Merge "Rename VirtManager to VirtualizationService in a few more places."
diff --git a/microdroid/Android.bp b/microdroid/Android.bp
index 85b5e0c..894a1ec 100644
--- a/microdroid/Android.bp
+++ b/microdroid/Android.bp
@@ -48,6 +48,7 @@
"microdroid_build_prop",
"microdroid_init_rc",
"microdroid_launcher",
+ "microdroid_manager",
"ueventd.rc",
"libbinder",
"libbinder_ndk",
@@ -68,14 +69,25 @@
"apexd",
"debuggerd",
+ "e2fsck",
+ "keystore2",
"linker",
"linkerconfig",
"servicemanager",
"tombstoned",
+ "tune2fs",
+ "vdc",
+ "vold",
+ "wait_for_keymaster",
"cgroups.json",
"public.libraries.android.txt",
+ // TODO(b/185767624): remove hidl after full keymint support
+ "hwservicemanager",
+
"plat_sepolicy_and_mapping.sha256",
+ "microdroid_compatibility_matrix",
+ "microdroid_manifest",
] + microdroid_shell_and_utilities,
multilib: {
common: {
@@ -144,9 +156,12 @@
name: "microdroid_vendor",
use_avb: true,
deps: [
+ "android.hardware.security.keymint-service",
"microdroid_fstab",
"microdroid_precompiled_sepolicy",
"microdroid_precompiled_sepolicy.plat_sepolicy_and_mapping.sha256",
+ "microdroid_vendor_manifest",
+ "microdroid_vendor_compatibility_matrix",
],
multilib: {
common: {
@@ -427,3 +442,35 @@
name: "microdroid_payload.json",
src: "microdroid_payload.json",
}
+
+prebuilt_etc {
+ name: "microdroid_vendor_manifest",
+ src: "microdroid_vendor_manifest.xml",
+ filename: "manifest.xml",
+ relative_install_path: "vintf",
+ installable: false,
+}
+
+prebuilt_etc {
+ name: "microdroid_vendor_compatibility_matrix",
+ src: "microdroid_vendor_compatibility_matrix.xml",
+ filename: "compatibility_matrix.xml",
+ relative_install_path: "vintf",
+ installable: false,
+}
+
+prebuilt_etc {
+ name: "microdroid_compatibility_matrix",
+ src: "microdroid_compatibility_matrix.xml",
+ filename: "compatibility_matrix.current.xml",
+ relative_install_path: "vintf",
+ installable: false,
+}
+
+prebuilt_etc {
+ name: "microdroid_manifest",
+ src: "microdroid_manifest.xml",
+ filename: "manifest.xml",
+ relative_install_path: "vintf",
+ installable: false,
+}
diff --git a/microdroid/fstab.microdroid b/microdroid/fstab.microdroid
index 6e17c3e..fd8d395 100644
--- a/microdroid/fstab.microdroid
+++ b/microdroid/fstab.microdroid
@@ -1,5 +1,4 @@
system /system ext4 noatime,ro,errors=panic wait,first_stage_mount,logical
vendor /vendor ext4 noatime,ro,errors=panic wait,first_stage_mount,logical
-# TODO(b/185767624): turn on encryption
-/dev/block/by-name/userdata /data ext4 noatime,nosuid,nodev,errors=panic latemount,wait,check,formattable
+/dev/block/by-name/userdata /data ext4 noatime,nosuid,nodev,errors=panic latemount,wait,check,formattable,fileencryption=aes-256-xts
diff --git a/microdroid/init.rc b/microdroid/init.rc
index 121afaa..074e118 100644
--- a/microdroid/init.rc
+++ b/microdroid/init.rc
@@ -12,30 +12,22 @@
# Cgroups are mounted right before early-init using list from /etc/cgroups.json
on early-init
+ # set RLIMIT_NICE to allow priorities from 19 to -20
+ setrlimit nice 40 40
- # TODO(b/185991357) eliminate bootstrap mount namespace
- # Set up linker config subdirectories based on mount namespaces
- mkdir /linkerconfig/bootstrap 0755
- mkdir /linkerconfig/default 0755
-
- # Generate ld.config.txt for early executed processes
- exec -- /system/bin/bootstrap/linkerconfig --target /linkerconfig/bootstrap
- chmod 644 /linkerconfig/bootstrap/ld.config.txt
- copy /linkerconfig/bootstrap/ld.config.txt /linkerconfig/default/ld.config.txt
- chmod 644 /linkerconfig/default/ld.config.txt
-
- # Mount bootstrap linker configuration as current
- mount none /linkerconfig/bootstrap /linkerconfig bind rec
+ # in microdroid, we don't use "bootstrap" mount namespace
+ # because APEXes are passed from host and are available
+ # from the start. We don't need to wait till /data is ready.
