put constraints on vendor VM instance IDs and allocated instance IDs
Vendor IDs must start with FFFFFFFF and allocated IDs must start with
77777777.
We don't yet have a good strategy for avoiding instance ID collisions,
esp. across android partitions. This is just a stop gap to ensure we
have some options for solving the problem later.
Bug: 364629416
Test: TH
Change-Id: Icfe4b8c1fb20f3c825c33287c7446fceb7e88916
diff --git a/android/virtmgr/src/aidl.rs b/android/virtmgr/src/aidl.rs
index 1e756eb..e143c41 100644
--- a/android/virtmgr/src/aidl.rs
+++ b/android/virtmgr/src/aidl.rs
@@ -641,6 +641,24 @@
let calling_partition = find_partition(CALLING_EXE_PATH.as_deref())?;
+ let instance_id = extract_instance_id(config);
+ // Require vendor instance IDs to start with a specific prefix so that they don't conflict
+ // with system instance IDs.
+ //
+ // We should also make sure that non-vendor VMs do not use the vendor prefix, but there are
+ // already system VMs in the wild that may have randomly generated IDs with the prefix, so,
+ // for now, we only check in one direction.
+ const INSTANCE_ID_VENDOR_PREFIX: &[u8] = &[0xFF, 0xFF, 0xFF, 0xFF];
+ if matches!(calling_partition, CallingPartition::Vendor | CallingPartition::Odm)
+ && !instance_id.starts_with(INSTANCE_ID_VENDOR_PREFIX)
+ {
+ return Err(anyhow!(
+ "vendor initiated VMs must have instance IDs starting with 0xFFFFFFFF, got {}",
+ hex::encode(instance_id)
+ ))
+ .or_service_specific_exception(-1);
+ }
+
check_config_features(config)?;
if cfg!(early) {
@@ -668,7 +686,6 @@
check_gdb_allowed(config)?;
}
- let instance_id = extract_instance_id(config);
let mut device_tree_overlays = vec![];
if let Some(dt_overlay) =
maybe_create_reference_dt_overlay(config, &instance_id, &temporary_directory)?