Merge "pvmfw: use libavb_rs descriptor APIs" into main
diff --git a/Android.bp b/Android.bp
index 54919d4..696a963 100644
--- a/Android.bp
+++ b/Android.bp
@@ -28,6 +28,7 @@
"release_avf_enable_multi_tenant_microdroid_vm",
"release_avf_enable_remote_attestation",
"release_avf_enable_vendor_modules",
+ "release_avf_enable_virt_cpufreq",
],
properties: [
"cfgs",
@@ -55,6 +56,9 @@
release_avf_enable_vendor_modules: {
cfgs: ["vendor_modules"],
},
+ release_avf_enable_virt_cpufreq: {
+ cfgs: ["virt_cpufreq"],
+ },
},
}
diff --git a/authfs/fd_server/src/main.rs b/authfs/fd_server/src/main.rs
index 47983cb..26315bf 100644
--- a/authfs/fd_server/src/main.rs
+++ b/authfs/fd_server/src/main.rs
@@ -123,7 +123,9 @@
fn main() -> Result<()> {
android_logger::init_once(
- android_logger::Config::default().with_tag("fd_server").with_min_level(log::Level::Debug),
+ android_logger::Config::default()
+ .with_tag("fd_server")
+ .with_max_level(log::LevelFilter::Debug),
);
let args = Args::parse();
diff --git a/authfs/service/src/main.rs b/authfs/service/src/main.rs
index 67e22a5..97e684d 100644
--- a/authfs/service/src/main.rs
+++ b/authfs/service/src/main.rs
@@ -130,9 +130,9 @@
#[allow(clippy::eq_op)]
fn try_main() -> Result<()> {
let debuggable = env!("TARGET_BUILD_VARIANT") != "user";
- let log_level = if debuggable { log::Level::Trace } else { log::Level::Info };
+ let log_level = if debuggable { log::LevelFilter::Trace } else { log::LevelFilter::Info };
android_logger::init_once(
- android_logger::Config::default().with_tag("authfs_service").with_min_level(log_level),
+ android_logger::Config::default().with_tag("authfs_service").with_max_level(log_level),
);
clean_up_working_directory()?;
diff --git a/authfs/src/main.rs b/authfs/src/main.rs
index e14b771..e46b197 100644
--- a/authfs/src/main.rs
+++ b/authfs/src/main.rs
@@ -293,9 +293,9 @@
fn try_main() -> Result<()> {
let args = Args::parse();
- let log_level = if args.debug { log::Level::Debug } else { log::Level::Info };
+ let log_level = if args.debug { log::LevelFilter::Debug } else { log::LevelFilter::Info };
android_logger::init_once(
- android_logger::Config::default().with_tag("authfs").with_min_level(log_level),
+ android_logger::Config::default().with_tag("authfs").with_max_level(log_level),
);
let service = file::get_rpc_binder_service(args.cid)?;
diff --git a/compos/composd/src/composd_main.rs b/compos/composd/src/composd_main.rs
index 9f6ce9c..e5d6c75 100644
--- a/compos/composd/src/composd_main.rs
+++ b/compos/composd/src/composd_main.rs
@@ -34,9 +34,9 @@
#[allow(clippy::eq_op)]
fn try_main() -> Result<()> {
let debuggable = env!("TARGET_BUILD_VARIANT") != "user";
- let log_level = if debuggable { log::Level::Debug } else { log::Level::Info };
+ let log_level = if debuggable { log::LevelFilter::Debug } else { log::LevelFilter::Info };
android_logger::init_once(
- android_logger::Config::default().with_tag("composd").with_min_level(log_level),
+ android_logger::Config::default().with_tag("composd").with_max_level(log_level),
);
// Redirect panic messages to logcat.
diff --git a/compos/composd/src/instance_manager.rs b/compos/composd/src/instance_manager.rs
index d7c0f9a..510ad11 100644
--- a/compos/composd/src/instance_manager.rs
+++ b/compos/composd/src/instance_manager.rs
@@ -90,7 +90,7 @@
fn compos_memory_mib() -> Result<i32> {
// Enough memory to complete odrefresh in the VM, for older versions of ART that don't set the
// property explicitly.
