Merge "Fix warnings in preparation for Rust 1.55.0"
diff --git a/authfs/tests/AndroidTest.xml b/authfs/tests/AndroidTest.xml
index 6100ab9..edfec78 100644
--- a/authfs/tests/AndroidTest.xml
+++ b/authfs/tests/AndroidTest.xml
@@ -15,6 +15,9 @@
-->
<configuration description="Config for authfs tests">
+ <!-- Make sure pKVM is available on the device -->
+ <target_preparer class="com.android.tradefed.targetprep.PkvmPreparer"/>
+
<!-- Need root to start virtualizationservice -->
<target_preparer class="com.android.tradefed.targetprep.RootTargetPreparer"/>
diff --git a/compos/tests/AndroidTest.xml b/compos/tests/AndroidTest.xml
index 61b6d47..3331705 100644
--- a/compos/tests/AndroidTest.xml
+++ b/compos/tests/AndroidTest.xml
@@ -14,6 +14,9 @@
limitations under the License.
-->
<configuration description="Tests for CompOS">
+ <!-- Make sure pKVM is available on the device -->
+ <target_preparer class="com.android.tradefed.targetprep.PkvmPreparer"/>
+
<target_preparer class="com.android.tradefed.targetprep.RootTargetPreparer">
<option name="force-root" value="true" />
</target_preparer>
diff --git a/microdroid/init.rc b/microdroid/init.rc
index 347f514..23434bb 100644
--- a/microdroid/init.rc
+++ b/microdroid/init.rc
@@ -18,12 +18,11 @@
start ueventd
mkdir /mnt/apk 0755 system system
+ # Microdroid_manager starts apkdmverity/zipfuse/apexd
start microdroid_manager
- # Exec apexd in the VM mode to avoid unnecessary overhead of normal mode.
- # (e.g. session management)
- exec - root system -- /system/bin/apexd --vm
-
+ # Wait for apexd to finish activating APEXes before starting more processes.
+ wait_for_prop apexd.status activated
perform_apex_config
# Notify to microdroid_manager that perform_apex_config is done.
@@ -170,6 +169,12 @@
mkdir /data/local 0751 root root
mkdir /data/local/tmp 0771 shell shell
+service apexd-vm /system/bin/apexd --vm
+ user root
+ group system
+ oneshot
+ disabled
+
service ueventd /system/bin/ueventd
class core
critical
diff --git a/microdroid/payload/metadata.proto b/microdroid/payload/metadata.proto
index 0fa0650..4c32dde 100644
--- a/microdroid/payload/metadata.proto
+++ b/microdroid/payload/metadata.proto
@@ -38,11 +38,7 @@
// Optional.
// When specified, the public key used to sign the apex should match with it.
- string publicKey = 3;
-
- // Optional.
- // When specified, the root digest of the apex should match with it.
- string rootDigest = 4;
+ bytes public_key = 3;
}
message ApkPayload {
diff --git a/microdroid/uboot-env-x86_64.txt b/microdroid/uboot-env-x86_64.txt
index fabe5b4..0064cac 100644
--- a/microdroid/uboot-env-x86_64.txt
+++ b/microdroid/uboot-env-x86_64.txt
@@ -3,7 +3,7 @@
# Boot the device following the Android boot procedure
# `0` is the disk number of os_composite.img
# `a` and `_a` are the slot index for A/B
-bootcmd=avb init virtio 0 && avb verify _a && env set bootargs "$bootargs $avb_bootargs" && boot_android virtio 0 a
+bootcmd=verified_boot_android virtio 0 a
bootdelay=0
diff --git a/microdroid/uboot-env.txt b/microdroid/uboot-env.txt
index 2c5bee7..b5f3968 100644
--- a/microdroid/uboot-env.txt
+++ b/microdroid/uboot-env.txt
@@ -3,7 +3,7 @@
# Boot the device following the Android boot procedure
# `0` is the disk number of os_composite.img
# `a` and `_a` are the slot index for A/B
-bootcmd=avb init virtio 0 && avb verify _a && env set bootargs "$bootargs $avb_bootargs" && boot_android virtio 0 a
+bootcmd=verified_boot_android virtio 0 a
bootdelay=0
fdtaddr=0x80000000
diff --git a/microdroid_manager/src/ioutil.rs b/microdroid_manager/src/ioutil.rs
index e8732ad..ab82e05 100644
--- a/microdroid_manager/src/ioutil.rs
+++ b/microdroid_manager/src/ioutil.rs
