Merge "Link RELEASE_AVF_ENABLE_MULTI_TENANT_MICRODROID_VM to payload_not_root" into main
diff --git a/libs/microdroid_uids/src/lib.rs b/libs/microdroid_uids/src/lib.rs
index 1f09c65..04dc190 100644
--- a/libs/microdroid_uids/src/lib.rs
+++ b/libs/microdroid_uids/src/lib.rs
@@ -17,6 +17,17 @@
/// Always the user ID of Root.
pub const ROOT_UID: u32 = 0;
+// Android reserves UID/GIDs 6000-6499 for use by the system partition -
+// see AID_SYSTEM_RESERVED_START.
+// Within Microdroid we own the system partition, so they are free for our
+// use. The Microdroid system image includes /system/ext/passwd and
+// /system/ext/group files that allocate names to the IDs that we are
+// using, so that tools like `ps` handle them correctly - see build targets
+// microdroid_etc_passwd and microdroid_etc_group.
+// (Our UIDs are entirely separate from Android's, but we use the same
+// Bionic, and it uses the Android definitions - so using a reserved range
+// helps avoid confusion.)
+
/// Group ID shared by all payload users.
pub const MICRODROID_PAYLOAD_GID: u32 = if cfg!(payload_not_root) { 6000 } else { 0 };
diff --git a/microdroid/linker.config.json b/microdroid/linker.config.json
index fd90821..7b59ca2 100644
--- a/microdroid/linker.config.json
+++ b/microdroid/linker.config.json
@@ -1,18 +1,5 @@
{
"requireLibs": [
- "libdexfile.so",
- "libdexfiled.so",
- "libnativebridge.so",
- "libnativehelper.so",
- "libnativeloader.so",
- "libsigchain.so",
- "libandroidicu.so",
- "libicu.so",
- "libicui18n.so",
- "libicuuc.so",
- "libnetd_resolv.so",
- "libstatspull.so",
- "libstatssocket.so",
"libadb_pairing_auth.so",
"libadb_pairing_connection.so",
"libadb_pairing_server.so"
diff --git a/microdroid_manager/src/main.rs b/microdroid_manager/src/main.rs
index 5a5b34a..1c79452 100644
--- a/microdroid_manager/src/main.rs
+++ b/microdroid_manager/src/main.rs
@@ -855,7 +855,7 @@
info!("executing main task {:?}...", task);
let mut command = match task.type_ {
TaskType::Executable => {
- // TODO(b/296393106): Run system payloads as non-root.
+ // TODO(b/297501338): Figure out how to handle non-root for system payloads.
Command::new(&task.command)
}
TaskType::MicrodroidLauncher => {
diff --git a/virtualizationmanager/src/payload.rs b/virtualizationmanager/src/payload.rs
index 343f3cf..3bfad33 100644
--- a/virtualizationmanager/src/payload.rs
+++ b/virtualizationmanager/src/payload.rs
@@ -41,11 +41,6 @@
use std::time::SystemTime;
use vmconfig::open_parcel_file;
-/// The list of APEXes which microdroid requires.
-// TODO(b/192200378) move this to microdroid.json?
-const MICRODROID_REQUIRED_APEXES: [&str; 1] = ["com.android.os.statsd"];
-const MICRODROID_REQUIRED_APEXES_DEBUG: [&str; 1] = ["com.android.adbd"];
-
const APEX_INFO_LIST_PATH: &str = "/apex/apex-info-list.xml";
const PACKAGE_MANAGER_NATIVE_SERVICE: &str = "package_native";
@@ -395,17 +390,17 @@
apex_configs: &[ApexConfig],
debug_config: &DebugConfig,
) -> Result<Vec<&'a ApexInfo>> {
- let mut additional_apexes: Vec<&str> = MICRODROID_REQUIRED_APEXES.to_vec();
- if debug_config.should_include_debug_apexes() {
- additional_apexes.extend(MICRODROID_REQUIRED_APEXES_DEBUG.to_vec());
- }
+ // APEXes which any Microdroid VM needs.
+ // TODO(b/192200378) move this to microdroid.json?