+ enter_default_mount_ns
start ueventd
- # Run apexd-bootstrap so that APEXes that provide critical libraries
- # become available. Note that this is executed as exec_start to ensure that
- # the libraries are available to the processes started after this statement.
- exec_start apexd-bootstrap
+ # Exec apexd in the VM mode to avoid unnecessary overhead of normal mode.
+ # (e.g. session management)
+ exec - root system -- /system/bin/apexd --vm
- # Generate linker config based on apex mounted in bootstrap namespace
- update_linker_config
+ perform_apex_config
+ exec_start derive_sdk
mkdir /mnt/apk 0755 system system
start zipfuse
@@ -59,6 +51,15 @@
start servicemanager
+ # TODO(b/185767624): remove hidl after full keymint support
+ start hwservicemanager
+
+ start adbd
+
+ # TODO(b/186396070) microdroid_manager starts zipfuse if necessary
+ # TODO(b/186396070) move this before apexd for DICE derivation
+ start microdroid_manager
+
on load_persist_props_action
start logd
start logd-reinit
@@ -98,23 +99,21 @@
trigger early-boot
trigger boot
+on early-fs
+ start vold
+
on post-fs
# Once everything is setup, no need to modify /.
# The bind+remount combination allows this to work in containers.
mount rootfs rootfs / remount bind ro nodev
- enter_default_mount_ns
-
- # Start apexd in the VM mode to avoid unnecessary overhead of session management.
- exec - root system -- /system/bin/apexd --vm
-
- perform_apex_config
-
- exec_start derive_sdk
-
- start adbd
+ start keystore2
on late-fs
+ start vendor.keymint-default
+
+ exec_start wait_for_keymaster
+
mount_all /vendor/etc/fstab.microdroid --late
on post-fs-data
@@ -127,6 +126,9 @@
# We restorecon /data in case the userdata partition has been reset.
restorecon /data
+ # Make sure we have the device encryption key.
+ installkey /data
+
mkdir /data/vendor 0771 root root encryption=Require
mkdir /data/vendor_ce 0771 root root encryption=None
mkdir /data/vendor_de 0771 root root encryption=None
@@ -140,6 +142,25 @@
start tombstoned
+ # set up keystore directory structure first so that we can end early boot
+ # and start apexd
+ mkdir /data/misc 01771 system misc encryption=Require
+ mkdir /data/misc/keystore 0700 keystore keystore
+ # work around b/183668221
+ restorecon /data/misc /data/misc/keystore
+
+ # Boot level 30
+ # odsign signing keys have MAX_BOOT_LEVEL=30
+ # This is currently the earliest boot level, but we start at 30
+ # to leave room for earlier levels.
+ setprop keystore.boot_level 30
+
+ # Now that /data is mounted and we have created /data/misc/keystore,
+ # we can tell keystore to stop allowing use of early-boot keys,
+ # and access its database for the first time to support creation and
+ # use of MAX_BOOT_LEVEL keys.
