Merge changes from topic "vmnic_delete_tap" into main
* changes:
Implement deleting TAP interface in vmnic
Expose network support configuration into AVF Java Framework API
diff --git a/TEST_MAPPING b/TEST_MAPPING
index db0b43a..6d585a6 100644
--- a/TEST_MAPPING
+++ b/TEST_MAPPING
@@ -18,6 +18,9 @@
"name": "MicrodroidTestApp"
},
{
+ "name": "MicrodroidTestAppNoInternetPerm"
+ },
+ {
"name": "MicrodroidTestAppNoPerm"
},
{
diff --git a/java/framework/api/test-current.txt b/java/framework/api/test-current.txt
index d20d543..30dd7d9 100644
--- a/java/framework/api/test-current.txt
+++ b/java/framework/api/test-current.txt
@@ -11,12 +11,14 @@
method @FlaggedApi("com.android.system.virtualmachine.flags.avf_v_test_apis") @NonNull public java.util.List<java.lang.String> getExtraApks();
method @FlaggedApi("com.android.system.virtualmachine.flags.avf_v_test_apis") @NonNull public String getOs();
method @Nullable public String getPayloadConfigPath();
+ method public boolean isNetworkSupported();
method public boolean isVmConsoleInputSupported();
field @FlaggedApi("com.android.system.virtualmachine.flags.avf_v_test_apis") public static final String MICRODROID = "microdroid";
}
public static final class VirtualMachineConfig.Builder {
method @FlaggedApi("com.android.system.virtualmachine.flags.avf_v_test_apis") @NonNull public android.system.virtualmachine.VirtualMachineConfig.Builder addExtraApk(@NonNull String);
+ method @NonNull @RequiresPermission(allOf={android.system.virtualmachine.VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION, android.Manifest.permission.INTERNET}) public android.system.virtualmachine.VirtualMachineConfig.Builder setNetworkSupported(boolean);
method @FlaggedApi("com.android.system.virtualmachine.flags.avf_v_test_apis") @NonNull @RequiresPermission(android.system.virtualmachine.VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION) public android.system.virtualmachine.VirtualMachineConfig.Builder setOs(@NonNull String);
method @NonNull @RequiresPermission(android.system.virtualmachine.VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION) public android.system.virtualmachine.VirtualMachineConfig.Builder setPayloadConfigPath(@NonNull String);
method @FlaggedApi("com.android.system.virtualmachine.flags.avf_v_test_apis") @NonNull @RequiresPermission(android.system.virtualmachine.VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION) public android.system.virtualmachine.VirtualMachineConfig.Builder setVendorDiskImage(@NonNull java.io.File);
@@ -31,6 +33,7 @@
field @FlaggedApi("com.android.system.virtualmachine.flags.avf_v_test_apis") public static final String FEATURE_DICE_CHANGES = "com.android.kvm.DICE_CHANGES";
field @FlaggedApi("com.android.system.virtualmachine.flags.avf_v_test_apis") public static final String FEATURE_LLPVM_CHANGES = "com.android.kvm.LLPVM_CHANGES";
field @FlaggedApi("com.android.system.virtualmachine.flags.avf_v_test_apis") public static final String FEATURE_MULTI_TENANT = "com.android.kvm.MULTI_TENANT";
+ field public static final String FEATURE_NETWORK = "com.android.kvm.NETWORK";
field @FlaggedApi("com.android.system.virtualmachine.flags.avf_v_test_apis") public static final String FEATURE_REMOTE_ATTESTATION = "com.android.kvm.REMOTE_ATTESTATION";
field @FlaggedApi("com.android.system.virtualmachine.flags.avf_v_test_apis") public static final String FEATURE_VENDOR_MODULES = "com.android.kvm.VENDOR_MODULES";
}
diff --git a/java/framework/src/android/system/virtualmachine/VirtualMachineConfig.java b/java/framework/src/android/system/virtualmachine/VirtualMachineConfig.java
index d88b085..ef6a2fc 100644
--- a/java/framework/src/android/system/virtualmachine/VirtualMachineConfig.java
+++ b/java/framework/src/android/system/virtualmachine/VirtualMachineConfig.java
@@ -22,6 +22,7 @@
import static java.util.Objects.requireNonNull;
+import android.Manifest;
import android.annotation.FlaggedApi;
import android.annotation.IntDef;
import android.annotation.IntRange;
@@ -80,7 +81,8 @@
private static final String U_BOOT_PREBUILT_PATH = "/apex/com.android.virt/etc/u-boot.bin";
// These define the schema of the config file persisted on disk.
- private static final int VERSION = 8;
+ // Please bump up the version number when adding a new key.
