Blame - private/vmlauncher_app.te - android_system_sepolicy

blob: 6c398a28926bf74ec776f5f0038790fb6ed738c3 [file] [log] [blame]

Jeongik Cha	77a3ca6	2024-04-09 15:02:28 +0900	[diff] [blame]	1	type vmlauncher_app, domain;
				2	typeattribute vmlauncher_app coredomain;
				3
				4	app_domain(vmlauncher_app)
Jeongik Cha	fd12807	2024-09-20 18:08:17 +0900	[diff] [blame]	5	net_domain(vmlauncher_app)
Jeongik Cha	77a3ca6	2024-04-09 15:02:28 +0900	[diff] [blame]	6
				7	allow vmlauncher_app app_api_service:service_manager find;
				8	allow vmlauncher_app system_api_service:service_manager find;
				9
Jaewan Kim	4a58973	2025-03-10 23:20:22 +0900	[diff] [blame]	10	# TODO(b/402303887): Remove this when WebView doesn't requires camera access.
				11	allow vmlauncher_app cameraserver_service:service_manager find;
				12
Jeongik Cha	77a3ca6	2024-04-09 15:02:28 +0900	[diff] [blame]	13	allow vmlauncher_app shell_data_file:dir search;
				14	allow vmlauncher_app shell_data_file:file { read open write };
				15	virtualizationservice_use(vmlauncher_app)
				16
Akilesh Kailash	0acb511	2024-10-14 22:58:41 -0700	[diff] [blame]	17	allow vmlauncher_app fsck_exec:file { r_file_perms execute execute_no_trans };
Akilesh Kailash	e7cd0eb	2024-11-30 08:10:11 -0800	[diff] [blame]	18	allow vmlauncher_app crosvm:fd use;
				19	allow vmlauncher_app crosvm_tmpfs:file { map read write };
Jiyong Park	7ebed47	2025-03-01 10:24:56 -0800	[diff] [blame]	20	allow vmlauncher_app crosvm_exec:file rx_file_perms;
Akilesh Kailash	e7cd0eb	2024-11-30 08:10:11 -0800	[diff] [blame]	21
				22	allow vmlauncher_app privapp_data_file:sock_file { create unlink write getattr };
Akilesh Kailash	0acb511	2024-10-14 22:58:41 -0700	[diff] [blame]	23
Jeongik Cha	77a3ca6	2024-04-09 15:02:28 +0900	[diff] [blame]	24	is_flag_enabled(RELEASE_AVF_SUPPORT_CUSTOM_VM_WITH_PARAVIRTUALIZED_DEVICES, `
				25	# TODO(b/332677707): remove them when display service uses binder RPC.
				26	allow vmlauncher_app virtualization_service:service_manager find;
				27	allow vmlauncher_app virtualizationservice:binder call;
				28	allow vmlauncher_app crosvm:binder { call transfer };
				29	')
Yi-Yo Chiang	15bdfcb	2024-05-10 18:01:47 +0800	[diff] [blame]	30
Seungjae Yoo	d1d6602	2024-10-31 10:08:37 +0900	[diff] [blame]	31	is_flag_enabled(RELEASE_AVF_ENABLE_NETWORK, `
				32	allow vmlauncher_app self:vsock_socket { create_socket_perms_no_ioctl listen accept };
				33	')
				34
Yi-Yo Chiang	15bdfcb	2024-05-10 18:01:47 +0800	[diff] [blame]	35	userdebug_or_eng(`
				36	# Create pty/pts and connect it to the guest terminal.
				37	create_pty(vmlauncher_app)
				38	# Allow other processes to access the pts.
				39	allow vmlauncher_app vmlauncher_app_devpts:chr_file setattr;
				40	')
Jaewan Kim	aff35ea	2024-10-14 17:00:52 +0900	[diff] [blame]	41
				42	# TODO(b/372664601): Remove this when we don't need linux_vm_setup
				43	set_prop(vmlauncher_app, debug_prop);