+ exec - system system -- /system/bin/vdc keymaster earlyBootEnded
+
# For security reasons, /data/local/tmp should always be empty.
# Do not place files or directories in /data/local/tmp
mkdir /data/local 0751 root root encryption=Require
@@ -169,3 +190,5 @@
on property:sys.boot_completed=1
start logd-auditctl
+on property:vold.decrypt=trigger_post_fs_data
+ trigger post-fs-data
diff --git a/microdroid/microdroid_compatibility_matrix.xml b/microdroid/microdroid_compatibility_matrix.xml
new file mode 100644
index 0000000..7293d22
--- /dev/null
+++ b/microdroid/microdroid_compatibility_matrix.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<compatibility-matrix version="1.0" type="framework">
+ <hal format="aidl" optional="true">
+ <name>android.hardware.security.keymint</name>
+ <version>1</version>
+ <interface>
+ <name>IKeyMintDevice</name>
+ <instance>default</instance>
+ <instance>strongbox</instance>
+ </interface>
+ </hal>
+ <hal format="aidl" optional="true">
+ <name>android.hardware.security.keymint</name>
+ <interface>
+ <name>IRemotelyProvisionedComponent</name>
+ <instance>default</instance>
+ </interface>
+ </hal>
+ <hal format="aidl" optional="true">
+ <name>android.hardware.security.secureclock</name>
+ <version>1</version>
+ <interface>
+ <name>ISecureClock</name>
+ <instance>default</instance>
+ </interface>
+ </hal>
+ <hal format="aidl" optional="true">
+ <name>android.hardware.security.sharedsecret</name>
+ <version>1</version>
+ <interface>
+ <name>ISharedSecret</name>
+ <instance>default</instance>
+ </interface>
+ </hal>
+</compatibility-matrix>
diff --git a/microdroid/microdroid_file_contexts b/microdroid/microdroid_file_contexts
index b033110..fc5e456 100644
--- a/microdroid/microdroid_file_contexts
+++ b/microdroid/microdroid_file_contexts
@@ -368,6 +368,7 @@
/system/bin/snapuserd u:object_r:snapuserd_exec:s0
/system/bin/zipfuse u:object_r:zipfuse_exec:s0
/system/bin/microdroid_launcher u:object_r:microdroid_launcher_exec:s0
+/system/bin/microdroid_manager u:object_r:microdroid_manager_exec:s0
#############################
# Vendor files
diff --git a/microdroid/microdroid_manifest.xml b/microdroid/microdroid_manifest.xml
new file mode 100644
index 0000000..28a374f
--- /dev/null
+++ b/microdroid/microdroid_manifest.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<manifest version="1.0" type="framework">
+ <!--TODO(b/185767624): remove hidl after full keymint support-->
+ <hal format="hidl">
+ <name>android.hidl.manager</name>
+ <transport>hwbinder</transport>
+ <version>1.2</version>
+ <interface>
+ <name>IServiceManager</name>
+ <instance>default</instance>
+ </interface>
+ <fqname>@1.2::IServiceManager/default</fqname>
+ </hal>
+ <hal format="hidl">
+ <name>android.hidl.token</name>
+ <transport>hwbinder</transport>
+ <version>1.0</version>
+ <interface>
+ <name>ITokenManager</name>
+ <instance>default</instance>
+ </interface>
+ <fqname>@1.0::ITokenManager/default</fqname>
+ </hal>
+</manifest>
diff --git a/microdroid/microdroid_payload.json b/microdroid/microdroid_payload.json
index 287aabd..7af0452 100644
--- a/microdroid/microdroid_payload.json
+++ b/microdroid/microdroid_payload.json
@@ -1,10 +1,13 @@
{
"system_apexes": [
"com.android.adbd",
+ "com.android.i18n",
+ "com.android.os.statsd",
"com.android.sdkext"
],
"apk": {
"name": "com.android.microdroid.test",
"path": "/apex/com.android.virt/app/MicrodroidTestApp/MicrodroidTestApp.apk"
- }
+ },
+ "payload_config_path": "/mnt/apk/assets/vm_config.json"
}
diff --git a/microdroid/microdroid_vendor_compatibility_matrix.xml b/microdroid/microdroid_vendor_compatibility_matrix.xml
new file mode 100644
index 0000000..efa1c98
--- /dev/null
