authfs: Support RPC binder
This change adds a new flag --rpc-binder to authfs, and --cid to
fd_server. The flag allows both to communicate through vsock. The
capability of local binder is kept for now (and still the default),
but can be removed later.
The change relies on the newly introduced libbinder_rpc_unstable.so
and the corresponding bindgen, in order to access the unstable API from
Rust.
Also, add authfs and libbinder_rpc_unstable to microdroid.
Bug: 190547489
Bug: 189947807
Test: [Android shell] sh -c 'exec 9<>/data/local/tmp/output \
/apex/com.android.virt/bin/fd_server --rw-fds 9 --rpc-binder'
[VM shell] /apex/com.android.virt/bin/authfs \
/data/local/tmp --cid 2 --remote-new-rw-file 9:9
[VM shell 2] ps -A > /data/local/tmp/9
[Android shell] cat /data/local/tmp/output # see correct data
Change-Id: I200f746aa4078508a0f0d2498a1525bb898a6e3b
diff --git a/authfs/src/main.rs b/authfs/src/main.rs
index b30195a..593fa74 100644
--- a/authfs/src/main.rs
+++ b/authfs/src/main.rs
@@ -53,6 +53,10 @@
#[structopt(parse(from_os_str))]
mount_point: PathBuf,
+ /// CID of the VM where the service runs.
+ #[structopt(long)]
+ cid: Option<u32>,
+
/// A read-only remote file with integrity check. Can be multiple.
///
/// For example, `--remote-verified-file 5:10:1234:/path/to/cert` tells the filesystem to
@@ -205,8 +209,11 @@
})
}
-fn new_config_remote_verified_file(remote_id: i32, file_size: u64) -> Result<FileConfig> {
- let service = file::get_local_binder();
+fn new_config_remote_verified_file(
+ service: file::VirtFdService,
+ remote_id: i32,
+ file_size: u64,
+) -> Result<FileConfig> {
let signature = service.readFsveritySignature(remote_id).context("Failed to read signature")?;
let service = Arc::new(Mutex::new(service));
@@ -223,8 +230,12 @@
})
}
-fn new_config_remote_unverified_file(remote_id: i32, file_size: u64) -> Result<FileConfig> {
- let reader = RemoteFileReader::new(Arc::new(Mutex::new(file::get_local_binder())), remote_id);
+fn new_config_remote_unverified_file(
+ service: file::VirtFdService,
+ remote_id: i32,
+ file_size: u64,
+) -> Result<FileConfig> {
+ let reader = RemoteFileReader::new(Arc::new(Mutex::new(service)), remote_id);
Ok(FileConfig::RemoteUnverifiedReadonlyFile { reader, file_size })
}
@@ -251,31 +262,38 @@
Ok(FileConfig::LocalUnverifiedReadonlyFile { reader, file_size })
}
-fn new_config_remote_new_verified_file(remote_id: i32) -> Result<FileConfig> {
- let remote_file =
- RemoteFileEditor::new(Arc::new(Mutex::new(file::get_local_binder())), remote_id);
+fn new_config_remote_new_verified_file(
+ service: file::VirtFdService,
+ remote_id: i32,
+) -> Result<FileConfig> {
+ let remote_file = RemoteFileEditor::new(Arc::new(Mutex::new(service)), remote_id);
Ok(FileConfig::RemoteVerifiedNewFile { editor: VerifiedFileEditor::new(remote_file) })
}
fn prepare_file_pool(args: &Args) -> Result<BTreeMap<Inode, FileConfig>> {
let mut file_pool = BTreeMap::new();
+ let service = file::get_binder_service(args.cid)?;
+
for config in &args.remote_ro_file {
file_pool.insert(
config.ino,
- new_config_remote_verified_file(config.remote_id, config.file_size)?,
+ new_config_remote_verified_file(service.clone(), config.remote_id, config.file_size)?,
);
}
for config in &args.remote_ro_file_unverified {
file_pool.insert(
config.ino,
- new_config_remote_unverified_file(config.remote_id, config.file_size)?,
+ new_config_remote_unverified_file(service.clone(), config.remote_id, config.file_size)?,
);
}
for config in &args.remote_new_rw_file {
- file_pool.insert(config.ino, new_config_remote_new_verified_file(config.remote_id)?);
+ file_pool.insert(
+ config.ino,
+ new_config_remote_new_verified_file(service.clone(), config.remote_id)?,
+ );
}
for config in &args.local_ro_file {