+ private static final int VERSION = 9;
private static final String KEY_VERSION = "version";
private static final String KEY_PACKAGENAME = "packageName";
private static final String KEY_APKPATH = "apkPath";
@@ -99,6 +101,7 @@
private static final String KEY_VENDOR_DISK_IMAGE_PATH = "vendorDiskImagePath";
private static final String KEY_OS = "os";
private static final String KEY_EXTRA_APKS = "extraApks";
+ private static final String KEY_NETWORK_SUPPORTED = "networkSupported";
/** @hide */
@Retention(RetentionPolicy.SOURCE)
@@ -206,6 +209,9 @@
/** OS name of the VM using payload binaries. */
@NonNull @OsName private final String mOs;
+ /** Whether to run the VM with supporting network feature or not. */
+ private final boolean mNetworkSupported;
+
@Retention(RetentionPolicy.SOURCE)
@StringDef(
prefix = "MICRODROID",
@@ -240,7 +246,8 @@
boolean vmConsoleInputSupported,
boolean connectVmConsole,
@Nullable File vendorDiskImage,
- @NonNull @OsName String os) {
+ @NonNull @OsName String os,
+ boolean networkSupported) {
// This is only called from Builder.build(); the builder handles parameter validation.
mPackageName = packageName;
mApkPath = apkPath;
@@ -263,6 +270,7 @@
mConnectVmConsole = connectVmConsole;
mVendorDiskImage = vendorDiskImage;
mOs = os;
+ mNetworkSupported = networkSupported;
}
/** Loads a config from a file. */
@@ -363,6 +371,8 @@
}
}
+ builder.setNetworkSupported(b.getBoolean(KEY_NETWORK_SUPPORTED));
+
return builder.build();
}
@@ -413,6 +423,7 @@
String[] extraApks = mExtraApks.toArray(new String[0]);
b.putStringArray(KEY_EXTRA_APKS, extraApks);
}
+ b.putBoolean(KEY_NETWORK_SUPPORTED, mNetworkSupported);
b.writeToStream(output);
}
@@ -589,6 +600,16 @@
}
/**
+ * Returns whether the network feature is supported to the VM or not.
+ *
+ * @hide
+ */
+ @TestApi
+ public boolean isNetworkSupported() {
+ return mNetworkSupported;
+ }
+
+ /**
* Tests if this config is compatible with other config. Being compatible means that the configs
* can be interchangeably used for the same virtual machine; they do not change the VM identity
* or secrets. Such changes include varying the number of CPUs or the size of the RAM. Changes
@@ -688,6 +709,7 @@
config.cpuTopology = (byte) this.mCpuTopology;
config.consoleInputDevice = mConsoleInputDevice;
config.devices = EMPTY_STRING_ARRAY;
+ config.networkSupported = this.mNetworkSupported;
config.platformVersion = "~1.0";
return config;
}
@@ -739,18 +761,23 @@
vsConfig.cpuTopology = android.system.virtualizationservice.CpuTopology.ONE_CPU;
break;
}
- if (mVendorDiskImage != null) {
+
+ if (mVendorDiskImage != null || mNetworkSupported) {
VirtualMachineAppConfig.CustomConfig customConfig =
new VirtualMachineAppConfig.CustomConfig();
customConfig.devices = EMPTY_STRING_ARRAY;
- try {
- customConfig.vendorImage =
- ParcelFileDescriptor.open(mVendorDiskImage, MODE_READ_ONLY);
- } catch (FileNotFoundException e) {
- throw new VirtualMachineException(
- "Failed to open vendor disk image " + mVendorDiskImage.getAbsolutePath(),
- e);
+ if (mVendorDiskImage != null) {
+ try {
+ customConfig.vendorImage =
+ ParcelFileDescriptor.open(mVendorDiskImage, MODE_READ_ONLY);
+ } catch (FileNotFoundException e) {
+ throw new VirtualMachineException(
+ "Failed to open vendor disk image "
+ + mVendorDiskImage.getAbsolutePath(),
+ e);
+ }
}
+ customConfig.networkSupported = mNetworkSupported;
vsConfig.customConfig = customConfig;
}
return vsConfig;
@@ -832,6 +859,7 @@
private boolean mConnectVmConsole = false;
@Nullable private File mVendorDiskImage;
@NonNull @OsName private String mOs = DEFAULT_OS;
+ private boolean mNetworkSupported;
/**
* Creates a builder for the given context.
@@ -908,6 +936,10 @@
"debug level must be FULL to connect to the console");
}
+ if (mNetworkSupported && mProtectedVm) {
+ throw new IllegalStateException("network is not supported on pVM");
+ }
+
return new VirtualMachineConfig(
packageName,
apkPath,
@@ -925,7 +957,8 @@
mVmConsoleInputSupported,
mConnectVmConsole,
mVendorDiskImage,
- mOs);
+ mOs,
+ mNetworkSupported);
}
/**
@@ -1230,5 +1263,22 @@
mOs = requireNonNull(os, "os must not be null");
return this;
}
+
+ /**
+ * Sets whether to support network feature to VM. Default is {@code false}.
