Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 16e027fed75215bb523efc4b9c02d0903dd1f770^! / . / compos / composd / src / instance_starter.rs
commit16e027fed75215bb523efc4b9c02d0903dd1f770[log] [tgz]
authorAlan Stokes <alanstokes@google.com>Mon Oct 04 17:57:31 2021 +0100
committerAlan Stokes <alanstokes@google.com>Tue Oct 05 13:58:34 2021 +0100
tree2fe9dc0a491c787d0cbc33831395174aec31f1c1
parent16a2b5b7ceca6fe83931f55c41534596653b16c6 [diff] [blame]
composd should open instance image RW

The instance image for the VMs composd creates should be read/write,
so that instance information can be updated.

We don't do this in verify_key, since it should only ever start an
existing instance and never modify it.

Bug: 186126194
Test: atest ComposTestCase
Change-Id: I1c5eaa17881e9b089a697b2b218163d192373936

diff --git a/compos/composd/src/instance_starter.rs b/compos/composd/src/instance_starter.rs
index ec95ff8..1751d35 100644
--- a/compos/composd/src/instance_starter.rs
+++ b/compos/composd/src/instance_starter.rs

@@ -89,8 +89,8 @@
         let key_blob = fs::read(&self.key_blob).context("Reading private key blob")?;
         let public_key = fs::read(&self.public_key).context("Reading public key")?;
 
-        let vm_instance = VmInstance::start(&self.instance_image).context("Starting VM")?;
-        let service = vm_instance.get_service().context("Connecting to CompOS")?;
+        let compos_instance = self.start_vm()?;
+        let service = &compos_instance.service;
 
         if !service.verifySigningKey(&key_blob, &public_key).context("Verifying key pair")? {
             bail!("Key pair invalid");
@@ -102,7 +102,7 @@
 
         service.initializeSigningKey(&key_blob).context("Loading signing key")?;
 
-        Ok(CompOsInstance { vm_instance, service })
+        Ok(compos_instance)
     }
 
     fn start_new_instance(
@@ -116,8 +116,8 @@
 
         self.create_instance_image(virtualization_service)?;
 
-        let vm_instance = VmInstance::start(&self.instance_image).context("Starting VM")?;
-        let service = vm_instance.get_service().context("Connecting to CompOS")?;
+        let compos_instance = self.start_vm()?;
+        let service = &compos_instance.service;
 
         let key_data = service.generateSigningKey().context("Generating signing key")?;
         fs::write(&self.key_blob, &key_data.keyBlob).context("Writing key blob")?;
@@ -133,6 +133,17 @@
 
         service.initializeSigningKey(&key_data.keyBlob).context("Loading signing key")?;
 
+        Ok(compos_instance)
+    }
+
+    fn start_vm(&self) -> Result<CompOsInstance> {
+        let instance_image = fs::OpenOptions::new()
+            .read(true)
+            .write(true)
+            .open(&self.instance_image)
+            .context("Failed to open instance image")?;
+        let vm_instance = VmInstance::start(instance_image).context("Starting VM")?;
+        let service = vm_instance.get_service().context("Connecting to CompOS")?;
         Ok(CompOsInstance { vm_instance, service })
     }