+++ b/microdroid/microdroid_vendor_compatibility_matrix.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<compatibility-matrix version="1.0" type="device">
+ <hal format="aidl">
+ <name>android.system.keystore2</name>
+ <interface>
+ <name>IKeystoreService</name>
+ <instance>default</instance>
+ </interface>
+ </hal>
+ <!--TODO(b/185767624): remove hidl after full keymint support-->
+ <hal format="hidl" optional="true">
+ <name>android.hidl.manager</name>
+ <version>1.0</version>
+ <interface>
+ <name>IServiceManager</name>
+ <instance>default</instance>
+ </interface>
+ </hal>
+ <hal format="hidl" optional="true">
+ <name>android.hidl.token</name>
+ <version>1.0</version>
+ <interface>
+ <name>ITokenManager</name>
+ <instance>default</instance>
+ </interface>
+ </hal>
+</compatibility-matrix>
diff --git a/microdroid/microdroid_vendor_file_contexts b/microdroid/microdroid_vendor_file_contexts
index 7405f1a..71b4fcd 100644
--- a/microdroid/microdroid_vendor_file_contexts
+++ b/microdroid/microdroid_vendor_file_contexts
@@ -34,3 +34,5 @@
/etc/selinux/vendor_service_contexts u:object_r:vendor_service_contexts_file:s0
/bin/install-recovery\.sh u:object_r:vendor_install_recovery_exec:s0
+
+/bin/hw/android\.hardware\.security\.keymint-service u:object_r:hal_keymint_default_exec:s0
diff --git a/microdroid/microdroid_vendor_manifest.xml b/microdroid/microdroid_vendor_manifest.xml
new file mode 100644
index 0000000..a48e695
--- /dev/null
+++ b/microdroid/microdroid_vendor_manifest.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<manifest version="1.0" type="device" />
diff --git a/microdroid/signature/Android.bp b/microdroid/signature/Android.bp
index 35c4e9e..1ce7805 100644
--- a/microdroid/signature/Android.bp
+++ b/microdroid/signature/Android.bp
@@ -38,6 +38,14 @@
],
}
+rust_protobuf {
+ name: "libmicrodroid_signature_proto_rust",
+ crate_name: "microdroid_signature",
+ protos: ["microdroid_signature.proto"],
+ source_stem: "microdroid_signature",
+ host_supported: true,
+}
+
cc_binary {
name: "mk_payload",
srcs: [
diff --git a/microdroid/signature/microdroid_signature.proto b/microdroid/signature/microdroid_signature.proto
index 8816aa8..6ae3756 100644
--- a/microdroid/signature/microdroid_signature.proto
+++ b/microdroid/signature/microdroid_signature.proto
@@ -27,6 +27,8 @@
repeated ApexSignature apexes = 2;
ApkSignature apk = 3;
+
+ string payload_config_path = 4;
}
message ApexSignature {
@@ -54,4 +56,4 @@
string payload_partition_name = 2;
string idsig_partition_name = 3;
-}
\ No newline at end of file
+}
diff --git a/microdroid/signature/mk_payload.cc b/microdroid/signature/mk_payload.cc
index a3501d4..9caf788 100644
--- a/microdroid/signature/mk_payload.cc
+++ b/microdroid/signature/mk_payload.cc
@@ -97,6 +97,7 @@
std::vector<std::string> system_apexes;
std::vector<ApexConfig> apexes;
std::optional<ApkConfig> apk;
+ std::optional<std::string> payload_config_path;
};
#define DO(expr) \
@@ -120,6 +121,16 @@
return ParseJson(value, *s);
}
+template <typename T>
+Result<void> ParseJson(const Json::Value& values, std::vector<T>& parsed) {
+ for (const Json::Value& value : values) {
+ T t;
+ DO(ParseJson(value, t));
+ parsed.push_back(std::move(t));
+ }
+ return {};
+}
+
Result<void> ParseJson(const Json::Value& value, ApexConfig& apex_config) {
DO(ParseJson(value["name"], apex_config.name));
DO(ParseJson(value["path"], apex_config.path));
@@ -134,20 +145,11 @@
return {};
}
-template <typename T>
-Result<void> ParseJson(const Json::Value& values, std::vector<T>& parsed) {
- for (const Json::Value& value : values) {
- T t;
- DO(ParseJson(value, t));
- parsed.push_back(std::move(t));
- }
- return {};
-}
-
Result<void> ParseJson(const Json::Value& value, Config& config) {
