| commit | de76d90b76c0409181eace85c5b24dcad74c8ebf | [log] [tgz] |
|---|---|---|
| author | Victor Hsieh <victorhsieh@google.com> | Thu Mar 16 11:37:52 2023 -0700 |
| committer | Victor Hsieh <victorhsieh@google.com> | Fri Mar 17 09:22:36 2023 -0700 |
| tree | 127a22180adda9674a4d7f826e0dbe91a40e63e8 | |
| parent | f74674e960a45d729aad2cca2f27fe87a9dcebd2 [diff] |
Don't mount the extra apk if VM isn't given one
Extra APK is given to the VM when it boots (via various of
vm_config*.json) depending on whether the build manifest APK exists or
not. On the request, the directory FD of /system_ext needs to come with
the request accordingly, so that authfs can set up the remote file
access.
The current implementation is problematic when there's inconsistency.
Even if /system_ext exists, we shouldn't pass the FD in the compilation
request because the VM may not be set up with a build manifest APK for
/system_ext. This can happen when /system_ext exists but without
BuildManifestSystemExt.apk.
The simple fix is to condition the FD passing on whether the extra APK
exists.
Bug: 267262026
Bug: 273393637
Test: rm /system_ext/etc/security/fsverity/BuildManifestSystemExt.apk
ComposHostTestCases only after this change
Change-Id: I415343ddb69e4c8cac0b77274db9f629da33fbdd
This repository contains userspace services related to running virtual machines on Android, especially protected virtual machines. See the getting started documentation and Microdroid README for more information.