+ let required_apexes: &[_] =
+ if debug_config.should_include_debug_apexes() { &["com.android.adbd"] } else { &[] };
let apex_infos = apex_list
.list
.iter()
.filter(|ai| {
apex_configs.iter().any(|cfg| ai.matches(cfg) && ai.is_active)
- || additional_apexes.iter().any(|name| name == &ai.name && ai.is_active)
+ || required_apexes.iter().any(|name| name == &ai.name && ai.is_active)
|| ai.provide_shared_apex_libs
})
.collect();
@@ -487,6 +482,7 @@
#[cfg(test)]
mod tests {
use super::*;
+ use std::collections::HashMap;
use tempfile::NamedTempFile;
#[test]
@@ -505,43 +501,36 @@
#[test]
fn test_collect_apexes() -> Result<()> {
- let apex_info_list = ApexInfoList {
- list: vec![
+ let apex_infos_for_test = [
+ (
+ "adbd",
ApexInfo {
- // 0
name: "com.android.adbd".to_string(),
path: PathBuf::from("adbd"),
preinstalled_path: PathBuf::from("/system/adbd"),
has_classpath_jar: false,
last_update_seconds: 12345678,
is_factory: true,
- is_active: true,
- ..Default::default()
- },
- ApexInfo {
- // 1
- name: "com.android.os.statsd".to_string(),
- path: PathBuf::from("statsd"),
- preinstalled_path: PathBuf::from("/system/statsd"),
- has_classpath_jar: false,
- last_update_seconds: 12345678,
- is_factory: true,
is_active: false,
..Default::default()
},
+ ),
+ (
+ "adbd_updated",
ApexInfo {
- // 2
- name: "com.android.os.statsd".to_string(),
- path: PathBuf::from("statsd/updated"),
- preinstalled_path: PathBuf::from("/system/statsd"),
+ name: "com.android.adbd".to_string(),
+ path: PathBuf::from("adbd"),
+ preinstalled_path: PathBuf::from("/system/adbd"),
has_classpath_jar: false,
last_update_seconds: 12345678 + 1,
is_factory: false,
is_active: true,
..Default::default()
},
+ ),
+ (
+ "no_classpath",
ApexInfo {
- // 3
name: "no_classpath".to_string(),
path: PathBuf::from("no_classpath"),
has_classpath_jar: false,
@@ -550,8 +539,10 @@
is_active: true,
..Default::default()
},
+ ),
+ (
+ "has_classpath",
ApexInfo {
- // 4
name: "has_classpath".to_string(),
path: PathBuf::from("has_classpath"),
has_classpath_jar: true,
@@ -560,8 +551,10 @@
is_active: false,
..Default::default()
},
+ ),
+ (
+ "has_classpath_updated",
ApexInfo {
- // 5
name: "has_classpath".to_string(),
path: PathBuf::from("has_classpath/updated"),
preinstalled_path: PathBuf::from("/system/has_classpath"),
@@ -571,8 +564,10 @@
is_active: true,
..Default::default()
},
+ ),
+ (
+ "apex-foo",
ApexInfo {
- // 6
name: "apex-foo".to_string(),
path: PathBuf::from("apex-foo"),
preinstalled_path: PathBuf::from("/system/apex-foo"),
@@ -582,8 +577,10 @@
is_active: false,
..Default::default()
},
+ ),
+ (
+ "apex-foo-updated",
ApexInfo {
- // 7
name: "apex-foo".to_string(),
path: PathBuf::from("apex-foo/updated"),
preinstalled_path: PathBuf::from("/system/apex-foo"),
@@ -593,8 +590,10 @@
is_active: true,
..Default::default()
},
+ ),
+ (
+ "sharedlibs",
ApexInfo {
- // 8
name: "sharedlibs".to_string(),
path: PathBuf::from("apex-foo"),
preinstalled_path: PathBuf::from("/system/apex-foo"),
@@ -603,8 +602,10 @@
provide_shared_apex_libs: true,
..Default::default()
},
+ ),
+ (
+ "sharedlibs-updated",
ApexInfo {
- // 9
name: "sharedlibs".to_string(),
path: PathBuf::from("apex-foo/updated"),
preinstalled_path: PathBuf::from("/system/apex-foo"),
@@ -613,8 +614,12 @@
provide_shared_apex_libs: true,
..Default::default()
},
- ],
+ ),
+ ];
+ let apex_info_list = ApexInfoList {
+ list: apex_infos_for_test.iter().map(|(_, info)| info).cloned().collect(),
};
+ let apex_info_map = HashMap::from(apex_infos_for_test);
let apex_configs = vec![
ApexConfig { name: "apex-foo".to_string() },
ApexConfig { name: "{CLASSPATH}".to_string() },
@@ -627,14 +632,13 @@
)?,
vec![
// Pass active/required APEXes
- &apex_info_list.list[0],
- &apex_info_list.list[2],
+ &apex_info_map["adbd_updated"],
// Pass active APEXes specified in the config
- &apex_info_list.list[5],
- &apex_info_list.list[7],
+ &apex_info_map["has_classpath_updated"],
+ &apex_info_map["apex-foo-updated"],
// Pass both preinstalled(inactive) and updated(active) for "sharedlibs" APEXes
- &apex_info_list.list[8],
- &apex_info_list.list[9],
+ &apex_info_map["sharedlibs"],
+ &apex_info_map["sharedlibs-updated"],
]
);
Ok(())