prebuilts/api/31.0/private/virtmanager.te - LeafOS-Project/android_system_sepolicy - Gitiles

 type virtmanager, domain, coredomain;
 type virtmanager_exec, system_file_type, exec_type, file_type;

 # When init runs a file labelled with virtmanager_exec, run it in the virtmanager domain.
 init_daemon_domain(virtmanager)

 # Let the virtmanager domain use Binder.
 binder_use(virtmanager)

 # Let the virtmanager domain register the virtualization_service with ServiceManager.
 add_service(virtmanager, virtualization_service)

 # When virtmanager execs a file with the crosvm_exec label, run it in the crosvm domain.
 domain_auto_trans(virtmanager, crosvm_exec, crosvm)

 # Let virtmanager kill crosvm.
 allow virtmanager crosvm:process sigkill;
	type virtmanager, domain, coredomain;
	type virtmanager_exec, system_file_type, exec_type, file_type;

	# When init runs a file labelled with virtmanager_exec, run it in the virtmanager domain.
	init_daemon_domain(virtmanager)

	# Let the virtmanager domain use Binder.
	binder_use(virtmanager)

	# Let the virtmanager domain register the virtualization_service with ServiceManager.
	add_service(virtmanager, virtualization_service)

	# When virtmanager execs a file with the crosvm_exec label, run it in the crosvm domain.
	domain_auto_trans(virtmanager, crosvm_exec, crosvm)

	# Let virtmanager kill crosvm.
	allow virtmanager crosvm:process sigkill;