Merge "Revert "Add permission for VFIO device binding am: 901385f711"" into udc-dev

20 files changed, 0 insertions, 119 deletions

diff --git a/apex/com.android.virt-file_contexts b/apex/com.android.virt-file_contexts
index afe9f51c4..9c13bd5cb 100644
--- a/apex/com.android.virt-file_contexts
+++ b/apex/com.android.virt-file_contexts
@@ -3,4 +3,3 @@
 /bin/fd_server             u:object_r:fd_server_exec:s0
 /bin/virtmgr               u:object_r:virtualizationmanager_exec:s0
 /bin/virtualizationservice u:object_r:virtualizationservice_exec:s0
-/bin/vfio_handler          u:object_r:vfio_handler_exec:s0
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index 269233ad5..0d0fa76f8 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -167,9 +167,7 @@ var (
 		"android.security.metrics":                                        EXCEPTION_NO_FUZZER,
 		"android.service.gatekeeper.IGateKeeperService":                   EXCEPTION_NO_FUZZER,
 		"android.system.composd":                                          EXCEPTION_NO_FUZZER,
-		// TODO(b/294158658): add fuzzer
 		"android.system.virtualizationservice":                            EXCEPTION_NO_FUZZER,
-		"android.system.virtualizationservice_internal.IVfioHandler":      EXCEPTION_NO_FUZZER,
 		"ambient_context":                                                 EXCEPTION_NO_FUZZER,
 		"app_binding":                                                     EXCEPTION_NO_FUZZER,
 		"app_hibernation":                                                 EXCEPTION_NO_FUZZER,
diff --git a/prebuilts/api/34.0/private/coredomain.te b/prebuilts/api/34.0/private/coredomain.te
index f9b47dfb8..83930a50a 100644
--- a/prebuilts/api/34.0/private/coredomain.te
+++ b/prebuilts/api/34.0/private/coredomain.te
@@ -150,7 +150,6 @@ full_treble_only(`
     -apexd
     -init
     -ueventd
-    -vfio_handler
     -vold
   } sysfs:file no_rw_file_perms;
 
diff --git a/prebuilts/api/34.0/private/crosvm.te b/prebuilts/api/34.0/private/crosvm.te
index 31d6c1992..f1012b79b 100644
--- a/prebuilts/api/34.0/private/crosvm.te
+++ b/prebuilts/api/34.0/private/crosvm.te
@@ -91,14 +91,6 @@ allow crosvm port:tcp_socket name_bind;
 allow crosvm adbd:unix_stream_socket ioctl;
 allow crosvm node:tcp_socket node_bind;
 
