authfs: Remove local binder support
Bug: 190851176
Test: atest AuthFsHostTest ComposHostTestCases
Change-Id: I975b53e82d83fcc03b80e26dca886f5f6b724078
diff --git a/authfs/fd_server/src/main.rs b/authfs/fd_server/src/main.rs
index 4f17c83..7e551a3 100644
--- a/authfs/fd_server/src/main.rs
+++ b/authfs/fd_server/src/main.rs
@@ -14,20 +14,17 @@
* limitations under the License.
*/
-//! This program is a constrained file/FD server to serve file requests through a remote[1] binder
+//! This program is a constrained file/FD server to serve file requests through a remote binder
//! service. The file server is not designed to serve arbitrary file paths in the filesystem. On
//! the contrary, the server should be configured to start with already opened FDs, and serve the
//! client's request against the FDs
//!
//! For example, `exec 9</path/to/file fd_server --ro-fds 9` starts the binder service. A client
//! client can then request the content of file 9 by offset and size.
-//!
-//! [1] Since the remote binder is not ready, this currently implementation uses local binder
-//! first.
mod fsverity;
-use anyhow::{bail, Context, Result};
+use anyhow::{bail, Result};
use binder::unstable_api::AsNative;
use log::{debug, error};
use std::cmp::min;
@@ -44,11 +41,9 @@
MAX_REQUESTING_DATA,
};
use authfs_aidl_interface::binder::{
- add_service, BinderFeatures, ExceptionCode, Interface, ProcessState, Result as BinderResult,
- Status, StatusCode, Strong,
+ BinderFeatures, ExceptionCode, Interface, Result as BinderResult, Status, StatusCode, Strong,
};
-const SERVICE_NAME: &str = "authfs_fd_server";
const RPC_SERVICE_PORT: u32 = 3264; // TODO: support dynamic port for multiple fd_server instances
fn new_binder_exception<T: AsRef<str>>(exception: ExceptionCode, message: T) -> Status {
@@ -301,7 +296,7 @@
Ok((fd, FdConfig::ReadWrite(file)))
}
-fn parse_args() -> Result<(bool, BTreeMap<i32, FdConfig>)> {
+fn parse_args() -> Result<BTreeMap<i32, FdConfig>> {
#[rustfmt::skip]
let matches = clap::App::new("fd_server")
.arg(clap::Arg::with_name("ro-fds")
@@ -312,8 +307,6 @@
.long("rw-fds")
.multiple(true)
.number_of_values(1))
- .arg(clap::Arg::with_name("rpc-binder")
- .long("rpc-binder"))
.get_matches();
let mut fd_pool = BTreeMap::new();
@@ -330,8 +323,7 @@
}
}
- let rpc_binder = matches.is_present("rpc-binder");
- Ok((rpc_binder, fd_pool))
+ Ok(fd_pool)
}
fn main() -> Result<()> {
@@ -339,32 +331,22 @@
android_logger::Config::default().with_tag("fd_server").with_min_level(log::Level::Debug),
);
- let (rpc_binder, fd_pool) = parse_args()?;
+ let fd_pool = parse_args()?;
- if rpc_binder {
- let mut service = FdService::new_binder(fd_pool).as_binder();
- debug!("fd_server is starting as a rpc service.");
- // SAFETY: Service ownership is transferring to the server and won't be valid afterward.
- // Plus the binder objects are threadsafe.
- let retval = unsafe {
- binder_rpc_unstable_bindgen::RunRpcServer(
- service.as_native_mut() as *mut binder_rpc_unstable_bindgen::AIBinder,
- RPC_SERVICE_PORT,
- )
- };
- if retval {
- debug!("RPC server has shut down gracefully");
- Ok(())
- } else {
- bail!("Premature termination of RPC server");
- }
+ let mut service = FdService::new_binder(fd_pool).as_binder();
+ debug!("fd_server is starting as a rpc service.");
+ // SAFETY: Service ownership is transferring to the server and won't be valid afterward.
+ // Plus the binder objects are threadsafe.
+ let retval = unsafe {
+ binder_rpc_unstable_bindgen::RunRpcServer(
+ service.as_native_mut() as *mut binder_rpc_unstable_bindgen::AIBinder,
+ RPC_SERVICE_PORT,
+ )
+ };
+ if retval {
+ debug!("RPC server has shut down gracefully");
+ Ok(())
} else {
- ProcessState::start_thread_pool();
- let service = FdService::new_binder(fd_pool).as_binder();
- add_service(SERVICE_NAME, service)
- .with_context(|| format!("Failed to register service {}", SERVICE_NAME))?;
- debug!("fd_server is running as a local service.");
- ProcessState::join_thread_pool();
- bail!("Unexpected exit after join_thread_pool")
+ bail!("Premature termination of RPC server");
}
}
diff --git a/authfs/src/file.rs b/authfs/src/file.rs
index 703eddb..947b59f 100644
--- a/authfs/src/file.rs
+++ b/authfs/src/file.rs
@@ -10,7 +10,7 @@
use crate::common::CHUNK_SIZE;
use authfs_aidl_interface::aidl::com::android::virt::fs::IVirtFdService::IVirtFdService;
-use authfs_aidl_interface::binder::{get_interface, Strong};
+use authfs_aidl_interface::binder::Strong;
pub type VirtFdService = Strong<dyn IVirtFdService>;
@@ -18,17 +18,7 @@
pub const RPC_SERVICE_PORT: u32 = 3264;
-fn get_local_binder() -> io::Result<VirtFdService> {
- let service_name = "authfs_fd_server";
- get_interface(service_name).map_err(|e| {
- io::Error::new(
- io::ErrorKind::AddrNotAvailable,
- format!("Cannot reach authfs_fd_server binder service: {}", e),
- )
- })
-}
-
-fn get_rpc_binder(cid: u32) -> io::Result<VirtFdService> {
+pub fn get_rpc_binder_service(cid: u32) -> io::Result<VirtFdService> {
// SAFETY: AIBinder returned by RpcClient has correct reference count, and the ownership can be
// safely taken by new_spibinder.