- const DEFAULT_MEMORY_MIB: u32 = 400;
+ const DEFAULT_MEMORY_MIB: u32 = 600;
let art_requested_mib =
read_property("composd.vm.art.memory_mib.config")?.unwrap_or(DEFAULT_MEMORY_MIB);
diff --git a/compos/src/compsvc_main.rs b/compos/src/compsvc_main.rs
index 128d581..06cc599 100644
--- a/compos/src/compsvc_main.rs
+++ b/compos/src/compsvc_main.rs
@@ -40,7 +40,9 @@
fn try_main() -> Result<()> {
android_logger::init_once(
- android_logger::Config::default().with_tag("compsvc").with_min_level(log::Level::Debug),
+ android_logger::Config::default()
+ .with_tag("compsvc")
+ .with_max_level(log::LevelFilter::Debug),
);
// Redirect panic messages to logcat.
panic::set_hook(Box::new(|panic_info| {
diff --git a/compos/verify/verify.rs b/compos/verify/verify.rs
index 952e9c7..567083d 100644
--- a/compos/verify/verify.rs
+++ b/compos/verify/verify.rs
@@ -60,8 +60,8 @@
android_logger::init_once(
android_logger::Config::default()
.with_tag("compos_verify")
- .with_min_level(log::Level::Info)
- .with_log_id(LogId::System), // Needed to log successfully early in boot
+ .with_max_level(log::LevelFilter::Info)
+ .with_log_buffer(LogId::System), // Needed to log successfully early in boot
);
// Redirect panic messages to logcat.
diff --git a/encryptedstore/src/main.rs b/encryptedstore/src/main.rs
index dcb1cba..983e3e9 100644
--- a/encryptedstore/src/main.rs
+++ b/encryptedstore/src/main.rs
@@ -37,7 +37,7 @@
android_logger::init_once(
android_logger::Config::default()
.with_tag("encryptedstore")
- .with_min_level(log::Level::Info),
+ .with_max_level(log::LevelFilter::Info),
);
if let Err(e) = try_main() {
diff --git a/javalib/Android.bp b/javalib/Android.bp
index cbc2a17..e3cb2e3 100644
--- a/javalib/Android.bp
+++ b/javalib/Android.bp
@@ -64,39 +64,3 @@
"//packages/modules/Virtualization:__subpackages__",
],
}
-
-java_api_contribution {
- name: "framework-virtualization-public-stubs",
- api_surface: "public",
- api_file: "api/current.txt",
- visibility: [
- "//build/orchestrator/apis",
- ],
-}
-
-java_api_contribution {
- name: "framework-virtualization-system-stubs",
- api_surface: "system",
- api_file: "api/system-current.txt",
- visibility: [
- "//build/orchestrator/apis",
- ],
-}
-
-java_api_contribution {
- name: "framework-virtualization-test-stubs",
- api_surface: "test",
- api_file: "api/test-current.txt",
- visibility: [
- "//build/orchestrator/apis",
- ],
-}
-
-java_api_contribution {
- name: "framework-virtualization-module-lib-stubs",
- api_surface: "module-lib",
- api_file: "api/module-lib-current.txt",
- visibility: [
- "//build/orchestrator/apis",
- ],
-}
diff --git a/javalib/src/android/system/virtualmachine/VirtualMachineConfig.java b/javalib/src/android/system/virtualmachine/VirtualMachineConfig.java
index 474c2f2..e8ef195 100644
--- a/javalib/src/android/system/virtualmachine/VirtualMachineConfig.java
+++ b/javalib/src/android/system/virtualmachine/VirtualMachineConfig.java
@@ -49,6 +49,7 @@
import java.io.OutputStream;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
+import java.util.Collections;
import java.util.Objects;
import java.util.zip.ZipFile;
@@ -126,7 +127,7 @@
/**
* Run VM with vCPU topology matching the physical CPU topology of the host. Usually takes
- * longer to boot and cosumes more resources compared to a single vCPU. Typically a good option
+ * longer to boot and consumes more resources compared to a single vCPU. Typically a good option
* for long-running workloads that benefit from parallel execution.
