Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 61a74b553f792469507d1f195570b689be962e45^! / . / compos / verify
commit61a74b553f792469507d1f195570b689be962e45[log] [tgz]
authorShikha Panwar <shikhapanwar@google.com>Fri Feb 16 13:17:01 2024 +0000
committerShikha Panwar <shikhapanwar@google.com>Mon Feb 26 18:19:48 2024 +0000
treef3fbb11aa75d694ff631b2e334b05104754267de
parente9b48e81d5946a98dfd7adcc57c595df4894100b [diff]
Allocate each VM an instance_id

Introduce a 64 bytes' long instance_id. When the VM is created, this is
requested from virtualization service, which randomly allocates it.
While it does that, it also logs the user & the package name.

The app persists this allocated instance_id in a file `instance_id` in
its directory for the vm instance (along with instance.img &
storage.img). When the VirtualMachine is run, this is an input into the
VM via DT.

This patch modifies Compos & vm binary to work with the instance_id.

flagging: instance_id allocation request is conditional to flag build
time flag llpvm_changes, no file `instance_id` is created if the flag is
off. `instanceId` is all 0s if the flag is off.

Bug: 291213394
Test: atest MicrodroidHostTest
Test: atest MicrodroidTests
Test: atest ComposHostTestCases
Test: Look for instance_id logged by VS

Change-Id: Ie8e25b9510e27362d4580c55c1bd557143ff7d0e

diff --git a/compos/verify/verify.rs b/compos/verify/verify.rs
index 567083d..a3f18d5 100644
--- a/compos/verify/verify.rs
+++ b/compos/verify/verify.rs

@@ -18,7 +18,7 @@
 //!  public key. The tool is intended to be run by odsign during boot.
 
 use android_logger::LogId;
-use anyhow::{bail, Context, Result};
+use anyhow::{anyhow, bail, Context, Result};
 use binder::ProcessState;
 use clap::{Parser, ValueEnum};
 use compos_common::compos_client::{ComposClient, VmCpuTopology, VmParameters};
@@ -28,9 +28,10 @@
 };
 use compos_common::{
     COMPOS_DATA_ROOT, CURRENT_INSTANCE_DIR, IDSIG_FILE, IDSIG_MANIFEST_APK_FILE,
-    IDSIG_MANIFEST_EXT_APK_FILE, INSTANCE_IMAGE_FILE, TEST_INSTANCE_DIR,
+    IDSIG_MANIFEST_EXT_APK_FILE, INSTANCE_ID_FILE, INSTANCE_IMAGE_FILE, TEST_INSTANCE_DIR,
 };
 use log::error;
+use std::fs;
 use std::fs::File;
 use std::io::Read;
 use std::panic;
@@ -90,11 +91,17 @@
         bail!("{:?} is not a directory", instance_dir);
     }
 
+    let instance_id_file = instance_dir.join(INSTANCE_ID_FILE);
     let instance_image = instance_dir.join(INSTANCE_IMAGE_FILE);
     let idsig = instance_dir.join(IDSIG_FILE);
     let idsig_manifest_apk = instance_dir.join(IDSIG_MANIFEST_APK_FILE);
     let idsig_manifest_ext_apk = instance_dir.join(IDSIG_MANIFEST_EXT_APK_FILE);
 
+    let instance_id: [u8; 64] = if cfg!(llpvm_changes) {
+        fs::read(instance_id_file)?.try_into().map_err(|_| anyhow!("Failed to get instance_id"))?
+    } else {
+        [0u8; 64]
+    };
     let instance_image = File::open(instance_image).context("Failed to open instance image")?;
 
     let info = artifacts_dir.join("compos.info");
@@ -110,6 +117,7 @@
     let virtualization_service = virtmgr.connect()?;
     let vm_instance = ComposClient::start(
         &*virtualization_service,
+        instance_id,
         instance_image,
         &idsig,
         &idsig_manifest_apk,