Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 65ddfc4d84384a15a8e812df60497bf85fec1db4^! / . / microdroid_manager / src / main.rs
commit65ddfc4d84384a15a8e812df60497bf85fec1db4[log] [tgz]
authorAndrew Scull <ascull@google.com>Mon Feb 14 21:03:58 2022 +0000
committerAndrew Scull <ascull@google.com>Wed Feb 16 09:53:14 2022 +0000
tree5e7ba03ed1a0c925b320ee7e6990fadd34b0b520
parente127cff68ed7d89c8dcfa43969b4b5ea4b058926 [diff] [blame]
Add a property to reflect the app debuggability

Set a build-time config to declare app debuggability that is used as
input to DICE and by apps, such as compos, that make decisions based on
this state. This will make it easier to tweak the definition of
debuggability and keep it consistent across dependents.

Bug: 219740340
Test: atest ComposHostTestCases
Test: atest MicrodroidTests
Change-Id: I770ae615a958dd6939925c400336a2550a3d950d

diff --git a/microdroid_manager/src/main.rs b/microdroid_manager/src/main.rs
index 1b3aa7f..b644285 100644
--- a/microdroid_manager/src/main.rs
+++ b/microdroid_manager/src/main.rs

@@ -67,8 +67,7 @@
 
 const APEX_CONFIG_DONE_PROP: &str = "apex_config.done";
 const LOGD_ENABLED_PROP: &str = "ro.boot.logd.enabled";
-const ADBD_ENABLED_PROP: &str = "ro.boot.adb.enabled";
-const DEBUGGABLE_PROP: &str = "ro.boot.microdroid.debuggable";
+const APP_DEBUGGABLE_PROP: &str = "ro.boot.microdroid.app_debuggable";
 
 #[derive(thiserror::Error, Debug)]
 enum MicrodroidError {
@@ -145,15 +144,6 @@
     }
 }
 
-fn is_debuggable() -> Result<bool> {
-    // Read all the properties so the behaviour is most similar between debug and non-debug boots.
-    // Defensively default to debug enabled for unrecognised values.
-    let adb = system_properties::read_bool(ADBD_ENABLED_PROP, true)?;
-    let logd = system_properties::read_bool(LOGD_ENABLED_PROP, true)?;
-    let debuggable = system_properties::read_bool(DEBUGGABLE_PROP, true)?;
-    Ok(adb || logd || debuggable)
-}
-
 fn dice_derivation(verified_data: MicrodroidData, payload_config_path: &str) -> Result<()> {
     // Calculate compound digests of code and authorities
     let mut code_hash_ctx = digest::Context::new(&digest::SHA512);
@@ -183,6 +173,9 @@
     encode_header(3, config_path_bytes.len().try_into().unwrap(), &mut config_desc)?;
     config_desc.extend_from_slice(config_path_bytes);
 
+    // Check app debuggability, conervatively assuming it is debuggable
+    let app_debuggable = system_properties::read_bool(APP_DEBUGGABLE_PROP, true)?;
+
     // Send the details to diced
     let diced =
         wait_for_interface::<dyn IDiceMaintenance>("android.security.dice.IDiceMaintenance")
@@ -193,7 +186,7 @@
             config: Config { desc: config_desc },
             authorityHash: authority_hash,
             authorityDescriptor: None,
-            mode: if is_debuggable()? { Mode::DEBUG } else { Mode::NORMAL },
+            mode: if app_debuggable { Mode::DEBUG } else { Mode::NORMAL },
             hidden: verified_data.salt.try_into().unwrap(),
         }])
         .context("IDiceMaintenance::demoteSelf failed")?;