Merge "No need to disable SELinux for tests now that policy is fixed."
diff --git a/demo/README.md b/demo/README.md
new file mode 100644
index 0000000..8d0550a
--- /dev/null
+++ b/demo/README.md
@@ -0,0 +1,28 @@
+# Microdroid demo app
+
+## Building
+
+```
+TARGET_BUILD_APPS=MicrodroidDemoApp m apps_only dist
+```
+
+## Installing
+
+```
+adb install out/dist/MicrodroidDemoApp.apk
+adb push out/dist/MicrodroidDemoApp.apk.idsig /data/local/tmp/virt
+```
+
+## Running
+
+Run these commands before running the app. Eventually, these won't be needed.
+
+```
+adb root
+adb setenforce 0
+adb start virtualizationservice
+```
+
+Run the app by touching the icon on the launcher. Press the `run` button to
+start a VM. You can see console output from the VM on the screen. You can stop
+the VM by pressing the `stop` button.
diff --git a/microdroid/init.rc b/microdroid/init.rc
index b683230..36cddbb 100644
--- a/microdroid/init.rc
+++ b/microdroid/init.rc
@@ -29,7 +29,6 @@
exec - root system -- /system/bin/apexd --vm
perform_apex_config
- exec_start derive_sdk
exec - root system -- /system/bin/apkdmverity /dev/block/by-name/microdroid-apk /dev/block/by-name/microdroid-apk-idsig microdroid-apk
mkdir /mnt/apk 0755 system system
diff --git a/microdroid/sepolicy/system/private/derive_classpath.te b/microdroid/sepolicy/system/private/derive_classpath.te
deleted file mode 100644
index 2299ba0..0000000
--- a/microdroid/sepolicy/system/private/derive_classpath.te
+++ /dev/null
@@ -1,25 +0,0 @@
-
-# Domain for derive_classpath
-type derive_classpath, domain, coredomain;
-type derive_classpath_exec, system_file_type, exec_type, file_type;
-init_daemon_domain(derive_classpath)
-
-# Read /apex
-allow derive_classpath apex_mnt_dir:dir r_dir_perms;
-
-# Create /data/system/environ/classpath file
-allow derive_classpath environ_system_data_file:dir rw_dir_perms;
-allow derive_classpath environ_system_data_file:file create_file_perms;
-
-# b/183079517 fails on gphone targets otherwise
-allow derive_classpath unlabeled:dir search;
-
-# Allow derive_classpath to write the classpath into ota dexopt
-# - Read the ota's apex dir
-allow derive_classpath postinstall_apex_mnt_dir:dir r_dir_perms;
-# - Report the BCP to the ota's dexopt
-allow derive_classpath postinstall_dexopt:dir search;
-allow derive_classpath postinstall_dexopt:fd use;
-allow derive_classpath postinstall_dexopt:file read;
-allow derive_classpath postinstall_dexopt:lnk_file read;
-allow derive_classpath postinstall_dexopt_tmpfs:file rw_file_perms;
diff --git a/microdroid/sepolicy/system/private/derive_sdk.te b/microdroid/sepolicy/system/private/derive_sdk.te
deleted file mode 100644
index 1f60e34..0000000
--- a/microdroid/sepolicy/system/private/derive_sdk.te
+++ /dev/null
@@ -1,12 +0,0 @@
-
-# Domain for derive_sdk
-type derive_sdk, domain, coredomain;
-type derive_sdk_exec, system_file_type, exec_type, file_type;
-init_daemon_domain(derive_sdk)
-
-# Read /apex
-allow derive_sdk apex_mnt_dir:dir r_dir_perms;
-
-# Prop rules: writable by derive_sdk, readable by bootclasspath (apps)
-set_prop(derive_sdk, module_sdkextensions_prop)
-neverallow { domain -init -derive_sdk } module_sdkextensions_prop:property_service set;
diff --git a/microdroid/sepolicy/system/private/postinstall_dexopt.te b/microdroid/sepolicy/system/private/postinstall_dexopt.te
index 94af043..14e7854 100644
--- a/microdroid/sepolicy/system/private/postinstall_dexopt.te
+++ b/microdroid/sepolicy/system/private/postinstall_dexopt.te
@@ -16,10 +16,6 @@
# with the `postinstall_file` type by update_engine.
domain_auto_trans(postinstall_dexopt, postinstall_file, dex2oat)
-# Run derive_classpath to get the current BCP.