+ *
+ * @hide
+ */
+ @TestApi
+ @RequiresPermission(
+ allOf = {
+ VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION,
+ Manifest.permission.INTERNET
+ })
+ @NonNull
+ public Builder setNetworkSupported(boolean networkSupported) {
+ mNetworkSupported = networkSupported;
+ return this;
+ }
}
}
diff --git a/java/framework/src/android/system/virtualmachine/VirtualMachineManager.java b/java/framework/src/android/system/virtualmachine/VirtualMachineManager.java
index 4a9e943..abb2c81 100644
--- a/java/framework/src/android/system/virtualmachine/VirtualMachineManager.java
+++ b/java/framework/src/android/system/virtualmachine/VirtualMachineManager.java
@@ -123,6 +123,7 @@
FEATURE_DICE_CHANGES,
FEATURE_LLPVM_CHANGES,
FEATURE_MULTI_TENANT,
+ FEATURE_NETWORK,
FEATURE_REMOTE_ATTESTATION,
FEATURE_VENDOR_MODULES,
})
@@ -147,6 +148,13 @@
public static final String FEATURE_MULTI_TENANT = IVirtualizationService.FEATURE_MULTI_TENANT;
/**
+ * Feature to allow network features in VM.
+ *
+ * @hide
+ */
+ @TestApi public static final String FEATURE_NETWORK = IVirtualizationService.FEATURE_NETWORK;
+
+ /**
* Feature to allow remote attestation in Microdroid.
*
* @hide
diff --git a/libs/avf_features/src/lib.rs b/libs/avf_features/src/lib.rs
index c0faab0..1ebe2a4 100644
--- a/libs/avf_features/src/lib.rs
+++ b/libs/avf_features/src/lib.rs
@@ -16,7 +16,7 @@
use android_system_virtualizationservice::aidl::android::system::virtualizationservice::{
IVirtualizationService::FEATURE_DICE_CHANGES, IVirtualizationService::FEATURE_LLPVM_CHANGES,
- IVirtualizationService::FEATURE_MULTI_TENANT,
+ IVirtualizationService::FEATURE_MULTI_TENANT, IVirtualizationService::FEATURE_NETWORK,
IVirtualizationService::FEATURE_REMOTE_ATTESTATION,
IVirtualizationService::FEATURE_VENDOR_MODULES,
};
@@ -28,6 +28,7 @@
FEATURE_DICE_CHANGES => cfg!(dice_changes),
FEATURE_LLPVM_CHANGES => cfg!(llpvm_changes),
FEATURE_MULTI_TENANT => cfg!(multi_tenant),
+ FEATURE_NETWORK => cfg!(network),
FEATURE_REMOTE_ATTESTATION => cfg!(remote_attestation),
FEATURE_VENDOR_MODULES => cfg!(vendor_modules),
_ => {
diff --git a/tests/testapk/AndroidManifestV5.xml b/tests/testapk/AndroidManifestV5.xml
index 7d97680..b869586 100644
--- a/tests/testapk/AndroidManifestV5.xml
+++ b/tests/testapk/AndroidManifestV5.xml
@@ -18,6 +18,7 @@
android:versionCode="5">
<uses-permission android:name="android.permission.MANAGE_VIRTUAL_MACHINE" />
<uses-permission android:name="android.permission.USE_CUSTOM_VIRTUAL_MACHINE" />
+ <uses-permission android:name="android.permission.INTERNET" />
<uses-sdk android:minSdkVersion="33" android:targetSdkVersion="33" />
<uses-feature android:name="android.software.virtualization_framework" android:required="false" />
<queries>
diff --git a/tests/testapk/AndroidManifestV6.xml b/tests/testapk/AndroidManifestV6.xml
index 19d5674..c55da85 100644
--- a/tests/testapk/AndroidManifestV6.xml
+++ b/tests/testapk/AndroidManifestV6.xml
@@ -18,6 +18,7 @@
android:versionCode="6">
<uses-permission android:name="android.permission.MANAGE_VIRTUAL_MACHINE" />
<uses-permission android:name="android.permission.USE_CUSTOM_VIRTUAL_MACHINE" />
+ <uses-permission android:name="android.permission.INTERNET" />
<uses-sdk android:minSdkVersion="33" android:targetSdkVersion="33" />
<uses-feature android:name="android.software.virtualization_framework" android:required="false" />
<queries>
diff --git a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
index 12a46f7..4d8dac6 100644
--- a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
+++ b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
@@ -571,8 +571,9 @@
assertThat(minimal.isProtectedVm()).isEqualTo(isProtectedVm());
assertThat(minimal.isEncryptedStorageEnabled()).isFalse();
assertThat(minimal.getEncryptedStorageBytes()).isEqualTo(0);
- assertThat(minimal.isVmOutputCaptured()).isEqualTo(false);
+ assertThat(minimal.isVmOutputCaptured()).isFalse();
assertThat(minimal.getOs()).isEqualTo("microdroid");
+ assertThat(minimal.isNetworkSupported()).isFalse();
// Maximal has everything that can be set to some non-default value. (And has different
// values than minimal for the required fields.)
