commit 61f8614ee78ae3d143ebf7dbc5ecd67b0bfddddd
author Jaewan Kim <jaewan@google.com> Tue Mar 28 15:12:52 2023 +0900
committer Jaewan Kim <jaewan@google.com> Mon Apr 03 11:31:21 2023 +0900
tree 5290e8610090bc96c854e604cac218f6ef5cc297
parent d4dae651b3ca64907ffde7520d88d1038a2957ce

Ignore debug policy with sysprop

Read system property hypervisor.virtualizationmanager.debug_policy.path
to decide whether to ignore debug policy or not.

Follow-up CLs will use the system property to disable debug policy for
tests and also allows to set custom debug policy for debug policy test.

Bug: 272496125, Bug: 275047565
Test: Run following tests twice with/without the sysprop \
      1) `atest MicrodroidTestApp MicrodroidHostTestCases` for \
         checking no regression. \
      2) Launched VM on a debug policy enabled device without debug level
Change-Id: I9f3a829c84a55441942953979e3aec893c0405fd

virtualizationmanager/src/aidl.rs

diff --git a/virtualizationmanager/src/aidl.rs b/virtualizationmanager/src/aidl.rs
index 749d75f..468ee19 100644
--- a/virtualizationmanager/src/aidl.rs
+++ b/virtualizationmanager/src/aidl.rs
@@ -19,8 +19,7 @@
     write_vm_booted_stats, write_vm_creation_stats};
 use crate::composite::make_composite_image;
 use crate::crosvm::{CrosvmConfig, DiskFile, PayloadState, VmContext, VmInstance, VmState};
-use crate::debug_config::should_prepare_console_output;
-use crate::debug_config::is_ramdump_needed;
+use crate::debug_config::DebugConfig;
 use crate::payload::{add_microdroid_payload_images, add_microdroid_system_images};
 use crate::selinux::{getfilecon, SeContext};
 use android_os_permissions_aidl::aidl::android::os::IPermissionController;
@@ -327,21 +326,22 @@
             check_gdb_allowed(config)?;
         }
 
-        let ramdump = if is_ramdump_needed(config) {
+        let debug_level = match config {
+            VirtualMachineConfig::AppConfig(config) => config.debugLevel,
+            _ => DebugLevel::NONE,
+        };
+        let debug_config = DebugConfig::new(debug_level);
+
+        let ramdump = if debug_config.is_ramdump_needed() {
             Some(prepare_ramdump_file(&temporary_directory)?)
         } else {
             None
         };
 
-        let debug_level = match config {
-            VirtualMachineConfig::AppConfig(app_config) => app_config.debugLevel,
-            _ => DebugLevel::NONE,
-        };
-
         let state = &mut *self.state.lock().unwrap();
         let console_fd =
-            clone_or_prepare_logger_fd(config, console_fd, format!("Console({})", cid))?;
-        let log_fd = clone_or_prepare_logger_fd(config, log_fd, format!("Log({})", cid))?;
+            clone_or_prepare_logger_fd(&debug_config, console_fd, format!("Console({})", cid))?;
+        let log_fd = clone_or_prepare_logger_fd(&debug_config, log_fd, format!("Log({})", cid))?;
 
         // Counter to generate unique IDs for temporary image files.
         let mut next_temporary_image_id = 0;
@@ -352,12 +352,13 @@
         let (is_app_config, config) = match config {
             VirtualMachineConfig::RawConfig(config) => (false, BorrowedOrOwned::Borrowed(config)),
             VirtualMachineConfig::AppConfig(config) => {
-                let config = load_app_config(config, &temporary_directory).map_err(|e| {
-                    *is_protected = config.protectedVm;
-                    let message = format!("Failed to load app config: {:?}", e);
-                    error!("{}", message);
-                    Status::new_service_specific_error_str(-1, Some(message))
-                })?;
+                let config =
+                    load_app_config(config, &debug_config, &temporary_directory).map_err(|e| {
+                        *is_protected = config.protectedVm;
+                        let message = format!("Failed to load app config: {:?}", e);
+                        error!("{}", message);
+                        Status::new_service_specific_error_str(-1, Some(message))
+                    })?;
                 (true, BorrowedOrOwned::Owned(config))
             }
         };
@@ -438,7 +439,7 @@
             disks,
             params: config.params.to_owned(),
             protected: *is_protected,
-            debug_level,
+            debug_config,
             memory_mib: config.memoryMib.try_into().ok().and_then(NonZeroU32::new),
             cpus,
             host_cpu_topology,
@@ -559,6 +560,7 @@
 
 fn load_app_config(
     config: &VirtualMachineAppConfig,
+    debug_config: &DebugConfig,
     temporary_directory: &Path,
 ) -> Result<VirtualMachineRawConfig> {
     let apk_file = clone_file(config.apk.as_ref().unwrap())?;
@@ -607,6 +609,7 @@
     // Include Microdroid payload disk (contains apks, idsigs) in vm config
     add_microdroid_payload_images(
         config,
+        debug_config,
         temporary_directory,
         apk_file,
         idsig_file,
@@ -1038,7 +1041,7 @@
 }
 
 fn clone_or_prepare_logger_fd(
-    config: &VirtualMachineConfig,
+    debug_config: &DebugConfig,
     fd: Option<&ParcelFileDescriptor>,
     tag: String,
 ) -> Result<Option<File>, Status> {
@@ -1046,10 +1049,7 @@
         return Ok(Some(clone_file(fd)?));
     }
 
-    let VirtualMachineConfig::AppConfig(app_config) = config else {
-        return Ok(None);
-    };
-    if !should_prepare_console_output(app_config.debugLevel) {
+    if !debug_config.should_prepare_console_output() {
         return Ok(None);
     };