-09 15:02:28 +0900 | [diff] [blame] | 16 | is_flag_enabled(RELEASE_AVF_SUPPORT_CUSTOM_VM_WITH_PARAVIRTUALIZED_DEVICES, ` |
| 17 | # TODO(b/332677707): remove them when display service uses binder RPC. |
| 18 | allow vmlauncher_app virtualization_service:service_manager find; |
| 19 | allow vmlauncher_app virtualizationservice:binder call; |
| 20 | allow vmlauncher_app crosvm:binder { call transfer }; |
| 21 | ') |
| Yi-Yo Chiang | 15bdfcb | 2024-05-10 18:01:47 +0800 | [diff] [blame] | 22 | |
| 23 | userdebug_or_eng(` |
| 24 | # Create pty/pts and connect it to the guest terminal. |
| 25 | create_pty(vmlauncher_app) |
| 26 | # Allow other processes to access the pts. |
| 27 | allow vmlauncher_app vmlauncher_app_devpts:chr_file setattr; |
| 28 | ') |
| Jaewan Kim | aff35ea | 2024-10-14 17:00:52 +0900 | [diff] [blame] | 29 | |
| 30 | # TODO(b/372664601): Remove this when we don't need linux_vm_setup |
| 31 | set_prop(vmlauncher_app, debug_prop); |