Remove old key management
Delete a load of no longer needed code.
We no longer support persisting keys in the host. CompOS no longer
accesses DICE directly (compos_key_helper handles that).
We retain the instance image files, but rename pending to current
(it's created before reboot with the staged APEXes and used after
reboot with the current APEXes, but there's no point renaming it).
Remove the attempt to start an existing instance when running
compilation - it is slow, and vanishingly unlikely to work.
Sadly this also deletes all the CompOS unit tests. (But there are some
new ones in compos_key_tests.)
Bug: 218494522
Test: Manual; atest ComposTestCase; atest CompOsSigningHostTest
Change-Id: I0175270341d5dcad614106432b7d2650229cf8a6
diff --git a/compos/composd/src/instance_manager.rs b/compos/composd/src/instance_manager.rs
index 9761a3e..848fc8c 100644
--- a/compos/composd/src/instance_manager.rs
+++ b/compos/composd/src/instance_manager.rs
@@ -23,7 +23,7 @@
use compos_aidl_interface::binder::Strong;
use compos_common::compos_client::VmParameters;
use compos_common::{
- DEX2OAT_CPU_SET_PROP_NAME, DEX2OAT_THREADS_PROP_NAME, PENDING_INSTANCE_DIR,
+ CURRENT_INSTANCE_DIR, DEX2OAT_CPU_SET_PROP_NAME, DEX2OAT_THREADS_PROP_NAME,
PREFER_STAGED_VM_CONFIG_PATH, TEST_INSTANCE_DIR,
};
use rustutils::system_properties;
@@ -42,10 +42,10 @@
Self { service, state: Default::default() }
}
- pub fn start_pending_instance(&self) -> Result<Arc<CompOsInstance>> {
+ pub fn start_current_instance(&self) -> Result<Arc<CompOsInstance>> {
let mut vm_parameters = new_vm_parameters()?;
vm_parameters.config_path = Some(PREFER_STAGED_VM_CONFIG_PATH.to_owned());
- self.start_instance(PENDING_INSTANCE_DIR, vm_parameters)
+ self.start_instance(CURRENT_INSTANCE_DIR, vm_parameters)
}
pub fn start_test_instance(&self) -> Result<Arc<CompOsInstance>> {
@@ -77,7 +77,7 @@
}
fn try_start_instance(&self, instance_starter: InstanceStarter) -> Result<Arc<CompOsInstance>> {
- let compos_instance = instance_starter.create_or_start_instance(&*self.service)?;
+ let compos_instance = instance_starter.start_new_instance(&*self.service)?;
Ok(Arc::new(compos_instance))
}
}
diff --git a/compos/composd/src/instance_starter.rs b/compos/composd/src/instance_starter.rs
index a886584..4873d7a 100644
--- a/compos/composd/src/instance_starter.rs
+++ b/compos/composd/src/instance_starter.rs
@@ -20,16 +20,13 @@
use android_system_virtualizationservice::aidl::android::system::virtualizationservice::{
IVirtualizationService::IVirtualizationService, PartitionType::PartitionType,
};
-use anyhow::{bail, Context, Result};
+use anyhow::{Context, Result};
use binder_common::lazy_service::LazyServiceGuard;
use compos_aidl_interface::aidl::com::android::compos::ICompOsService::ICompOsService;
use compos_aidl_interface::binder::{ParcelFileDescriptor, Strong};
use compos_common::compos_client::{VmInstance, VmParameters};
-use compos_common::{
- COMPOS_DATA_ROOT, IDSIG_FILE, IDSIG_MANIFEST_APK_FILE, INSTANCE_IMAGE_FILE,
- PRIVATE_KEY_BLOB_FILE, PUBLIC_KEY_FILE,
-};
-use log::{info, warn};
+use compos_common::{COMPOS_DATA_ROOT, IDSIG_FILE, IDSIG_MANIFEST_APK_FILE, INSTANCE_IMAGE_FILE};
+use log::info;
use std::fs;
use std::path::{Path, PathBuf};
@@ -53,8 +50,6 @@
instance_image: PathBuf,
idsig: PathBuf,
idsig_manifest_apk: PathBuf,
- key_blob: PathBuf,
- public_key: PathBuf,
vm_parameters: VmParameters,
}
@@ -65,61 +60,17 @@
let instance_image = instance_root_path.join(INSTANCE_IMAGE_FILE);
let idsig = instance_root_path.join(IDSIG_FILE);
let idsig_manifest_apk = instance_root_path.join(IDSIG_MANIFEST_APK_FILE);
- let key_blob = instance_root_path.join(PRIVATE_KEY_BLOB_FILE);
- let public_key = instance_root_path.join(PUBLIC_KEY_FILE);
Self {
instance_name: instance_name.to_owned(),
instance_root,
instance_image,
idsig,
idsig_manifest_apk,
- key_blob,
- public_key,
vm_parameters,
}
}
- pub fn create_or_start_instance(
- &self,
- virtualization_service: &dyn IVirtualizationService,
- ) -> Result<CompOsInstance> {
- let compos_instance = self.start_existing_instance(virtualization_service);
- match compos_instance {
- Ok(_) => return compos_instance,
- Err(e) => warn!("Failed to start: {}", e),
- }
-
- self.start_new_instance(virtualization_service)
- }
-
- fn start_existing_instance(
- &self,
- virtualization_service: &dyn IVirtualizationService,
- ) -> Result<CompOsInstance> {
- // No point even trying if the files we need aren't there.