@@ -589,6 +590,9 @@
.setEncryptedStorageBytes(1_000_000)
.setVmOutputCaptured(true)
.setOs("microdroid_gki-android14-6.1");
+ if (!mProtectedVm) {
+ maximalBuilder.setNetworkSupported(true);
+ }
VirtualMachineConfig maximal = maximalBuilder.build();
assertThat(maximal.getApkPath()).isEqualTo("/apk/path");
@@ -603,8 +607,11 @@
assertThat(maximal.isProtectedVm()).isEqualTo(isProtectedVm());
assertThat(maximal.isEncryptedStorageEnabled()).isTrue();
assertThat(maximal.getEncryptedStorageBytes()).isEqualTo(1_000_000);
- assertThat(maximal.isVmOutputCaptured()).isEqualTo(true);
+ assertThat(maximal.isVmOutputCaptured()).isTrue();
assertThat(maximal.getOs()).isEqualTo("microdroid_gki-android14-6.1");
+ if (!mProtectedVm) {
+ assertThat(maximal.isNetworkSupported()).isTrue();
+ }
assertThat(minimal.isCompatibleWith(maximal)).isFalse();
assertThat(minimal.isCompatibleWith(minimal)).isTrue();
@@ -659,6 +666,18 @@
.setVmConsoleInputSupported(true);
e = assertThrows(IllegalStateException.class, () -> captureInputOnNonDebuggable.build());
assertThat(e).hasMessageThat().contains("debug level must be FULL to use console input");
+
+ if (mProtectedVm) {
+ VirtualMachineConfig.Builder networkSupportedOnProtectedVm =
+ newVmConfigBuilderWithPayloadBinary("binary.so")
+ .setProtectedVm(mProtectedVm)
+ .setNetworkSupported(true);
+ e =
+ assertThrows(
+ IllegalStateException.class,
+ () -> networkSupportedOnProtectedVm.build());
+ assertThat(e).hasMessageThat().contains("network is not supported on pVM");
+ }
}
@Test
@@ -2300,6 +2319,49 @@
}
}
+ private VirtualMachineConfig buildVmConfigWithNetworkSupported() throws Exception {
+ return buildVmConfigWithNetworkSupported("MicrodroidTestNativeLib.so");
+ }
+
+ private VirtualMachineConfig buildVmConfigWithNetworkSupported(String binaryPath)
+ throws Exception {
+ assumeSupportedDevice();
+ assumeNonProtectedVM();
+ assumeFeatureEnabled(VirtualMachineManager.FEATURE_NETWORK);
+ VirtualMachineConfig config =
+ newVmConfigBuilderWithPayloadBinary(binaryPath)
+ .setNetworkSupported(true)
+ .setDebugLevel(DEBUG_LEVEL_FULL)
+ .build();
+ grantPermission(VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION);
+ return config;
+ }
+
+ @Test
+ public void configuringNetworkSupportedRequiresCustomPermission() throws Exception {
+ VirtualMachineConfig config = buildVmConfigWithNetworkSupported();
+ revokePermission(VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION);
+
+ VirtualMachine vm =
+ forceCreateNewVirtualMachine(
+ "test_network_supported_req_custom_permission", config);
+ SecurityException e =
+ assertThrows(
+ SecurityException.class, () -> runVmTestService(TAG, vm, (ts, tr) -> {}));
+ assertThat(e)
+ .hasMessageThat()
+ .contains("android.permission.USE_CUSTOM_VIRTUAL_MACHINE permission");
+ }
+
+ @Test
+ public void bootsWithNetworkSupported() throws Exception {
+ VirtualMachineConfig config = buildVmConfigWithNetworkSupported();
+
+ VirtualMachine vm =
+ forceCreateNewVirtualMachine("test_boot_with_network_supported", config);
+ runVmTestService(TAG, vm, (ts, tr) -> {}).assertNoException();
+ }
+
private VirtualMachineConfig buildVmConfigWithVendor(File vendorDiskImage) throws Exception {
return buildVmConfigWithVendor(vendorDiskImage, "MicrodroidTestNativeLib.so");
}
diff --git a/tests/testapk_no_internet_perm/Android.bp b/tests/testapk_no_internet_perm/Android.bp
new file mode 100644
index 0000000..d23081f
--- /dev/null
+++ b/tests/testapk_no_internet_perm/Android.bp
@@ -0,0 +1,26 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test {
+ name: "MicrodroidTestAppNoInternetPerm",
+ static_libs: [
+ "MicrodroidDeviceTestHelper",
+ "MicrodroidTestHelper",
+ "androidx.test.runner",
+ "androidx.test.ext.junit",
+ "com.android.microdroid.testservice-java",
+ "truth",
+ "compatibility-common-util-devicesidelib",
+ ],
+ jni_libs: [
+ "MicrodroidTestNativeLib",
+ ],
+ test_suites: [
+ "general-tests",
+ "cts",
+ ],
+ srcs: ["src/java/**/*.java"],
+ defaults: ["MicrodroidTestAppsDefaults"],
+ min_sdk_version: "34",
+}
diff --git a/tests/testapk_no_internet_perm/AndroidManifest.xml b/tests/testapk_no_internet_perm/AndroidManifest.xml
new file mode 100644
index 0000000..87b302a
--- /dev/null
+++ b/tests/testapk_no_internet_perm/AndroidManifest.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (C) 2024 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="com.android.microdroid.test_no_internet_perm">
