Start using virtmgr for running VMs

Make the final changes to start running VMs using virtmgr:

  * Have virtualizationservice host the VirtualizationServiceInternal
    AIDL service.

  * Remove memlock rlimit of virtmgr (instead of virtualizationservice)
    via a method on VirtualizationServiceInternal.

  * Have VirtualizationServiceInternal create the VM's temporary folder
    and change its owner to the client's UID. The files keep the same
    virtualizationservice_data_file SELinux label, but are now owned by
    the client's virtmgr instance. To this end, virtualizationservice
    requires CAP_CHOWN.

  * Switch all users to the new vmclient/javalib API for spawning
    virtmgr.

Bug: 245727626
Test: atest -p packages/modules/Virtualization:avf-presubmit
Change-Id: I93b2cadb67a8c125e1a86f9c1ba9cb98336f0cd4
diff --git a/virtualizationservice/src/virtmgr.rs b/virtualizationservice/src/virtmgr.rs
index 1aa3df9..90b4789 100644
--- a/virtualizationservice/src/virtmgr.rs
+++ b/virtualizationservice/src/virtmgr.rs
@@ -21,10 +21,10 @@
 mod payload;
 mod selinux;
 
-use crate::aidl::VirtualizationService;
+use crate::aidl::{GLOBAL_SERVICE, VirtualizationService};
 use android_system_virtualizationservice::aidl::android::system::virtualizationservice::IVirtualizationService::BnVirtualizationService;
 use anyhow::{bail, Context};
-use binder::BinderFeatures;
+use binder::{BinderFeatures, ProcessState};
 use lazy_static::lazy_static;
 use log::{info, Level};
 use rpcbinder::{FileDescriptorTransportMode, RpcServer};
@@ -102,6 +102,11 @@
     let ready_fd = take_fd_ownership(args.ready_fd, &mut owned_fds)
         .expect("Failed to take ownership of ready_fd");
 
+    // Start thread pool for kernel Binder connection to VirtualizationServiceInternal.
+    ProcessState::start_thread_pool();
+
+    GLOBAL_SERVICE.removeMemlockRlimit().expect("Failed to remove memlock rlimit");
+
     let service = VirtualizationService::init();
     let service =
         BnVirtualizationService::new_binder(service, BinderFeatures::default()).as_binder();