Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 3452ee2bb0a2a941153f017dd45addaf03cea1ee
commit3452ee2bb0a2a941153f017dd45addaf03cea1ee[log] [tgz]
authorNikita Ioffe <ioffe@google.com>Thu Dec 15 00:31:56 2022 +0000
committerNikita Ioffe <ioffe@google.com>Mon Dec 19 17:04:00 2022 +0000
tree68385dbd1f2a465df8544559139cc00c201f1a95
parent1806205e1dd43a8a46fcd969d68fbd56cd61a409 [diff]
Drop inheritable caps and caps bounding set before executing payload

This change basically does the following things:

* Add rust_bindgen for the libcap.
* Add libcap_rust wrapping the bindgen and providing
  drop_inhertiable_caps and drop_bounding_set APIs;
* Call the libcap_rust APIs before execve'ing into the payload binary.
  This is done using the CommandExt::pre_exec function.

Additionally this change adds basic tests for libcap_rust library and
the e2e test to verify that binary running payload have zero
capabilities.

Bug: 243633980
Test: atest libcap_rust.test
Test: atest MicrodroidTestApp
Test: adb shell /apex/com.android.virt/bin/vm run-microdroid
Test: enter microdroid shell & check microdroid_launcher has empty caps
Change-Id: Ibfb45ec912df0ad0a1db62b24c22fbe5a61ff5f3
10 files changed
tree: 68385dbd1f2a465df8544559139cc00c201f1a95
  1. apex/
  2. apkdmverity/
  3. authfs/
  4. avmd/
  5. compos/
  6. demo/
  7. docs/
  8. encryptedstore/
  9. javalib/
  10. launcher/
  11. libs/
  12. microdroid/
  13. microdroid_manager/
  14. pvmfw/
  15. rialto/
  16. tests/
  17. virtualizationservice/
  18. vm/
  19. vm_payload/
  20. vmbase/
  21. vmclient/
  22. zipfuse/
  23. rustfmt.toml ⇨ ../../../build/soong/scripts/rustfmt.toml
  24. .clang-format
  25. .gitignore
  26. Android.bp
  27. OWNERS
  28. PREUPLOAD.cfg
  29. README.md
  30. TEST_MAPPING
README.md

Virtualization

This repository contains userspace services related to running virtual machines on Android, especially protected virtual machines. See the getting started documentation and Microdroid README for more information.