*
* @hide
@@ -519,6 +520,7 @@
VirtualMachinePayloadConfig payloadConfig = new VirtualMachinePayloadConfig();
payloadConfig.payloadBinaryName = mPayloadBinaryName;
payloadConfig.osName = mOs;
+ payloadConfig.extraApks = Collections.emptyList();
vsConfig.payload =
VirtualMachineAppConfig.Payload.payloadConfig(payloadConfig);
} else {
@@ -947,7 +949,8 @@
@FlaggedApi("RELEASE_AVF_ENABLE_VENDOR_MODULES")
@NonNull
public Builder setVendorDiskImage(@NonNull File vendorDiskImage) {
- mVendorDiskImage = vendorDiskImage;
+ mVendorDiskImage =
+ requireNonNull(vendorDiskImage, "vendor disk image must not be null");
return this;
}
diff --git a/javalib/src/android/system/virtualmachine/VirtualizationService.java b/javalib/src/android/system/virtualmachine/VirtualizationService.java
index 1cf97b5..57990a9 100644
--- a/javalib/src/android/system/virtualmachine/VirtualizationService.java
+++ b/javalib/src/android/system/virtualmachine/VirtualizationService.java
@@ -57,13 +57,13 @@
private VirtualizationService() throws VirtualMachineException {
int clientFd = nativeSpawn();
if (clientFd < 0) {
- throw new VirtualMachineException("Could not spawn VirtualizationService");
+ throw new VirtualMachineException("Could not spawn Virtualization Manager");
}
mClientFd = ParcelFileDescriptor.adoptFd(clientFd);
IBinder binder = nativeConnect(mClientFd.getFd());
if (binder == null) {
- throw new VirtualMachineException("Could not connect to VirtualizationService");
+ throw new VirtualMachineException("Could not connect to Virtualization Manager");
}
mBinder = IVirtualizationService.Stub.asInterface(binder);
}
diff --git a/libs/libfdt/src/iterators.rs b/libs/libfdt/src/iterators.rs
index 7406164..e818c68 100644
--- a/libs/libfdt/src/iterators.rs
+++ b/libs/libfdt/src/iterators.rs
@@ -304,7 +304,7 @@
}
impl<'a> SubnodeIterator<'a> {
- pub(crate) fn new(node: &'a FdtNode) -> Result<Self, FdtError> {
+ pub(crate) fn new(node: &FdtNode<'a>) -> Result<Self, FdtError> {
let subnode = node.first_subnode()?;
Ok(Self { subnode })
diff --git a/libs/libfdt/src/lib.rs b/libs/libfdt/src/lib.rs
index d90f5f0..8a4e251 100644
--- a/libs/libfdt/src/lib.rs
+++ b/libs/libfdt/src/lib.rs
@@ -468,7 +468,7 @@
}
/// Returns an iterator of subnodes
- pub fn subnodes(&'a self) -> Result<SubnodeIterator<'a>> {
+ pub fn subnodes(&self) -> Result<SubnodeIterator<'a>> {
SubnodeIterator::new(self)
}
@@ -750,6 +750,14 @@
FdtNode { fdt: self.fdt, offset: self.offset }
}
+ /// Adds new subnodes to the given node.
+ pub fn add_subnodes(&mut self, names: &[&CStr]) -> Result<()> {
+ for name in names {
+ self.add_subnode_offset(name.to_bytes())?;
+ }
+ Ok(())
+ }
+
/// Adds a new subnode to the given node and return it as a FdtNodeMut on success.
pub fn add_subnode(&'a mut self, name: &CStr) -> Result<Self> {
let offset = self.add_subnode_offset(name.to_bytes())?;
diff --git a/libs/libfdt/tests/api_test.rs b/libs/libfdt/tests/api_test.rs
index 08fb8a5..cafbf97 100644
--- a/libs/libfdt/tests/api_test.rs
+++ b/libs/libfdt/tests/api_test.rs
@@ -19,6 +19,7 @@
use core::ffi::CStr;
use cstr::cstr;
use libfdt::{Fdt, FdtError, FdtNodeMut, Phandle};
+use std::collections::HashSet;
use std::ffi::CString;
use std::fs;
use std::ops::Range;
@@ -451,6 +452,22 @@
}
#[test]
+fn node_mut_add_subnodes() {
+ let mut data = vec![0_u8; 1000];
+ let fdt = Fdt::create_empty_tree(&mut data).unwrap();
+
+ let mut root = fdt.root_mut().unwrap();
+ let names = [cstr!("a"), cstr!("b")];
+ root.add_subnodes(&names).unwrap();
+
+ let expected: HashSet<_> = names.into_iter().collect();
+ let subnodes = fdt.root().unwrap().subnodes().unwrap();
+ let names: HashSet<_> = subnodes.map(|node| node.name().unwrap()).collect();
+
+ assert_eq!(expected, names);
+}
+
+#[test]
#[ignore] // Borrow checker test. Compilation success is sufficient.
fn node_subnode_lifetime() {
let data = fs::read(TEST_TREE_PHANDLE_PATH).unwrap();
@@ -471,6 +488,28 @@
#[test]
#[ignore] // Borrow checker test. Compilation success is sufficient.
