Better documentation.
Add an explanation of the choice of UID/GID.
Fix a TODO to point to a more specific bug and be more accurate.
Bug: 297501338
Bug: 294048581
Test: N/A
Change-Id: If7d24289aff2e42a73670aa4461c1875eb050316
diff --git a/libs/microdroid_uids/src/lib.rs b/libs/microdroid_uids/src/lib.rs
index 1f09c65..04dc190 100644
--- a/libs/microdroid_uids/src/lib.rs
+++ b/libs/microdroid_uids/src/lib.rs
@@ -17,6 +17,17 @@
/// Always the user ID of Root.
pub const ROOT_UID: u32 = 0;
+// Android reserves UID/GIDs 6000-6499 for use by the system partition -
+// see AID_SYSTEM_RESERVED_START.
+// Within Microdroid we own the system partition, so they are free for our
+// use. The Microdroid system image includes /system/ext/passwd and
+// /system/ext/group files that allocate names to the IDs that we are
+// using, so that tools like `ps` handle them correctly - see build targets
+// microdroid_etc_passwd and microdroid_etc_group.
+// (Our UIDs are entirely separate from Android's, but we use the same
+// Bionic, and it uses the Android definitions - so using a reserved range
+// helps avoid confusion.)
+
/// Group ID shared by all payload users.
pub const MICRODROID_PAYLOAD_GID: u32 = if cfg!(payload_not_root) { 6000 } else { 0 };
diff --git a/microdroid_manager/src/main.rs b/microdroid_manager/src/main.rs
index 5a5b34a..1c79452 100644
--- a/microdroid_manager/src/main.rs
+++ b/microdroid_manager/src/main.rs
@@ -855,7 +855,7 @@
info!("executing main task {:?}...", task);
let mut command = match task.type_ {
TaskType::Executable => {
- // TODO(b/296393106): Run system payloads as non-root.
+ // TODO(b/297501338): Figure out how to handle non-root for system payloads.
Command::new(&task.command)
}
TaskType::MicrodroidLauncher => {