Add isNewInstanceStatus to vm_payload api
This can be used by payload to determine if this the first boot of the
VM. This becomes useful since `AVmPayload_getVmInstanceSecret` is
essentially equivalent to get_or_create secrets. Payload should be able
to check if the secrets were newly created or are the old ones & this
could be used to meaningfully use the secret.
For ex, encryptedstore or other data encrypted using the VM secrets
restored via backup and restore cannot be meaningfully decrypted using
newly created secrets on the new device.
Test: MicrodroidTests#isNewInstanceTest
Bug: 327576724
Bug: 378911776
Change-Id: I05983c7b1239d29f86f2b3fb9be7e3a1f2f91039
diff --git a/libs/libvm_payload/wrapper/lib.rs b/libs/libvm_payload/wrapper/lib.rs
index 133b14e..bf274b0 100644
--- a/libs/libvm_payload/wrapper/lib.rs
+++ b/libs/libvm_payload/wrapper/lib.rs
@@ -31,7 +31,7 @@
use std::ptr;
use vm_payload_bindgen::{
AIBinder, AVmPayload_getApkContentsPath, AVmPayload_getEncryptedStoragePath,
- AVmPayload_getVmInstanceSecret, AVmPayload_notifyPayloadReady,
+ AVmPayload_getVmInstanceSecret, AVmPayload_isNewInstance, AVmPayload_notifyPayloadReady,
AVmPayload_readRollbackProtectedSecret, AVmPayload_runVsockRpcServer,
AVmPayload_writeRollbackProtectedSecret,
};
@@ -208,3 +208,11 @@
// SAFETY: The function only writes to `[data]` within its bounds.
unsafe { AVmPayload_writeRollbackProtectedSecret(data.as_ptr() as *const c_void, data.len()) }
}
+
+/// Checks whether the VM instance is new - i.e., if this is the first run of an instance.
+/// This is an indication of fresh new VM secrets. Payload can use this to setup the fresh
+/// instance if needed.
+pub fn is_new_instance_status() -> bool {
+ // SAFETY: The function returns bool, no arguments are needed.
+ unsafe { AVmPayload_isNewInstance() }
+}