-# Allow crosvm to interact to VFIO device
-allow crosvm vfio_device:chr_file rw_file_perms;
-allow crosvm vfio_device:dir r_dir_perms;
-
-# Allow crosvm to access VM DTBO via a pipe created by vfio handler.
-allow crosvm vfio_handler:fd use;
-allow crosvm vfio_handler:fifo_file r_file_perms;
-
 # Don't allow crosvm to open files that it doesn't own.
 # This is important because a malicious application could try to start a VM with a composite disk
 # image referring by name to files which it doesn't have permission to open, trying to get crosvm to
diff --git a/prebuilts/api/34.0/private/file_contexts b/prebuilts/api/34.0/private/file_contexts
index f18b6dd31..258c6b456 100644
--- a/prebuilts/api/34.0/private/file_contexts
+++ b/prebuilts/api/34.0/private/file_contexts
@@ -191,7 +191,6 @@
 /dev/urandom		u:object_r:random_device:s0
 /dev/usb_accessory	u:object_r:usbaccessory_device:s0
 /dev/v4l-touch[0-9]*	u:object_r:input_device:s0
-/dev/vfio(/.*)?		u:object_r:vfio_device:s0
 /dev/vhost-vsock	u:object_r:kvm_device:s0
 /dev/video[0-9]*	u:object_r:video_device:s0
 /dev/vndbinder		u:object_r:vndbinder_device:s0
diff --git a/prebuilts/api/34.0/private/service.te b/prebuilts/api/34.0/private/service.te
index 06b03e091..3717150de 100644
--- a/prebuilts/api/34.0/private/service.te
+++ b/prebuilts/api/34.0/private/service.te
@@ -20,6 +20,5 @@ type statscompanion_service,        system_server_service, service_manager_type;
 type statsmanager_service,          system_api_service, system_server_service, service_manager_type;
 type tracingproxy_service,          system_server_service, service_manager_type;
 type transparency_service,          system_server_service, service_manager_type;
-type vfio_handler_service,          service_manager_type;
 type uce_service,                   service_manager_type;
 type wearable_sensing_service,      system_api_service, system_server_service, service_manager_type;
diff --git a/prebuilts/api/34.0/private/service_contexts b/prebuilts/api/34.0/private/service_contexts
index 0f63e3950..3bb9c8502 100644
--- a/prebuilts/api/34.0/private/service_contexts
+++ b/prebuilts/api/34.0/private/service_contexts
@@ -144,7 +144,6 @@ android.security.metrics                  u:object_r:keystore_metrics_service:s0
 android.service.gatekeeper.IGateKeeperService    u:object_r:gatekeeper_service:s0
 android.system.composd                    u:object_r:compos_service:s0
 android.system.virtualizationservice      u:object_r:virtualization_service:s0
-android.system.virtualizationservice_internal.IVfioHandler u:object_r:vfio_handler_service:s0
 ambient_context                           u:object_r:ambient_context_service:s0
 app_binding                               u:object_r:app_binding_service:s0
 app_hibernation                           u:object_r:app_hibernation_service:s0
diff --git a/prebuilts/api/34.0/private/vfio_handler.te b/prebuilts/api/34.0/private/vfio_handler.te
deleted file mode 100644
index 706a6ca22..000000000
--- a/prebuilts/api/34.0/private/vfio_handler.te
+++ /dev/null
@@ -1,24 +0,0 @@
-# vfio_handler is a helper service for VFIO tasks, like binding platform devices to VFIO driver.
-# vfio_handler is separate from virtualizationservice as VFIO tasks require root.
-type vfio_handler, domain, coredomain;
-type vfio_handler_exec, system_file_type, exec_type, file_type;
-
-# When init runs a file labelled with vfio_handler_exec, run it in the vfio_handler domain.
-init_daemon_domain(vfio_handler)
-
-# Let the vfio_handler domain register the vfio_handler_service with ServiceManager.
-add_service(vfio_handler, vfio_handler_service)
-
-# Let the vfio_handler domain use Binder.
-binder_use(vfio_handler)
-
-# Allow vfio_handler to check if VFIO is supported
-allow vfio_handler vfio_device:chr_file getattr;
-allow vfio_handler vfio_device:dir r_dir_perms;
-
-# Allow vfio_handler to bind/unbind platform devices
-allow vfio_handler sysfs:dir r_dir_perms;
-allow vfio_handler sysfs:file rw_file_perms;
-
-# Only vfio_handler can add vfio_handler_service
-neverallow { domain -vfio_handler } vfio_handler_service:service_manager add;
diff --git a/prebuilts/api/34.0/private/virtualizationmanager.te b/prebuilts/api/34.0/private/virtualizationmanager.te
index 70338ff1a..bfad8e71f 100644
--- a/prebuilts/api/34.0/private/virtualizationmanager.te
+++ b/prebuilts/api/34.0/private/virtualizationmanager.te
@@ -86,7 +86,3 @@ r_dir_file(virtualizationmanager, crosvm);
 # For debug purposes we try to get the canonical path from /proc/self/fd/N. That triggers
 # a harmless denial for CompOS log files, so ignore that.
 dontaudit virtualizationmanager apex_module_data_file:dir search;
-
-# Allow virtualizationmanager to access VM DTBO via a pipe created by vfio handler.
-allow virtualizationmanager vfio_handler:fd use;
-allow virtualizationmanager vfio_handler:fifo_file r_file_perms;
diff --git a/prebuilts/api/34.0/private/virtualizationservice.te b/prebuilts/api/34.0/private/virtualizationservice.te
index a4588dc9f..561e7788d 100644
--- a/prebuilts/api/34.0/private/virtualizationservice.te
+++ b/prebuilts/api/34.0/private/virtualizationservice.te
@@ -15,10 +15,6 @@ binder_use(virtualizationservice)
 # Let the virtualizationservice domain register the virtualization_service with ServiceManager.
 add_service(virtualizationservice, virtualization_service)
 