+ <uses-permission android:name="android.permission.MANAGE_VIRTUAL_MACHINE" />
+ <uses-permission android:name="android.permission.USE_CUSTOM_VIRTUAL_MACHINE" />
+ <uses-sdk android:minSdkVersion="34" android:targetSdkVersion="34" />
+ <uses-feature android:name="android.software.virtualization_framework" android:required="false" />
+ <application />
+ <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="com.android.microdroid.test_no_internet_perm"
+ android:label="No Internet Permission Microdroid Test" />
+</manifest>
diff --git a/tests/testapk_no_internet_perm/AndroidTest.xml b/tests/testapk_no_internet_perm/AndroidTest.xml
new file mode 100644
index 0000000..61f8b8c
--- /dev/null
+++ b/tests/testapk_no_internet_perm/AndroidTest.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (C) 2024 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<configuration description="Runs Microdroid Tests with no internet permission">
+ <option name="test-suite-tag" value="cts" />
+ <option name="config-descriptor:metadata" key="component" value="security" />
+ <option name="config-descriptor:metadata" key="parameter" value="not_instant_app" />
+ <option name="config-descriptor:metadata" key="parameter" value="not_multi_abi" />
+ <option name="config-descriptor:metadata" key="parameter" value="secondary_user" />
+ <target_preparer class="com.android.tradefed.targetprep.suite.SuiteApkInstaller">
+ <option name="test-file-name" value="MicrodroidTestAppNoInternetPerm.apk" />
+ </target_preparer>
+ <test class="com.android.tradefed.testtype.AndroidJUnitTest" >
+ <option name="package" value="com.android.microdroid.test_no_internet_perm" />
+ <option name="runner" value="androidx.test.runner.AndroidJUnitRunner" />
+ <option name="shell-timeout" value="300000" />
+ <option name="test-timeout" value="300000" />
+ </test>
+</configuration>
diff --git a/tests/testapk_no_internet_perm/src/java/com/android/microdroid/test/MicrodroidTestAppNoInternetPerm.java b/tests/testapk_no_internet_perm/src/java/com/android/microdroid/test/MicrodroidTestAppNoInternetPerm.java
new file mode 100644
index 0000000..767f745
--- /dev/null
+++ b/tests/testapk_no_internet_perm/src/java/com/android/microdroid/test/MicrodroidTestAppNoInternetPerm.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.microdroid.test;
+
+import static com.google.common.truth.Truth.assertThat;
+
+import static org.junit.Assert.assertThrows;
+
+import android.system.virtualmachine.VirtualMachine;
+import android.system.virtualmachine.VirtualMachineConfig;
+import android.system.virtualmachine.VirtualMachineManager;
+
+import com.android.microdroid.test.device.MicrodroidDeviceTestBase;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+/**
+ * Test that the android.permission.MANAGE_VIRTUAL_MACHINE is enforced and that an app cannot launch
+ * a VM without said permission.
+ */
+@RunWith(Parameterized.class)
+public class MicrodroidTestAppNoInternetPerm extends MicrodroidDeviceTestBase {
+ private static final String TAG = "MicrodroidTestAppNoInternetPerm";
+
+ @Parameterized.Parameters(name = "protectedVm={0}")
+ public static Object[] protectedVmConfigs() {
+ return new Object[] {false, true};
+ }
+
+ @Parameterized.Parameter public boolean mProtectedVm;
+
+ @Before
+ public void setup() {
+ prepareTestSetup(mProtectedVm, null);
+ }
+
+ @Test
+ public void configuringNetworkSupportedRequiresInternetPermission() throws Exception {
+ assumeSupportedDevice();
+ assumeNonProtectedVM();
+ assumeFeatureEnabled(VirtualMachineManager.FEATURE_NETWORK);
+
+ VirtualMachineConfig config =
+ newVmConfigBuilderWithPayloadBinary("MicrodroidTestNativeLib.so")
+ .setNetworkSupported(true)
+ .build();
+
+ VirtualMachine vm =
+ forceCreateNewVirtualMachine(
+ "config_network_supported_req_internet_permission", config);
+ SecurityException e =
+ assertThrows(
+ SecurityException.class, () -> runVmTestService(TAG, vm, (ts, tr) -> {}));
+ assertThat(e).hasMessageThat().contains("android.permission.INTERNET permission");
+ }
+}
diff --git a/virtualizationmanager/src/crosvm.rs b/virtualizationmanager/src/crosvm.rs
index 6408b84..4b03bac 100644
--- a/virtualizationmanager/src/crosvm.rs
+++ b/virtualizationmanager/src/crosvm.rs
@@ -14,10 +14,11 @@
//! Functions for running instances of `crosvm`.