DO(ParseJson(value["system_apexes"], config.system_apexes));
DO(ParseJson(value["apexes"], config.apexes));
DO(ParseJson(value["apk"], config.apk));
+ DO(ParseJson(value["payload_config_path"], config.payload_config_path));
return {};
}
@@ -232,6 +234,10 @@
// TODO(jooyung): set idsig partition as well
}
+ if (config.payload_config_path.has_value()) {
+ *signature.mutable_payload_config_path() = config.payload_config_path.value();
+ }
+
std::ofstream out(filename);
return WriteMicrodroidSignature(signature, out);
}
diff --git a/microdroid_manager/Android.bp b/microdroid_manager/Android.bp
new file mode 100644
index 0000000..38d500c
--- /dev/null
+++ b/microdroid_manager/Android.bp
@@ -0,0 +1,40 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+rust_defaults {
+ name: "microdroid_manager_defaults",
+ crate_name: "microdroid_manager",
+ srcs: ["src/main.rs"],
+ edition: "2018",
+ prefer_rlib: true,
+ rustlibs: [
+ "libandroid_logger",
+ "libanyhow",
+ "liblog_rust",
+ "libmicrodroid_signature_proto_rust",
+ "libprotobuf",
+ "libserde_json",
+ "libserde",
+ ],
+ init_rc: ["microdroid_manager.rc"],
+}
+
+rust_binary {
+ name: "microdroid_manager",
+ defaults: ["microdroid_manager_defaults"],
+}
+
+rust_test {
+ name: "microdroid_manager_test",
+ defaults: ["microdroid_manager_defaults"],
+ test_suites: ["device-tests"],
+ rustlibs: [
+ "libtempfile",
+ ],
+ multilib: {
+ lib32: {
+ enabled: false,
+ },
+ },
+}
diff --git a/microdroid_manager/microdroid_manager.rc b/microdroid_manager/microdroid_manager.rc
new file mode 100644
index 0000000..c800002
--- /dev/null
+++ b/microdroid_manager/microdroid_manager.rc
@@ -0,0 +1,4 @@
+service microdroid_manager /system/bin/microdroid_manager
+ disabled
+ # TODO(jooyung) remove this when microdroid_manager becomes a daemon
+ oneshot
\ No newline at end of file
diff --git a/microdroid_manager/src/ioutil.rs b/microdroid_manager/src/ioutil.rs
new file mode 100644
index 0000000..e8732ad
--- /dev/null
+++ b/microdroid_manager/src/ioutil.rs
@@ -0,0 +1,74 @@
+// Copyright 2021, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! IO utilities
+
+use std::fs::File;
+use std::io;
+use std::path::Path;
+use std::thread;
+use std::time::{Duration, Instant};
+
+const SLEEP_DURATION: Duration = Duration::from_millis(5);
+
+/// waits for a file with a timeout and returns it
+pub fn wait_for_file<P: AsRef<Path>>(path: P, timeout: Duration) -> io::Result<File> {
+ let begin = Instant::now();
+ loop {
+ match File::open(&path) {
+ Ok(file) => return Ok(file),
+ Err(error) => {
+ if error.kind() != io::ErrorKind::NotFound {
+ return Err(error);
+ }
+ if begin.elapsed() > timeout {
+ return Err(io::Error::from(io::ErrorKind::NotFound));
+ }
+ thread::sleep(SLEEP_DURATION);
+ }
+ }
+ }
+}
+
+#[cfg(test)]
+mod tests {
+ use super::*;
+ use std::io::{Read, Write};
+
+ #[test]
+ fn test_wait_for_file() -> io::Result<()> {
+ let test_dir = tempfile::TempDir::new().unwrap();
+ let test_file = test_dir.path().join("test.txt");
+ thread::spawn(move || -> io::Result<()> {
+ thread::sleep(Duration::from_secs(1));
+ File::create(test_file)?.write_all(b"test")
+ });
+
+ let test_file = test_dir.path().join("test.txt");
+ let mut file = wait_for_file(&test_file, Duration::from_secs(5))?;
+ let mut buffer = String::new();
+ file.read_to_string(&mut buffer)?;
+ assert_eq!("test", buffer);
+ Ok(())
+ }
+
+ #[test]
+ fn test_wait_for_file_fails() {
+ let test_dir = tempfile::TempDir::new().unwrap();
+ let test_file = test_dir.path().join("test.txt");
+ let file = wait_for_file(&test_file, Duration::from_secs(1));
+ assert!(file.is_err());
+ assert_eq!(io::ErrorKind::NotFound, file.unwrap_err().kind());
+ }
+}