+fn node_subnodess_lifetime() {
+ let data = fs::read(TEST_TREE_PHANDLE_PATH).unwrap();
+ let fdt = Fdt::from_slice(&data).unwrap();
+
+ let first_subnode_name = {
+ let first_subnode = {
+ let mut subnodes_iter = {
+ let root = fdt.root().unwrap();
+ root.subnodes().unwrap()
+ // Make root to be dropped
+ };
+ subnodes_iter.next().unwrap()
+ // Make subnodess_iter to be dropped
+ };
+ first_subnode.name()
+ // Make first_subnode to be dropped
+ };
+ assert_eq!(Ok(cstr!("node_a")), first_subnode_name);
+}
+
+#[test]
+#[ignore] // Borrow checker test. Compilation success is sufficient.
fn node_descendants_lifetime() {
let data = fs::read(TEST_TREE_PHANDLE_PATH).unwrap();
let fdt = Fdt::from_slice(&data).unwrap();
diff --git a/microdroid/fstab.microdroid b/microdroid/fstab.microdroid
index 2742757..3209442 100644
--- a/microdroid/fstab.microdroid
+++ b/microdroid/fstab.microdroid
@@ -2,4 +2,4 @@
# This is a temporary solution to unblock other devs that depend on /vendor partition in Microdroid
# The /vendor partition will only be mounted if the kernel cmdline contains
# androidboot.microdroid.mount_vendor=1.
-/dev/block/by-name/microdroid-vendor /vendor ext4 noatime,ro,errors=panic wait,first_stage_mount,avb_hashtree_digest=/sys/firmware/devicetree/base/avf/vendor_hashtree_descriptor_root_digest
+/dev/block/by-name/microdroid-vendor /vendor ext4 noatime,ro,errors=panic wait,first_stage_mount,avb_hashtree_digest=/proc/device-tree/avf/vendor_hashtree_descriptor_root_digest
diff --git a/microdroid/init_debug_policy/src/init_debug_policy.rs b/microdroid/init_debug_policy/src/init_debug_policy.rs
index 6c80926..90d04ac 100644
--- a/microdroid/init_debug_policy/src/init_debug_policy.rs
+++ b/microdroid/init_debug_policy/src/init_debug_policy.rs
@@ -29,11 +29,10 @@
}
fn main() -> Result<(), PropertyWatcherError> {
- // If VM is debuggable or debug policy says so, send logs to outside ot the VM via the serial console.
- // Otherwise logs are internally consumed at /dev/null
+ // If VM is debuggable or debug policy says so, send logs to outside ot the VM via the serial
+ // console. Otherwise logs are internally consumed at /dev/null
let log_path = if system_properties::read_bool("ro.boot.microdroid.debuggable", false)?
- || get_debug_policy_bool("/sys/firmware/devicetree/base/avf/guest/common/log")
- .unwrap_or_default()
+ || get_debug_policy_bool("/proc/device-tree/avf/guest/common/log").unwrap_or_default()
{
"/dev/hvc2"
} else {
@@ -42,8 +41,7 @@
system_properties::write("ro.log.file_logger.path", log_path)?;
let (adbd_enabled, debuggable) = if system_properties::read_bool("ro.boot.adb.enabled", false)?
- || get_debug_policy_bool("/sys/firmware/devicetree/base/avf/guest/microdroid/adb")
- .unwrap_or_default()
+ || get_debug_policy_bool("/proc/device-tree/avf/guest/microdroid/adb").unwrap_or_default()
{
// debuggable is required for adb root and bypassing adb authorization.
("1", "1")
diff --git a/microdroid/payload/metadata.proto b/microdroid/payload/metadata.proto
index b03d466..e47fc83 100644
--- a/microdroid/payload/metadata.proto
+++ b/microdroid/payload/metadata.proto
@@ -74,4 +74,8 @@
// Required.
// Name of the payload binary file inside the APK.
string payload_binary_name = 1;
+
+ // Optional.
+ // The number of extra APKs that are present.