-# Let virtualizationservice find and communicate with vfio_handler.
-allow virtualizationservice vfio_handler_service:service_manager find;
-binder_call(virtualizationservice, vfio_handler)
-
 # Allow calling into the system server to find "permission_service".
 binder_call(virtualizationservice, system_server)
 allow virtualizationservice permission_service:service_manager find;
@@ -58,14 +54,6 @@ unix_socket_connect(virtualizationservice, tombstoned_crash, tombstoned)
 allow virtualizationservice tombstone_data_file:file { append getattr };
 allow virtualizationservice tombstoned:fd use;
 
-# Allow virtualizationservice to check if VFIO is supported
-allow virtualizationservice vfio_device:chr_file getattr;
-allow virtualizationservice vfio_device:dir r_dir_perms;
-
-# Allow virtualizationservice to access VM DTBO via a pipe created by vfio handler.
-allow virtualizationservice vfio_handler:fd use;
-allow virtualizationservice vfio_handler:fifo_file r_file_perms;
-
 neverallow {
   domain
   -init
@@ -84,6 +72,3 @@ neverallow virtualizationservice {
   -virtualizationmanager
   -virtualizationservice
 }:process setrlimit;
-
-# Only virtualizationservice can communicate to vfio_handler
-neverallow { domain -virtualizationservice -servicemanager } vfio_handler:binder call;
diff --git a/prebuilts/api/34.0/public/device.te b/prebuilts/api/34.0/public/device.te
index 36299d38c..fa292565e 100644
--- a/prebuilts/api/34.0/public/device.te
+++ b/prebuilts/api/34.0/public/device.te
@@ -129,6 +129,3 @@ type userdata_sysdev, dev_type;
 
 # Root disk file for disk tunables
 type rootdisk_sysdev, dev_type;
-
-# vfio device
-type vfio_device, dev_type;
diff --git a/private/coredomain.te b/private/coredomain.te
index f9b47dfb8..83930a50a 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -150,7 +150,6 @@ full_treble_only(`
     -apexd
     -init
     -ueventd
-    -vfio_handler
     -vold
   } sysfs:file no_rw_file_perms;
 
diff --git a/private/crosvm.te b/private/crosvm.te
index 31d6c1992..f1012b79b 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te
@@ -91,14 +91,6 @@ allow crosvm port:tcp_socket name_bind;
 allow crosvm adbd:unix_stream_socket ioctl;
 allow crosvm node:tcp_socket node_bind;
 
