vm cli: add --tee_services flag
This can be used to test for end-to-end integration of the custom smcs
filtering project i'm working on.
Bug: 360102915
Test: adb shell /apex/com.android.virt/bin/vm run --help
Test: adb shell /apex/com.android.virt/bin/vm run-microdroid --help
Change-Id: I6c0f349d4295115b4b6ab0c37793710146f949f9
diff --git a/android/vm/src/main.rs b/android/vm/src/main.rs
index 110e0ca..7bfd957 100644
--- a/android/vm/src/main.rs
+++ b/android/vm/src/main.rs
@@ -72,6 +72,11 @@
/// Boost uclamp to stablise results for benchmarks.
#[arg(short, long)]
boost_uclamp: bool,
+
+ /// Secure services this VM wants to access.
+ #[cfg(tee_services_allowlist)]
+ #[arg(long)]
+ tee_services: Vec<String>,
}
impl CommonConfig {
@@ -84,6 +89,16 @@
}
}
}
+
+ fn tee_services(&self) -> &[String] {
+ cfg_if::cfg_if! {
+ if #[cfg(tee_services_allowlist)] {
+ &self.tee_services
+ } else {
+ &[]
+ }
+ }
+ }
}
#[derive(Args, Default)]
diff --git a/android/vm/src/run.rs b/android/vm/src/run.rs
index b07a472..2157ea8 100644
--- a/android/vm/src/run.rs
+++ b/android/vm/src/run.rs
@@ -156,6 +156,7 @@
})
.collect::<Result<_, _>>()?,
networkSupported: config.common.network_supported(),
+ teeServices: config.common.tee_services().to_vec(),
..Default::default()
};
@@ -263,8 +264,8 @@
if let Some(mem) = config.common.mem {
vm_config.memoryMib = mem as i32;
}
- if let Some(name) = config.common.name {
- vm_config.name = name;
+ if let Some(ref name) = config.common.name {
+ vm_config.name = name.to_string();
} else {
vm_config.name = String::from("VmRun");
}
@@ -274,6 +275,7 @@
vm_config.cpuTopology = config.common.cpu_topology;
vm_config.hugePages = config.common.hugepages;
vm_config.boostUclamp = config.common.boost_uclamp;
+ vm_config.teeServices = config.common.tee_services().to_vec();
run(
get_service()?.as_ref(),
&VirtualMachineConfig::RawConfig(vm_config),