let ibinder = unsafe {
@@ -46,14 +36,6 @@
}
}
-pub fn get_binder_service(cid: Option<u32>) -> io::Result<VirtFdService> {
- if let Some(cid) = cid {
- get_rpc_binder(cid)
- } else {
- get_local_binder()
- }
-}
-
/// A trait for reading data by chunks. Chunks can be read by specifying the chunk index. Only the
/// last chunk may have incomplete chunk size.
pub trait ReadByChunk {
diff --git a/authfs/src/main.rs b/authfs/src/main.rs
index e004b81..c85d801 100644
--- a/authfs/src/main.rs
+++ b/authfs/src/main.rs
@@ -55,7 +55,7 @@
/// CID of the VM where the service runs.
#[structopt(long)]
- cid: Option<u32>,
+ cid: u32,
/// Extra options to FUSE
#[structopt(short = "o")]
@@ -275,7 +275,7 @@
let mut file_pool = BTreeMap::new();
if args.has_remote_files() {
- let service = file::get_binder_service(args.cid)?;
+ let service = file::get_rpc_binder_service(args.cid)?;
for config in &args.remote_ro_file {
file_pool.insert(
diff --git a/authfs/tests/java/src/com/android/fs/AuthFsHostTest.java b/authfs/tests/java/src/com/android/fs/AuthFsHostTest.java
index e03e9c0..1b4fa4a 100644
--- a/authfs/tests/java/src/com/android/fs/AuthFsHostTest.java
+++ b/authfs/tests/java/src/com/android/fs/AuthFsHostTest.java
@@ -151,7 +151,7 @@
// Setup
runFdServerOnAndroid(
"3<input.4m 4<input.4m.merkle_dump 5<input.4m.fsv_sig 6<input.4m",
- "--ro-fds 3:4:5 --ro-fds 6 --rpc-binder");
+ "--ro-fds 3:4:5 --ro-fds 6");
runAuthFsOnMicrodroid(
"--remote-ro-file-unverified 10:6 --remote-ro-file 11:3:cert.der --cid 2");
@@ -176,7 +176,7 @@
runFdServerOnAndroid(
"3<input.4k 4<input.4k.merkle_dump 5<input.4k.fsv_sig"
+ " 6<input.4k1 7<input.4k1.merkle_dump 8<input.4k1.fsv_sig",
- "--ro-fds 3:4:5 --ro-fds 6:7:8 --rpc-binder");
+ "--ro-fds 3:4:5 --ro-fds 6:7:8");
runAuthFsOnMicrodroid(
"--remote-ro-file 10:3:cert.der --remote-ro-file 11:6:cert.der --cid 2");
@@ -197,8 +197,7 @@
throws DeviceNotAvailableException, InterruptedException {
// Setup
runFdServerOnAndroid(
- "3<input.4m 4<input.4m.merkle_dump.bad 5<input.4m.fsv_sig",
- "--ro-fds 3:4:5 --rpc-binder");
+ "3<input.4m 4<input.4m.merkle_dump.bad 5<input.4m.fsv_sig", "--ro-fds 3:4:5");
runAuthFsOnMicrodroid("--remote-ro-file 10:3:cert.der --cid 2");
// Verify
@@ -209,7 +208,7 @@
public void testWriteThroughCorrectly()
throws DeviceNotAvailableException, InterruptedException {
// Setup
- runFdServerOnAndroid("3<>output", "--rw-fds 3 --rpc-binder");
+ runFdServerOnAndroid("3<>output", "--rw-fds 3");
runAuthFsOnMicrodroid("--remote-new-rw-file 20:3 --cid 2");
// Action
@@ -227,7 +226,7 @@
public void testWriteFailedIfDetectsTampering()
throws DeviceNotAvailableException, InterruptedException {
// Setup
- runFdServerOnAndroid("3<>output", "--rw-fds 3 --rpc-binder");
+ runFdServerOnAndroid("3<>output", "--rw-fds 3");
runAuthFsOnMicrodroid("--remote-new-rw-file 20:3 --cid 2");
String srcPath = "/system/bin/linker64";
@@ -258,7 +257,7 @@
@Test
public void testFileResize() throws DeviceNotAvailableException, InterruptedException {
// Setup
- runFdServerOnAndroid("3<>output", "--rw-fds 3 --rpc-binder");
+ runFdServerOnAndroid("3<>output", "--rw-fds 3");
runAuthFsOnMicrodroid("--remote-new-rw-file 20:3 --cid 2");
String outputPath = MOUNT_DIR + "/20";
String backendPath = TEST_DIR + "/output";
diff --git a/compos/src/pvm_exec.rs b/compos/src/pvm_exec.rs
index cbcae8f..6938370 100644
--- a/compos/src/pvm_exec.rs
+++ b/compos/src/pvm_exec.rs
@@ -67,7 +67,7 @@
vec![]
};
- let mut args = vec![FD_SERVER_BIN.to_string(), "--rpc-binder".to_string()];
+ let mut args = vec![FD_SERVER_BIN.to_string()];
for fd in &fd_annotation.input_fds {
args.push("--ro-fds".to_string());
args.push(fd.to_string());