commit 3aa62b3990f54de8b2b17c1ffda5c23c4ea4cbd3
author David Drysdale <drysdale@google.com> Mon Mar 25 12:31:48 2024 +0000
committer David Drysdale <drysdale@google.com> Mon Mar 25 13:12:12 2024 +0000
tree c610e898ce77818c89f3b3b4732343911644e22a
parent 1da2d5d07fd919ede75e53859d3ed3f28e751ff4

Allow a new owner to claim a VM ID

Bug: 294177871
Test: virtualizationservice_test
Change-Id: I285175c8d11cc402b03dd750fbe7cbf47aebae78

virtualizationservice/aidl/android/system/virtualizationservice_internal/IVirtualizationServiceInternal.aidl

diff --git a/virtualizationservice/aidl/android/system/virtualizationservice_internal/IVirtualizationServiceInternal.aidl b/virtualizationservice/aidl/android/system/virtualizationservice_internal/IVirtualizationServiceInternal.aidl
index c6575c8..16975ee 100644
--- a/virtualizationservice/aidl/android/system/virtualizationservice_internal/IVirtualizationServiceInternal.aidl
+++ b/virtualizationservice/aidl/android/system/virtualizationservice_internal/IVirtualizationServiceInternal.aidl
@@ -108,4 +108,12 @@
      * @param instanceId The ID for the VM.
      */
     void removeVmInstance(in byte[64] instanceId);
+
+    /**
+     * Notification that ownership of a VM has been claimed by the caller.  Note that no permission
+     * checks (with respect to the previous owner) are performed.
+     *
+     * @param instanceId The ID for the VM.
+     */
+    void claimVmInstance(in byte[64] instanceId);
 }

virtualizationservice/src/aidl.rs

diff --git a/virtualizationservice/src/aidl.rs b/virtualizationservice/src/aidl.rs
index 05f3cf6..5c1c079 100644
--- a/virtualizationservice/src/aidl.rs
+++ b/virtualizationservice/src/aidl.rs
@@ -436,6 +436,28 @@
         }
         Ok(())
     }
+
+    fn claimVmInstance(&self, instance_id: &[u8; 64]) -> binder::Result<()> {
+        let state = &mut *self.state.lock().unwrap();
+        if let Some(sk_state) = &mut state.sk_state {
+            let uid = get_calling_uid();
+            info!(
+                "Claiming a VM's instance_id: {:?}, for uid: {:?}",
+                hex::encode(instance_id),
+                uid
+            );
+
+            let user_id = multiuser_get_user_id(uid);
+            let app_id = multiuser_get_app_id(uid);
+            info!("Recording possible new owner of state for (user_id={user_id}, app_id={app_id})");
+            if let Err(e) = sk_state.add_id(instance_id, user_id, app_id) {
+                error!("Failed to update the instance_id owner: {e:?}");
+            }
+        } else {
+            info!("ignoring claimVmInstance() as no ISecretkeeper");
+        }
+        Ok(())
+    }
 }
 
 impl IVirtualizationMaintenance for VirtualizationServiceInternal {

virtualizationservice/src/maintenance.rs

diff --git a/virtualizationservice/src/maintenance.rs b/virtualizationservice/src/maintenance.rs
index 219df7d..f950db9 100644
--- a/virtualizationservice/src/maintenance.rs
+++ b/virtualizationservice/src/maintenance.rs
@@ -96,7 +96,8 @@
         }
     }
 
-    /// Record a new VM ID.
+    /// Record a new VM ID.  If there is an existing owner (user_id, app_id) for the VM ID,
+    /// it will be replaced.
     pub fn add_id(&mut self, vm_id: &VmId, user_id: u32, app_id: u32) -> Result<()> {
         let user_id: i32 = user_id.try_into().context(format!("user_id {user_id} out of range"))?;
         let app_id: i32 = app_id.try_into().context(format!("app_id {app_id} out of range"))?;