-use crate::aidl::{remove_temporary_files, Cid, VirtualMachineCallbacks};
+use crate::aidl::{remove_temporary_files, Cid, GLOBAL_SERVICE, VirtualMachineCallbacks};
use crate::atom::{get_num_cpus, write_vm_exited_stats_sync};
use crate::debug_config::DebugConfig;
use anyhow::{anyhow, bail, Context, Error, Result};
+use binder::ParcelFileDescriptor;
use command_fds::CommandFdExt;
use lazy_static::lazy_static;
use libc::{sysconf, _SC_CLK_TCK};
@@ -34,7 +35,7 @@
use std::io::{self, Read};
use std::mem;
use std::num::{NonZeroU16, NonZeroU32};
-use std::os::unix::io::{AsRawFd, RawFd};
+use std::os::unix::io::{AsRawFd, OwnedFd, RawFd};
use std::os::unix::process::ExitStatusExt;
use std::path::{Path, PathBuf};
use std::process::{Command, ExitStatus};
@@ -241,6 +242,8 @@
let detect_hangup = config.detect_hangup;
let (failure_pipe_read, failure_pipe_write) = create_pipe()?;
let vfio_devices = config.vfio_devices.clone();
+ let tap =
+ if let Some(tap_file) = &config.tap { Some(tap_file.try_clone()?) } else { None };
// If this fails and returns an error, `self` will be left in the `Failed` state.
let child =
@@ -255,7 +258,7 @@
let child_clone = child.clone();
let instance_clone = instance.clone();
let monitor_vm_exit_thread = Some(thread::spawn(move || {
- instance_clone.monitor_vm_exit(child_clone, failure_pipe_read, vfio_devices);
+ instance_clone.monitor_vm_exit(child_clone, failure_pipe_read, vfio_devices, tap);
}));
if detect_hangup {
@@ -397,6 +400,7 @@
child: Arc<SharedChild>,
mut failure_pipe_read: File,
vfio_devices: Vec<VfioDevice>,
+ tap: Option<File>,
) {
let result = child.wait();
match &result {
@@ -456,6 +460,14 @@
error!("Error removing temporary files from {:?}: {}", self.temporary_directory, e);
});
+ if let Some(tap_file) = tap {
+ GLOBAL_SERVICE
+ .deleteTapInterface(&ParcelFileDescriptor::new(OwnedFd::from(tap_file)))
+ .unwrap_or_else(|e| {
+ error!("Error deleting TAP interface: {e:?}");
+ });
+ }
+
drop(vfio_devices); // Cleanup devices.
}
diff --git a/virtualizationservice/aidl/android/system/virtualizationservice/IVirtualizationService.aidl b/virtualizationservice/aidl/android/system/virtualizationservice/IVirtualizationService.aidl
index f8b5087..234d8d0 100644
--- a/virtualizationservice/aidl/android/system/virtualizationservice/IVirtualizationService.aidl
+++ b/virtualizationservice/aidl/android/system/virtualizationservice/IVirtualizationService.aidl
@@ -25,6 +25,7 @@
const String FEATURE_DICE_CHANGES = "com.android.kvm.DICE_CHANGES";
const String FEATURE_LLPVM_CHANGES = "com.android.kvm.LLPVM_CHANGES";
const String FEATURE_MULTI_TENANT = "com.android.kvm.MULTI_TENANT";
+ const String FEATURE_NETWORK = "com.android.kvm.NETWORK";
const String FEATURE_REMOTE_ATTESTATION = "com.android.kvm.REMOTE_ATTESTATION";
const String FEATURE_VENDOR_MODULES = "com.android.kvm.VENDOR_MODULES";
diff --git a/virtualizationservice/aidl/android/system/virtualizationservice_internal/IVirtualizationServiceInternal.aidl b/virtualizationservice/aidl/android/system/virtualizationservice_internal/IVirtualizationServiceInternal.aidl
index 4e6879d..0da7755 100644
--- a/virtualizationservice/aidl/android/system/virtualizationservice_internal/IVirtualizationServiceInternal.aidl
+++ b/virtualizationservice/aidl/android/system/virtualizationservice_internal/IVirtualizationServiceInternal.aidl
@@ -128,4 +128,10 @@
* @return file descriptor of the TAP network interface.
*/
ParcelFileDescriptor createTapInterface(String ifaceNameSuffix);
+
+ /**
+ * Delete TAP network interface created for a VM.
+ * @param file descriptor of the TAP network interface.
+ */
+ void deleteTapInterface(in ParcelFileDescriptor tapFd);
}
diff --git a/virtualizationservice/aidl/android/system/virtualizationservice_internal/IVmnic.aidl b/virtualizationservice/aidl/android/system/virtualizationservice_internal/IVmnic.aidl
index 66739da..e3cc73a 100644
--- a/virtualizationservice/aidl/android/system/virtualizationservice_internal/IVmnic.aidl
+++ b/virtualizationservice/aidl/android/system/virtualizationservice_internal/IVmnic.aidl
@@ -22,4 +22,10 @@
* @return file descriptor of the TAP network interface.