-domain_auto_trans(postinstall_dexopt, derive_classpath_exec, derive_classpath)
-# Allow postinstall_dexopt to make a tempfile for derive_classpath to write into
-tmpfs_domain(postinstall_dexopt);
allow postinstall_dexopt postinstall_dexopt_tmpfs:file open;
allow postinstall_dexopt self:global_capability_class_set { chown dac_override dac_read_search fowner fsetid setgid setuid };
diff --git a/microdroid/sepolicy/system/private/property_contexts b/microdroid/sepolicy/system/private/property_contexts
index c2a3a62..deeb840 100644
--- a/microdroid/sepolicy/system/private/property_contexts
+++ b/microdroid/sepolicy/system/private/property_contexts
@@ -32,7 +32,6 @@
ro.logd.kernel u:object_r:logd_prop:s0 exact bool
ro.boottime.adbd u:object_r:boottime_prop:s0 exact int
-ro.boottime.derive_sdk u:object_r:boottime_prop:s0 exact int
ro.boottime.hwservicemanager u:object_r:boottime_prop:s0 exact int
ro.boottime.init u:object_r:boottime_prop:s0 exact int
ro.boottime.init.cold_boot_wait u:object_r:boottime_prop:s0 exact int
@@ -59,7 +58,6 @@
sys.usb.controller u:object_r:usb_control_prop:s0 exact string
-init.svc.derive_sdk u:object_r:init_service_status_private_prop:s0 exact string
init.svc.hwservicemanager u:object_r:init_service_status_private_prop:s0 exact string
init.svc.keystore2 u:object_r:init_service_status_private_prop:s0 exact string
init.svc.logd u:object_r:init_service_status_private_prop:s0 exact string
diff --git a/tests/hostside/helper/java/android/virt/test/VirtualizationTestCaseBase.java b/tests/hostside/helper/java/android/virt/test/VirtualizationTestCaseBase.java
index 6d43760..451f9ba 100644
--- a/tests/hostside/helper/java/android/virt/test/VirtualizationTestCaseBase.java
+++ b/tests/hostside/helper/java/android/virt/test/VirtualizationTestCaseBase.java
@@ -234,17 +234,13 @@
}
public void shutdownMicrodroid(String cid) throws DeviceNotAvailableException {
- // Shutdown microdroid
- runOnAndroid(VIRT_APEX + "bin/vm", "stop", cid);
+ // Close the connection before shutting the VM down. Otherwise, b/192660485.
+ tryRunOnHost("adb", "disconnect", MICRODROID_SERIAL);
+ final String serial = getDevice().getSerialNumber();
+ tryRunOnHost("adb", "-s", serial, "forward", "--remove", "tcp:" + TEST_VM_ADB_PORT);
- // TODO(192660485): Figure out why shutting down the VM disconnects adb on cuttlefish
- // temporarily. Without this wait, the rest of `runOnAndroid/skipIfFail` fails due to the
- // connection loss, and results in assumption error exception for the rest of the tests.
- try {
- Thread.sleep(1000);
- } catch (InterruptedException e) {
- Thread.currentThread().interrupt();
- }
+ // Shutdown the VM
+ runOnAndroid(VIRT_APEX + "bin/vm", "stop", cid);
}
public void rootMicrodroid() throws DeviceNotAvailableException {
diff --git a/virtualizationservice/src/aidl.rs b/virtualizationservice/src/aidl.rs
index bc19109..8bdfa9d 100644
--- a/virtualizationservice/src/aidl.rs
+++ b/virtualizationservice/src/aidl.rs
@@ -59,8 +59,8 @@
/// The list of APEXes which microdroid requires.
/// TODO(b/192200378) move this to microdroid.json?
-const MICRODROID_REQUIRED_APEXES: [&str; 4] =
- ["com.android.adbd", "com.android.i18n", "com.android.os.statsd", "com.android.sdkext"];
+const MICRODROID_REQUIRED_APEXES: [&str; 3] =
+ ["com.android.adbd", "com.android.i18n", "com.android.os.statsd"];
/// Implementation of `IVirtualizationService`, the entry point of the AIDL service.
#[derive(Debug, Default)]