-# Allow crosvm to interact to VFIO device
-allow crosvm vfio_device:chr_file rw_file_perms;
-allow crosvm vfio_device:dir r_dir_perms;
-
-# Allow crosvm to access VM DTBO via a pipe created by vfio handler.
-allow crosvm vfio_handler:fd use;
-allow crosvm vfio_handler:fifo_file r_file_perms;
-
 # Don't allow crosvm to open files that it doesn't own.
 # This is important because a malicious application could try to start a VM with a composite disk
 # image referring by name to files which it doesn't have permission to open, trying to get crosvm to
diff --git a/private/file_contexts b/private/file_contexts
index f18b6dd31..258c6b456 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -191,7 +191,6 @@
 /dev/urandom		u:object_r:random_device:s0
 /dev/usb_accessory	u:object_r:usbaccessory_device:s0
 /dev/v4l-touch[0-9]*	u:object_r:input_device:s0
-/dev/vfio(/.*)?		u:object_r:vfio_device:s0
 /dev/vhost-vsock	u:object_r:kvm_device:s0
 /dev/video[0-9]*	u:object_r:video_device:s0
 /dev/vndbinder		u:object_r:vndbinder_device:s0
diff --git a/private/service.te b/private/service.te
index 06b03e091..3717150de 100644
--- a/private/service.te
+++ b/private/service.te
@@ -20,6 +20,5 @@ type statscompanion_service,        system_server_service, service_manager_type;
 type statsmanager_service,          system_api_service, system_server_service, service_manager_type;
 type tracingproxy_service,          system_server_service, service_manager_type;
 type transparency_service,          system_server_service, service_manager_type;
-type vfio_handler_service,          service_manager_type;
 type uce_service,                   service_manager_type;
 type wearable_sensing_service,      system_api_service, system_server_service, service_manager_type;
diff --git a/private/service_contexts b/private/service_contexts
index 0f63e3950..3bb9c8502 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -144,7 +144,6 @@ android.security.metrics                  u:object_r:keystore_metrics_service:s0
 android.service.gatekeeper.IGateKeeperService    u:object_r:gatekeeper_service:s0
 android.system.composd                    u:object_r:compos_service:s0
 android.system.virtualizationservice      u:object_r:virtualization_service:s0
-android.system.virtualizationservice_internal.IVfioHandler u:object_r:vfio_handler_service:s0
 ambient_context                           u:object_r:ambient_context_service:s0
 app_binding                               u:object_r:app_binding_service:s0
 app_hibernation                           u:object_r:app_hibernation_service:s0
diff --git a/private/vfio_handler.te b/private/vfio_handler.te
deleted file mode 100644
index 706a6ca22..000000000
--- a/private/vfio_handler.te
+++ /dev/null
@@ -1,24 +0,0 @@
-# vfio_handler is a helper service for VFIO tasks, like binding platform devices to VFIO driver.
-# vfio_handler is separate from virtualizationservice as VFIO tasks require root.
-type vfio_handler, domain, coredomain;
-type vfio_handler_exec, system_file_type, exec_type, file_type;
-
-# When init runs a file labelled with vfio_handler_exec, run it in the vfio_handler domain.
-init_daemon_domain(vfio_handler)
-
-# Let the vfio_handler domain register the vfio_handler_service with ServiceManager.
-add_service(vfio_handler, vfio_handler_service)
-
-# Let the vfio_handler domain use Binder.
-binder_use(vfio_handler)
-
-# Allow vfio_handler to check if VFIO is supported
-allow vfio_handler vfio_device:chr_file getattr;
-allow vfio_handler vfio_device:dir r_dir_perms;
-
-# Allow vfio_handler to bind/unbind platform devices
-allow vfio_handler sysfs:dir r_dir_perms;
-allow vfio_handler sysfs:file rw_file_perms;
-
-# Only vfio_handler can add vfio_handler_service
-neverallow { domain -vfio_handler } vfio_handler_service:service_manager add;
diff --git a/private/virtualizationmanager.te b/private/virtualizationmanager.te
index 70338ff1a..bfad8e71f 100644
--- a/private/virtualizationmanager.te
+++ b/private/virtualizationmanager.te
@@ -86,7 +86,3 @@ r_dir_file(virtualizationmanager, crosvm);
 # For debug purposes we try to get the canonical path from /proc/self/fd/N. That triggers
 # a harmless denial for CompOS log files, so ignore that.
 dontaudit virtualizationmanager apex_module_data_file:dir search;
-
-# Allow virtualizationmanager to access VM DTBO via a pipe created by vfio handler.
-allow virtualizationmanager vfio_handler:fd use;
-allow virtualizationmanager vfio_handler:fifo_file r_file_perms;
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index a4588dc9f..561e7788d 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te
@@ -15,10 +15,6 @@ binder_use(virtualizationservice)
 # Let the virtualizationservice domain register the virtualization_service with ServiceManager.
 add_service(virtualizationservice, virtualization_service)
 
-# Let virtualizationservice find and communicate with vfio_handler.
-allow virtualizationservice vfio_handler_service:service_manager find;
-binder_call(virtualizationservice, vfio_handler)
-
 # Allow calling into the system server to find "permission_service".
 binder_call(virtualizationservice, system_server)
 allow virtualizationservice permission_service:service_manager find;
@@ -58,14 +54,6 @@ unix_socket_connect(virtualizationservice, tombstoned_crash, tombstoned)
 allow virtualizationservice tombstone_data_file:file { append getattr };
 allow virtualizationservice tombstoned:fd use;
 
-# Allow virtualizationservice to check if VFIO is supported
-allow virtualizationservice vfio_device:chr_file getattr;
-allow virtualizationservice vfio_device:dir r_dir_perms;
-
-# Allow virtualizationservice to access VM DTBO via a pipe created by vfio handler.
-allow virtualizationservice vfio_handler:fd use;
-allow virtualizationservice vfio_handler:fifo_file r_file_perms;
-
 neverallow {
   domain
   -init
@@ -84,6 +72,3 @@ neverallow virtualizationservice {
   -virtualizationmanager
   -virtualizationservice
 }:process setrlimit;
-
-# Only virtualizationservice can communicate to vfio_handler
-neverallow { domain -virtualizationservice -servicemanager } vfio_handler:binder call;
diff --git a/public/device.te b/public/device.te
index 36299d38c..fa292565e 100644
--- a/public/device.te
+++ b/public/device.te
@@ -129,6 +129,3 @@ type userdata_sysdev, dev_type;
 
 # Root disk file for disk tunables
 type rootdisk_sysdev, dev_type;
-
-# vfio device
-type vfio_device, dev_type;