*/
ParcelFileDescriptor createTapInterface(String ifaceNameSuffix);
+
+ /**
+ * Delete TAP network interface created for a VM.
+ * @param file descriptor of the TAP network interface.
+ */
+ void deleteTapInterface(in ParcelFileDescriptor tapFd);
}
diff --git a/virtualizationservice/src/aidl.rs b/virtualizationservice/src/aidl.rs
index 5592f14..241baa5 100644
--- a/virtualizationservice/src/aidl.rs
+++ b/virtualizationservice/src/aidl.rs
@@ -510,6 +510,7 @@
}
fn createTapInterface(&self, iface_name_suffix: &str) -> binder::Result<ParcelFileDescriptor> {
+ check_internet_permission()?;
check_use_custom_virtual_machine()?;
if !cfg!(network) {
return Err(Status::new_exception_str(
@@ -520,6 +521,19 @@
}
NETWORK_SERVICE.createTapInterface(iface_name_suffix)
}
+
+ fn deleteTapInterface(&self, tap_fd: &ParcelFileDescriptor) -> binder::Result<()> {
+ check_internet_permission()?;
+ check_use_custom_virtual_machine()?;
+ if !cfg!(network) {
+ return Err(Status::new_exception_str(
+ ExceptionCode::UNSUPPORTED_OPERATION,
+ Some("deleteTapInterface is not supported with the network feature disabled"),
+ ))
+ .with_log();
+ }
+ NETWORK_SERVICE.deleteTapInterface(tap_fd)
+ }
}
impl IVirtualizationMaintenance for VirtualizationServiceInternal {
@@ -911,6 +925,12 @@
check_permission("android.permission.USE_CUSTOM_VIRTUAL_MACHINE")
}
+/// Check whether the caller of the current Binder method is allowed to create socket and
+/// establish connection between the VM and the Internet.
+fn check_internet_permission() -> binder::Result<()> {
+ check_permission("android.permission.INTERNET")
+}
+
#[cfg(test)]
mod tests {
use super::*;
diff --git a/virtualizationservice/vmnic/src/aidl.rs b/virtualizationservice/vmnic/src/aidl.rs
index a206c25..69c37b8 100644
--- a/virtualizationservice/vmnic/src/aidl.rs
+++ b/virtualizationservice/vmnic/src/aidl.rs
@@ -22,19 +22,19 @@
use nix::{ioctl_write_int_bad, ioctl_write_ptr_bad};
use nix::sys::ioctl::ioctl_num_type;
use nix::sys::socket::{socket, AddressFamily, SockFlag, SockType};
-use std::ffi::CString;
+use std::ffi::{CStr, CString};
use std::fs::File;
use std::os::fd::{AsRawFd, RawFd};
use std::slice::from_raw_parts;
+const TUNGETIFF: ioctl_num_type = 0x800454d2u32 as c_int;
const TUNSETIFF: ioctl_num_type = 0x400454ca;
const TUNSETPERSIST: ioctl_num_type = 0x400454cb;
-const SIOCGIFFLAGS: ioctl_num_type = 0x00008913;
const SIOCSIFFLAGS: ioctl_num_type = 0x00008914;
+ioctl_write_ptr_bad!(ioctl_tungetiff, TUNGETIFF, ifreq);
ioctl_write_ptr_bad!(ioctl_tunsetiff, TUNSETIFF, ifreq);
ioctl_write_int_bad!(ioctl_tunsetpersist, TUNSETPERSIST);
-ioctl_write_ptr_bad!(ioctl_siocgifflags, SIOCGIFFLAGS, ifreq);
ioctl_write_ptr_bad!(ioctl_siocsifflags, SIOCSIFFLAGS, ifreq);
fn validate_ifname(ifname: &[c_char]) -> Result<()> {
@@ -44,32 +44,38 @@
Ok(())
}
-fn create_tap_interface(fd: RawFd, ifname: &[c_char]) -> Result<()> {
+fn create_tap_interface(fd: RawFd, sockfd: c_int, ifname: &[c_char]) -> Result<()> {
// SAFETY: All-zero is a valid value for the ifreq type.
let mut ifr: ifreq = unsafe { std::mem::zeroed() };
ifr.ifr_ifru.ifru_flags = (IFF_TAP | IFF_NO_PI | IFF_VNET_HDR) as c_short;
ifr.ifr_name[..ifname.len()].copy_from_slice(ifname);
- // SAFETY: `ioctl` is copied into the kernel. It modifies the state in the kernel, not the
- // state of this process in any way.
+ // SAFETY: It modifies the state in the kernel, not the state of this process in any way.
unsafe { ioctl_tunsetiff(fd, &ifr) }.context("Failed to ioctl TUNSETIFF")?;
- // SAFETY: `ioctl` is copied into the kernel. It modifies the state in the kernel, not the
- // state of this process in any way.
