Add CAP_SYS_NICE to virtmgr to sync with crosvm's capability.
Bug: 328051532
Test: adb shell /apex/com.android.virt/bin/vm run-microdroid
Test: adb logcat | grep virtmgr
Test: atest MicrodroidTestAppNoPerm
Change-Id: I8cf3efb86869a7e3a31bc1ba3480f43c1bc92bf6
diff --git a/Android.bp b/Android.bp
index 7cedfb7..5643cd2 100644
--- a/Android.bp
+++ b/Android.bp
@@ -69,6 +69,7 @@
config_namespace: "ANDROID",
bool_variables: [
"release_avf_enable_dice_changes",
+ "release_avf_enable_vendor_modules",
"release_avf_enable_virt_cpufreq",
],
properties: [
@@ -82,6 +83,9 @@
release_avf_enable_dice_changes: {
cflags: ["-DAVF_OPEN_DICE_CHANGES=1"],
},
+ release_avf_enable_vendor_modules: {
+ cflags: ["-DAVF_ENABLE_VENDOR_MODULES=1"],
+ },
release_avf_enable_virt_cpufreq: {
cflags: ["-DAVF_ENABLE_VIRT_CPUFREQ=1"],
},
diff --git a/apex/canned_fs_config_sys_nice b/apex/canned_fs_config_sys_nice
index 5b12eb5..90c9747 100644
--- a/apex/canned_fs_config_sys_nice
+++ b/apex/canned_fs_config_sys_nice
@@ -1,2 +1,3 @@
/bin/virtualizationservice 0 2000 0755 capabilities=0x1000001 # CAP_CHOWN, CAP_SYS_RESOURCE
-/bin/crosvm 0 3013 0755 capabilities=0x800000 # SYS_NICE
+/bin/crosvm 0 3013 0755 capabilities=0x800000 # CAP_SYS_NICE
+/bin/virtmgr 0 3013 0755 capabilities=0x800000 # CAP_SYS_NICE
diff --git a/flags/cpp/include/android/avf_cc_flags.h b/flags/cpp/include/android/avf_cc_flags.h
index 536ea9f..c922266 100644
--- a/flags/cpp/include/android/avf_cc_flags.h
+++ b/flags/cpp/include/android/avf_cc_flags.h
@@ -27,5 +27,13 @@
#endif
}
+inline bool IsVendorModulesFlagEnabled() {
+#ifdef AVF_ENABLE_VENDOR_MODULES
+ return AVF_ENABLE_VENDOR_MODULES;
+#else
+ return false;
+#endif
+}
+
} // namespace virtualization
} // namespace android
diff --git a/java/framework/src/android/system/virtualmachine/VirtualMachineManager.java b/java/framework/src/android/system/virtualmachine/VirtualMachineManager.java
index 8c0c20e..4a9e943 100644
--- a/java/framework/src/android/system/virtualmachine/VirtualMachineManager.java
+++ b/java/framework/src/android/system/virtualmachine/VirtualMachineManager.java
@@ -38,9 +38,11 @@
import com.android.internal.annotations.GuardedBy;
import com.android.system.virtualmachine.flags.Flags;
+import java.io.File;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.ref.WeakReference;
+import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
@@ -357,6 +359,30 @@
return null;
}
+ private static final String JSON_SUFFIX = ".json";
+ private static final List<String> SUPPORTED_OS_LIST_FROM_CFG =
+ extractSupportedOSListFromConfig();
+
+ private boolean isVendorModuleEnabled() {
+ return VirtualizationService.nativeIsVendorModulesFlagEnabled();
+ }
+
+ private static List<String> extractSupportedOSListFromConfig() {
+ List<String> supportedOsList = new ArrayList<>();
+ File directory = new File("/apex/com.android.virt/etc");
+ File[] files = directory.listFiles();
+ if (files != null) {
+ for (File file : files) {
+ String fileName = file.getName();
+ if (fileName.endsWith(JSON_SUFFIX)) {
+ supportedOsList.add(
+ fileName.substring(0, fileName.length() - JSON_SUFFIX.length()));
+ }
+ }
+ }
+ return supportedOsList;
+ }
+
/**
* Returns a list of supported OS names.
*
@@ -366,13 +392,10 @@
@FlaggedApi(Flags.FLAG_AVF_V_TEST_APIS)
@NonNull
public List<String> getSupportedOSList() throws VirtualMachineException {
- synchronized (sCreateLock) {
- VirtualizationService service = VirtualizationService.getInstance();
- try {
- return Arrays.asList(service.getBinder().getSupportedOSList());
- } catch (RemoteException e) {
- throw e.rethrowAsRuntimeException();
- }
+ if (isVendorModuleEnabled()) {
+ return SUPPORTED_OS_LIST_FROM_CFG;
+ } else {
+ return Arrays.asList("microdroid");
}
}
diff --git a/java/framework/src/android/system/virtualmachine/VirtualizationService.java b/java/framework/src/android/system/virtualmachine/VirtualizationService.java
index 57990a9..9063fa6 100644
--- a/java/framework/src/android/system/virtualmachine/VirtualizationService.java
+++ b/java/framework/src/android/system/virtualmachine/VirtualizationService.java
@@ -51,6 +51,12 @@
private native boolean nativeIsOk(int clientFd);
/*
+ * Retrieve boolean value whether RELEASE_AVF_ENABLE_VENDOR_MODULES build flag is enabled or
+ * not.
+ */
+ static native boolean nativeIsVendorModulesFlagEnabled();
+
+ /*
* Spawns a new virtmgr subprocess that will host a VirtualizationService
* AIDL service.
*/
@@ -63,7 +69,9 @@
IBinder binder = nativeConnect(mClientFd.getFd());
if (binder == null) {
- throw new VirtualMachineException("Could not connect to Virtualization Manager");
+ throw new SecurityException(
+ "Could not connect to Virtualization Manager. Please consider checking"
+ + " android.permission.MANAGE_VIRTUAL_MACHINE permission");
}
mBinder = IVirtualizationService.Stub.asInterface(binder);
}
diff --git a/java/jni/Android.bp b/java/jni/Android.bp
index 74a1766..4a569d4 100644
--- a/java/jni/Android.bp
+++ b/java/jni/Android.bp
@@ -16,6 +16,7 @@
"liblog",
"libnativehelper",
],
+ static_libs: ["libavf_cc_flags"],
}
cc_library_shared {
diff --git a/java/jni/android_system_virtualmachine_VirtualizationService.cpp b/java/jni/android_system_virtualmachine_VirtualizationService.cpp
index fbd1fd5..4f02112 100644
--- a/java/jni/android_system_virtualmachine_VirtualizationService.cpp
+++ b/java/jni/android_system_virtualmachine_VirtualizationService.cpp
@@ -17,6 +17,7 @@
#define LOG_TAG "VirtualizationService"
#include <android-base/unique_fd.h>
+#include <android/avf_cc_flags.h>
#include <android/binder_ibinder_jni.h>
#include <jni.h>
#include <log/log.h>
@@ -101,3 +102,9 @@
}
return pfds[0].revents == 0;
}
+
+extern "C" JNIEXPORT jboolean JNICALL
+Java_android_system_virtualmachine_VirtualizationService_nativeIsVendorModulesFlagEnabled(
+ [[maybe_unused]] JNIEnv* env, [[maybe_unused]] jobject obj) {
+ return android::virtualization::IsVendorModulesFlagEnabled();
+}