| commit | 209074a40046b7cd682273c972508be6ed43395c | [log] [tgz] |
|---|---|---|
| author | David Brazdil <dbrazdil@google.com> | Thu Jan 12 16:44:51 2023 +0000 |
| committer | David Brazdil <dbrazdil@google.com> | Fri Jan 13 11:11:12 2023 +0000 |
| tree | b205810c44d4d1a4f8ec227c96d662608ea533f7 | |
| parent | cc197763e746df73e1da9f15264209fc830b68cc [diff] |
Move permission checks to global VS When a client sends a request to virtmgr, it checks the client's corresponding permission. Handling the request may later require calling into VirtualizationServiceInternal (global VS), at which point no more checks are performed as the only domain allowed to call it is virtmgr. We can make this a little neater by moving the permission check to the global VS and let virtmgr propagate the error if it fails. This way we do not need to assume virtmgr is the only domain that calls VS. This works for: * create VM => check MANAGE_VIRTUAL_MACHINE in VS when VM context is allocated * debug list VMs => check DEBUG_VIRTUAL_MACHINE in VS On the other hand, it does not work for USE_CUSTOM_VIRTUAL_MACHINE, which can only be checked in virtmgr. We also keep checking MANAGE_VIRTUAL_MACHINE for virtmgr operations that create idsig/instance.img/encrypted store. These do not perform any privileged operations but we keep them for API consistency. Bug: 245727626 Test: atest -p packages/modules/Virtualization:avf-presubmit Change-Id: I5bc5e73ec72173d5422f27cec91b6227a11f744d
This repository contains userspace services related to running virtual machines on Android, especially protected virtual machines. See the getting started documentation and Microdroid README for more information.