@@ -14,6 +14,7 @@
//! IO utilities
+use anyhow::{anyhow, Result};
use std::fs::File;
use std::io;
use std::path::Path;
@@ -23,17 +24,17 @@
const SLEEP_DURATION: Duration = Duration::from_millis(5);
/// waits for a file with a timeout and returns it
-pub fn wait_for_file<P: AsRef<Path>>(path: P, timeout: Duration) -> io::Result<File> {
+pub fn wait_for_file<P: AsRef<Path>>(path: P, timeout: Duration) -> Result<File> {
let begin = Instant::now();
loop {
match File::open(&path) {
Ok(file) => return Ok(file),
Err(error) => {
if error.kind() != io::ErrorKind::NotFound {
- return Err(error);
+ return Err(anyhow!(error));
}
if begin.elapsed() > timeout {
- return Err(io::Error::from(io::ErrorKind::NotFound));
+ return Err(anyhow!(io::Error::from(io::ErrorKind::NotFound)));
}
thread::sleep(SLEEP_DURATION);
}
@@ -47,7 +48,7 @@
use std::io::{Read, Write};
#[test]
- fn test_wait_for_file() -> io::Result<()> {
+ fn test_wait_for_file() -> Result<()> {
let test_dir = tempfile::TempDir::new().unwrap();
let test_file = test_dir.path().join("test.txt");
thread::spawn(move || -> io::Result<()> {
@@ -69,6 +70,9 @@
let test_file = test_dir.path().join("test.txt");
let file = wait_for_file(&test_file, Duration::from_secs(1));
assert!(file.is_err());
- assert_eq!(io::ErrorKind::NotFound, file.unwrap_err().kind());
+ assert_eq!(
+ io::ErrorKind::NotFound,
+ file.unwrap_err().root_cause().downcast_ref::<io::Error>().unwrap().kind()
+ );
}
}
diff --git a/microdroid_manager/src/main.rs b/microdroid_manager/src/main.rs
index 2e80b90..204feab 100644
--- a/microdroid_manager/src/main.rs
+++ b/microdroid_manager/src/main.rs
@@ -19,16 +19,16 @@
mod payload;
use crate::instance::{ApkData, InstanceDisk, MicrodroidData, RootHash};
-use anyhow::{anyhow, bail, Context, Result};
+use anyhow::{anyhow, bail, ensure, Context, Result};
use apkverify::verify;
use binder::unstable_api::{new_spibinder, AIBinder};
use binder::{FromIBinder, Strong};
use idsig::V4Signature;
use log::{error, info, warn};
-use microdroid_metadata::Metadata;
+use microdroid_metadata::{write_metadata, Metadata};
use microdroid_payload_config::{Task, TaskType, VmPayloadConfig};
use nix::ioctl_read_bad;
-use payload::{get_apex_data_from_payload, load_metadata};
+use payload::{get_apex_data_from_payload, load_metadata, to_metadata};
use rustutils::system_properties;
use rustutils::system_properties::PropertyWatcher;
use std::fs::{self, File, OpenOptions};
@@ -111,13 +111,11 @@
instance.write_microdroid_data(&verified_data).context("Failed to write identity data")?;
}
- wait_for_apex_config_done()?;
+ // Before reading a file from the APK, start zipfuse
+ system_properties::write("ctl.start", "zipfuse")?;
let service = get_vms_rpc_binder().expect("cannot connect to VirtualMachineService");
if !metadata.payload_config_path.is_empty() {
- // Before reading a file from the APK, start zipfuse
- system_properties::write("ctl.start", "zipfuse")?;
-
let config = load_config(Path::new(&metadata.payload_config_path))?;
let fake_secret = "This is a placeholder for a value that is derived from the images that are loaded in the VM.";
@@ -125,7 +123,10 @@
warn!("failed to set ro.vmsecret.keymint: {}", err);
}
+ // Wait until apex config is done. (e.g. linker configuration for apexes)
// TODO(jooyung): wait until sys.boot_completed?
+ wait_for_apex_config_done()?;
+
if let Some(main_task) = &config.task {
exec_task(main_task, &service).map_err(|e| {
error!("failed to execute task: {}", e);
@@ -161,9 +162,23 @@
// Start apkdmverity and wait for the dm-verify block
system_properties::write("ctl.start", "apkdmverity")?;
- // While waiting for apkdmverity to mount APK, gathers APEX pubkeys used by APEXd.