+ // SAFETY: It modifies the state in the kernel, not the state of this process in any way.
unsafe { ioctl_tunsetpersist(fd, 1) }.context("Failed to ioctl TUNSETPERSIST")?;
+ // SAFETY: ifr_ifru holds ifru_flags in its union field.
+ unsafe { ifr.ifr_ifru.ifru_flags |= IFF_UP as c_short };
+ // SAFETY: It modifies the state in the kernel, not the state of this process in any way.
+ unsafe { ioctl_siocsifflags(sockfd, &ifr) }.context("Failed to ioctl SIOCSIFFLAGS")?;
Ok(())
}
-fn bring_up_interface(sockfd: c_int, ifname: &[c_char]) -> Result<()> {
+fn get_tap_ifreq(fd: RawFd) -> Result<ifreq> {
// SAFETY: All-zero is a valid value for the ifreq type.
- let mut ifr: ifreq = unsafe { std::mem::zeroed() };
- ifr.ifr_name[..ifname.len()].copy_from_slice(ifname);
- // SAFETY: `ioctl` is copied into the kernel. It modifies the state in the kernel, not the
- // state of this process in any way.
- unsafe { ioctl_siocgifflags(sockfd, &ifr) }.context("Failed to ioctl SIOCGIFFLAGS")?;
- // SAFETY: After calling SIOCGIFFLAGS, ifr_ifru holds ifru_flags in its union field.
- unsafe { ifr.ifr_ifru.ifru_flags |= IFF_UP as c_short };
- // SAFETY: `ioctl` is copied into the kernel. It modifies the state in the kernel, not the
- // state of this process in any way.
- unsafe { ioctl_siocsifflags(sockfd, &ifr) }.context("Failed to ioctl SIOCGIFFLAGS")?;
+ let ifr: ifreq = unsafe { std::mem::zeroed() };
+ // SAFETY: Returned `ifr` of given file descriptor is set from TUNSETIFF ioctl while executing
+ // create_tap_interface(fd, sockfd, ifname). So the variable `ifr` should be safe.
+ unsafe { ioctl_tungetiff(fd, &ifr) }.context("Failed to ioctl TUNGETIFF")?;
+ Ok(ifr)
+}
+
+fn delete_tap_interface(fd: RawFd, sockfd: c_int, ifr: &mut ifreq) -> Result<()> {
+ // SAFETY: After calling TUNGETIFF, ifr_ifru holds ifru_flags in its union field.
+ unsafe { ifr.ifr_ifru.ifru_flags &= !IFF_UP as c_short };
+ // SAFETY: It modifies the state in the kernel, not the state of this process in any way.
+ unsafe { ioctl_siocsifflags(sockfd, ifr) }.context("Failed to ioctl SIOCSIFFLAGS")?;
+ // SAFETY: It modifies the state in the kernel, not the state of this process in any way.
+ unsafe { ioctl_tunsetpersist(fd, 0) }.context("Failed to ioctl TUNSETPERSIST")?;
Ok(())
}
@@ -102,18 +108,34 @@
let tunfd = File::open("/dev/tun")
.context("Failed to open /dev/tun")
.or_service_specific_exception(-1)?;
- create_tap_interface(tunfd.as_raw_fd(), ifname_bytes)
- .context(format!("Failed to create TAP interface: {ifname:#?}"))
- .or_service_specific_exception(-1)?;
-
let sock = socket(AddressFamily::Inet, SockType::Datagram, SockFlag::empty(), None)
.context("Failed to create socket")
.or_service_specific_exception(-1)?;
- bring_up_interface(sock.as_raw_fd(), ifname_bytes)
- .context(format!("Failed to bring up TAP interface: {ifname:#?}"))
+ create_tap_interface(tunfd.as_raw_fd(), sock.as_raw_fd(), ifname_bytes)
+ .context(format!("Failed to create TAP interface: {ifname:#?}"))
.or_service_specific_exception(-1)?;
info!("Created TAP network interface: {ifname:#?}");
Ok(ParcelFileDescriptor::new(tunfd))
}
+
+ fn deleteTapInterface(&self, tapfd: &ParcelFileDescriptor) -> binder::Result<()> {
+ let tap = tapfd.as_raw_fd();
+ let mut tap_ifreq = get_tap_ifreq(tap)
+ .context("Failed to get ifreq of TAP interface")
+ .or_service_specific_exception(-1)?;
+ // SAFETY: tap_ifreq.ifr_name is null-terminated within IFNAMSIZ, validated when creating
+ // TAP interface.
+ let ifname = unsafe { CStr::from_ptr(tap_ifreq.ifr_name.as_ptr()) };
+
+ let sock = socket(AddressFamily::Inet, SockType::Datagram, SockFlag::empty(), None)
+ .context("Failed to create socket")
+ .or_service_specific_exception(-1)?;
+ delete_tap_interface(tap, sock.as_raw_fd(), &mut tap_ifreq)
+ .context(format!("Failed to create TAP interface: {ifname:#?}"))
+ .or_service_specific_exception(-1)?;
+
+ info!("Deleted TAP network interface: {ifname:#?}");
+ Ok(())
+ }
}