- self.check_files_exist()?;
-
- info!("Starting {} CompOs instance", self.instance_name);
-
- let key_blob = fs::read(&self.key_blob).context("Reading private key blob")?;
- let public_key = fs::read(&self.public_key).context("Reading public key")?;
-
- let compos_instance = self.start_vm(virtualization_service)?;
- let service = &compos_instance.service;
-
- if !service.verifySigningKey(&key_blob, &public_key).context("Verifying key pair")? {
- bail!("Key pair invalid");
- }
-
- // If we get this far then the instance image is valid in the current context (e.g. the
- // current set of APEXes) and the key blob can be successfully decrypted by the VM. So the
- // files have not been tampered with and we're good to go.
- service.initializeSigningKey(&key_blob).context("Loading signing key")?;
-
- Ok(compos_instance)
- }
-
- fn start_new_instance(
+ pub fn start_new_instance(
&self,
virtualization_service: &dyn IVirtualizationService,
) -> Result<CompOsInstance> {
@@ -128,23 +79,15 @@
// Ignore failure here - the directory may already exist.
let _ = fs::create_dir(&self.instance_root);
+ // Overwrite any existing instance - it's unlikely to be valid with the current set
+ // of APEXes, and finding out it isn't is much more expensive than creating a new one.
self.create_instance_image(virtualization_service)?;
+
// Delete existing idsig files. Ignore error in case idsig doesn't exist.
let _ = fs::remove_file(&self.idsig);
let _ = fs::remove_file(&self.idsig_manifest_apk);
- let compos_instance = self.start_vm(virtualization_service)?;
- let service = &compos_instance.service;
-
- let key_data = service.generateSigningKey().context("Generating signing key")?;
- fs::write(&self.key_blob, &key_data.keyBlob).context("Writing key blob")?;
- fs::write(&self.public_key, &key_data.publicKey).context("Writing public key")?;
-
- // Unlike when starting an existing instance, we don't need to verify the key, since we
- // just generated it and have it in memory.
- service.initializeSigningKey(&key_data.keyBlob).context("Loading signing key")?;
-
- Ok(compos_instance)
+ self.start_vm(virtualization_service)
}
fn start_vm(
@@ -187,21 +130,4 @@
.context("Writing instance image file")?;
Ok(())
}
-
- fn check_files_exist(&self) -> Result<()> {
- if !self.instance_root.is_dir() {
- bail!("Directory {:?} not found", self.instance_root)
- };
- Self::check_file_exists(&self.instance_image)?;
- Self::check_file_exists(&self.key_blob)?;
- Self::check_file_exists(&self.public_key)?;
- Ok(())
- }
-
- fn check_file_exists(file: &Path) -> Result<()> {
- if !file.is_file() {
- bail!("File {:?} not found", file)
- };
- Ok(())
- }
}
diff --git a/compos/composd/src/service.rs b/compos/composd/src/service.rs
index 8e5586e..f4798d7 100644
--- a/compos/composd/src/service.rs
+++ b/compos/composd/src/service.rs
@@ -70,8 +70,7 @@
&self,
callback: &Strong<dyn ICompilationTaskCallback>,
) -> Result<Strong<dyn ICompilationTask>> {
- // TODO: Try to start the current instance with staged APEXes to see if it works?
- let comp_os = self.instance_manager.start_pending_instance().context("Starting CompOS")?;
+ let comp_os = self.instance_manager.start_current_instance().context("Starting CompOS")?;
let target_dir_name = PENDING_ARTIFACTS_SUBDIR.to_owned();
let task = OdrefreshTask::start(