- // These will be compared ones from instance.img.
+ // While waiting for apkdmverity to mount APK, gathers APEX pubkeys from payload.
let apex_data_from_payload = get_apex_data_from_payload(metadata)?;
+ if let Some(saved_data) = saved_data.map(|d| &d.apex_data) {
+ // For APEX payload, we don't support updating their pubkeys
+ ensure!(saved_data == &apex_data_from_payload, "APEX payloads has changed.");
+ let apex_metadata = to_metadata(&apex_data_from_payload);
+ // Pass metadata(with pubkeys) to apexd so that it uses the passed metadata
+ // instead of the default one (/dev/block/by-name/payload-metadata)
+ OpenOptions::new()
+ .create_new(true)
+ .write(true)
+ .open("/apex/vm-payload-metadata")
+ .context("Failed to open /apex/vm-payload-metadata")
+ .and_then(|f| write_metadata(&apex_metadata, f))?;
+ }
+ // Start apexd to activate APEXes
+ system_properties::write("ctl.start", "apexd-vm")?;
ioutil::wait_for_file(DM_MOUNTED_APK_PATH, WAIT_TIMEOUT)?;
diff --git a/microdroid_manager/src/payload.rs b/microdroid_manager/src/payload.rs
index bfc6c09..bf9d9f9 100644
--- a/microdroid_manager/src/payload.rs
+++ b/microdroid_manager/src/payload.rs
@@ -18,7 +18,7 @@
use crate::ioutil::wait_for_file;
use anyhow::Result;
use log::info;
-use microdroid_metadata::{read_metadata, Metadata};
+use microdroid_metadata::{read_metadata, ApexPayload, Metadata};
use std::fs::File;
use std::io::Read;
use std::time::Duration;
@@ -35,9 +35,9 @@
read_metadata(file)
}
-/// Loads (name, pubkey) from payload apexes and returns them as sorted by name.
+/// Loads (name, pubkey) from payload APEXes
pub fn get_apex_data_from_payload(metadata: &Metadata) -> Result<Vec<ApexData>> {
- let mut apex_data: Vec<ApexData> = metadata
+ metadata
.apexes
.iter()
.map(|apex| {
@@ -46,9 +46,7 @@
let pubkey = get_pubkey_from_apex(&partition)?;
Ok(ApexData { name, pubkey })
})
- .collect::<Result<Vec<_>>>()?;
- apex_data.sort_by(|a, b| a.name.cmp(&b.name));
- Ok(apex_data)
+ .collect()
}
fn get_pubkey_from_apex(path: &str) -> Result<Vec<u8>> {
@@ -59,3 +57,18 @@
pubkey_file.read_to_end(&mut pubkey)?;
Ok(pubkey)
}
+
+/// Convert vector of ApexData into Metadata
+pub fn to_metadata(apex_data: &[ApexData]) -> Metadata {
+ Metadata {
+ apexes: apex_data
+ .iter()
+ .map(|data| ApexPayload {
+ name: data.name.clone(),
+ public_key: data.pubkey.clone(),
+ ..Default::default()
+ })
+ .collect(),
+ ..Default::default()
+ }
+}
diff --git a/tests/hostside/AndroidTest.xml b/tests/hostside/AndroidTest.xml
index e8aced6..99157e0 100644
--- a/tests/hostside/AndroidTest.xml
+++ b/tests/hostside/AndroidTest.xml
@@ -14,6 +14,9 @@
limitations under the License.
-->
<configuration description="Tests for microdroid">
+ <!-- Make sure pKVM is available on the device -->
+ <target_preparer class="com.android.tradefed.targetprep.PkvmPreparer"/>
+
<test class="com.android.compatibility.common.tradefed.testtype.JarHostTest" >
<option name="jar" value="MicrodroidHostTestCases.jar" />
</test>
diff --git a/zipfuse/Android.bp b/zipfuse/Android.bp
index 46f4b5a..79e6bad 100644
--- a/zipfuse/Android.bp
+++ b/zipfuse/Android.bp
@@ -29,6 +29,7 @@
name: "zipfuse",
defaults: ["zipfuse.defaults"],
init_rc: ["zipfuse.rc"],
+ bootstrap: true,
}
rust_test {