Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 451cc9680119f40c0deeb52e74c776055c5bd2db^! / . / vmclient
commit451cc9680119f40c0deeb52e74c776055c5bd2db[log] [tgz]
authorDavid Brazdil <dbrazdil@google.com>Fri Oct 14 14:08:12 2022 +0100
committerDavid Brazdil <dbrazdil@google.com>Tue Nov 15 11:25:38 2022 +0000
tree50a694727c74e2c81944704e9bbed734b2de3bac
parentb28124b02b2de9d0864e4deb53f755023df2c4ef [diff]
Remove onPayloadStarted stream argument

microdroid_manager creates a vsock connection with the host and
redirects the payload's stdin/stdout/stderr streams over it. This may
not necessarily be a securiy issue if the app never writes any secrets
to its standard output, but it would be safer to not open up
a communication channel like that by default. If the payload wishes to
pass its logs to the host, it should open up the connection explicitly.

Remove the vsock connection, the virtualizationservice server and the
corresponding file descriptor argument of onPayloadStarted() callback.
Instead, provide onPayloadStdio() that the payload can optinally call
to set up the connection.

Bug: 245727626
Bug: 253221932
Test: atest -p packages/modules/Virtualization:avf-presubmit
Change-Id: I89fd3a52aae9272db7300224b88d87c6f4d8a8a7

diff --git a/vmclient/src/lib.rs b/vmclient/src/lib.rs
index e6f32b4..1dd553c 100644
--- a/vmclient/src/lib.rs
+++ b/vmclient/src/lib.rs

@@ -74,12 +74,15 @@
 pub trait VmCallback {
     /// Called when the payload has been started within the VM. If present, `stream` is connected
     /// to the stdin/stdout of the payload.
-    fn on_payload_started(&self, cid: i32, stream: Option<&File>) {}
+    fn on_payload_started(&self, cid: i32) {}
 
     /// Callend when the payload has notified Virtualization Service that it is ready to serve
     /// clients.
     fn on_payload_ready(&self, cid: i32) {}
 
+    /// Called by the payload to forward its standard I/O streams to the host.
+    fn on_payload_stdio(&self, cid: i32, fd: &File);
+
     /// Called when the payload has exited in the VM. `exit_code` is the exit code of the payload
     /// process.
     fn on_payload_finished(&self, cid: i32, exit_code: i32) {}
@@ -269,14 +272,17 @@
 impl Interface for VirtualMachineCallback {}
 
 impl IVirtualMachineCallback for VirtualMachineCallback {
-    fn onPayloadStarted(
-        &self,
-        cid: i32,
-        stream: Option<&ParcelFileDescriptor>,
-    ) -> BinderResult<()> {
+    fn onPayloadStarted(&self, cid: i32) -> BinderResult<()> {
         self.state.notify_state(VirtualMachineState::STARTED);
         if let Some(ref callback) = self.client_callback {
-            callback.on_payload_started(cid, stream.map(ParcelFileDescriptor::as_ref));
+            callback.on_payload_started(cid);
+        }
+        Ok(())
+    }
+
+    fn onPayloadStdio(&self, cid: i32, stream: &ParcelFileDescriptor) -> BinderResult<()> {
+        if let Some(ref callback) = self.client_callback {
+            callback.on_payload_stdio(cid, stream.as_ref());
         }
         Ok(())
     }