diff --git a/microdroid_manager/src/main.rs b/microdroid_manager/src/main.rs
new file mode 100644
index 0000000..fbbe8f3
--- /dev/null
+++ b/microdroid_manager/src/main.rs
@@ -0,0 +1,54 @@
+// Copyright 2021, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Microdroid Manager
+
+mod ioutil;
+mod payload_config;
+mod signature;
+
+use android_logger::Config;
+use log::{info, Level};
+use payload_config::{Task, VmPayloadConfig};
+use std::io;
+use std::path::Path;
+use std::process::{Command, Stdio};
+
+const LOG_TAG: &str = "MicrodroidManager";
+
+fn main() -> io::Result<()> {
+ android_logger::init_once(Config::default().with_tag(LOG_TAG).with_min_level(Level::Debug));
+
+ info!("started.");
+
+ let signature = signature::load()?;
+ if !signature.payload_config_path.is_empty() {
+ let config = VmPayloadConfig::load_from(Path::new(&signature.payload_config_path))?;
+ if let Some(main_task) = &config.task {
+ exec(main_task)?;
+ }
+ }
+
+ Ok(())
+}
+
+/// executes a task
+/// TODO(jooyung): fork a child process
+fn exec(task: &Task) -> io::Result<()> {
+ info!("executing main task {} {:?}...", task.command, task.args);
+ let exit_status =
+ Command::new(&task.command).args(&task.args).stdout(Stdio::inherit()).status()?;
+ info!("exit with {}", &exit_status);
+ Ok(())
+}
diff --git a/microdroid_manager/src/payload_config.rs b/microdroid_manager/src/payload_config.rs
new file mode 100644
index 0000000..bac841a
--- /dev/null
+++ b/microdroid_manager/src/payload_config.rs
@@ -0,0 +1,46 @@
+// Copyright 2021, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! VM Payload Config
+
+use log::info;
+use serde::{Deserialize, Serialize};
+use std::io;
+use std::path::Path;
+use std::time::Duration;
+
+use crate::ioutil;
+
+const WAIT_TIMEOUT: Duration = Duration::from_secs(10);
+
+#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
+pub struct VmPayloadConfig {
+ #[serde(default)]
+ pub task: Option<Task>,
+}
+
+#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
+pub struct Task {
+ pub command: String,
+ #[serde(default)]
+ pub args: Vec<String>,
+}
+
+impl VmPayloadConfig {
+ pub fn load_from(path: &Path) -> io::Result<VmPayloadConfig> {
+ info!("loading config from {:?}...", path);
+ let file = ioutil::wait_for_file(path, WAIT_TIMEOUT)?;
+ Ok(serde_json::from_reader(file)?)
+ }
+}
diff --git a/microdroid_manager/src/signature.rs b/microdroid_manager/src/signature.rs
new file mode 100644
index 0000000..4f06885
--- /dev/null
+++ b/microdroid_manager/src/signature.rs
@@ -0,0 +1,40 @@
+// Copyright 2021, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! MicrodroidSignature from /dev/block/by-name/signature
+//! TODO(jooyung): migrate to "metadata" partition
+
+use log::info;
+use microdroid_signature::microdroid_signature::MicrodroidSignature;
+use protobuf::Message;
+use std::fs::File;
+use std::io;
+use std::io::Read;
+
+const SIGNATURE_PATH: &str = "/dev/block/by-name/signature";
+
+/// loads microdroid_signature from /dev/block/by-name/signature
+pub fn load() -> io::Result<MicrodroidSignature> {
+ info!("loading signature...");
+
+ let mut f = File::open(SIGNATURE_PATH)?;
+ // signature partition is
+ // 4 bytes : size(N) in big endian
+ // N bytes : message for MicrodroidSignature
+ let mut buf = [0u8; 4];
+ f.read_exact(&mut buf)?;
+ let size = i32::from_be_bytes(buf);
+
+ Ok(MicrodroidSignature::parse_from_reader(&mut f.take(size as u64))?)
+}
diff --git a/tests/testapk/assets/vm_config.json b/tests/testapk/assets/vm_config.json
new file mode 100644
index 0000000..e619c3b
--- /dev/null
+++ b/tests/testapk/assets/vm_config.json
@@ -0,0 +1,6 @@
+{
+ "task": {
+ "command": "echo",
+ "args": ["hello", "microdroid"]
+ }
+}
\ No newline at end of file