+ uint32 extra_apk_count = 2;
}
diff --git a/microdroid_manager/Android.bp b/microdroid_manager/Android.bp
index 1696aae..81bb409 100644
--- a/microdroid_manager/Android.bp
+++ b/microdroid_manager/Android.bp
@@ -29,7 +29,7 @@
"libclient_vm_csr",
"libciborium",
"libcoset",
- "libdice_policy",
+ "libdice_policy_builder",
"libdiced_open_dice",
"libdiced_sample_inputs",
"libglob",
diff --git a/microdroid_manager/src/main.rs b/microdroid_manager/src/main.rs
index 8888feb..86284a5 100644
--- a/microdroid_manager/src/main.rs
+++ b/microdroid_manager/src/main.rs
@@ -43,7 +43,7 @@
use libc::VMADDR_CID_HOST;
use log::{error, info};
use microdroid_metadata::PayloadMetadata;
-use microdroid_payload_config::{OsConfig, Task, TaskType, VmPayloadConfig};
+use microdroid_payload_config::{ApkConfig, OsConfig, Task, TaskType, VmPayloadConfig};
use nix::sys::signal::Signal;
use openssl::hkdf::hkdf;
use openssl::md::Md;
@@ -68,11 +68,11 @@
use vm_secret::VmSecret;
const WAIT_TIMEOUT: Duration = Duration::from_secs(10);
-const AVF_STRICT_BOOT: &str = "/sys/firmware/devicetree/base/chosen/avf,strict-boot";
-const AVF_NEW_INSTANCE: &str = "/sys/firmware/devicetree/base/chosen/avf,new-instance";
-const AVF_DEBUG_POLICY_RAMDUMP: &str = "/sys/firmware/devicetree/base/avf/guest/common/ramdump";
+const AVF_STRICT_BOOT: &str = "/proc/device-tree/chosen/avf,strict-boot";
+const AVF_NEW_INSTANCE: &str = "/proc/device-tree/chosen/avf,new-instance";
+const AVF_DEBUG_POLICY_RAMDUMP: &str = "/proc/device-tree/avf/guest/common/ramdump";
const DEBUG_MICRODROID_NO_VERIFIED_BOOT: &str =
- "/sys/firmware/devicetree/base/virtualization/guest/debug-microdroid,no-verified-boot";
+ "/proc/device-tree/virtualization/guest/debug-microdroid,no-verified-boot";
const ENCRYPTEDSTORE_BIN: &str = "/system/bin/encryptedstore";
const ZIPFUSE_BIN: &str = "/system/bin/zipfuse";
@@ -171,7 +171,7 @@
android_logger::init_once(
android_logger::Config::default()
.with_tag("microdroid_manager")
- .with_min_level(log::Level::Info),
+ .with_max_level(log::LevelFilter::Info),
);
info!("started.");
@@ -580,11 +580,15 @@
type_: TaskType::MicrodroidLauncher,
command: payload_config.payload_binary_name,
};
+ // We don't care about the paths, only the number of extra APKs really matters.
+ let extra_apks = (0..payload_config.extra_apk_count)
+ .map(|i| ApkConfig { path: format!("extra-apk-{i}") })
+ .collect();
Ok(VmPayloadConfig {
os: OsConfig { name: "microdroid".to_owned() },
task: Some(task),
apexes: vec![],
- extra_apks: vec![],
+ extra_apks,
prefer_staged: false,
export_tombstones: None,
enable_authfs: false,
diff --git a/microdroid_manager/src/vm_secret.rs b/microdroid_manager/src/vm_secret.rs
index 9b7d4f1..0e1ec71 100644
--- a/microdroid_manager/src/vm_secret.rs
+++ b/microdroid_manager/src/vm_secret.rs
@@ -20,7 +20,7 @@
use secretkeeper_comm::data_types::request::Request;
use binder::{Strong};
use coset::CborSerializable;
-use dice_policy::{ConstraintSpec, ConstraintType, DicePolicy, MissingAction};
+use dice_policy_builder::{CertIndex, ConstraintSpec, ConstraintType, policy_for_dice_chain, MissingAction, WILDCARD_FULL_ARRAY};
use diced_open_dice::{DiceArtifacts, OwnedDiceArtifacts};
use keystore2_crypto::ZVec;
use openssl::hkdf::hkdf;
@@ -41,6 +41,12 @@
const MODE: i64 = -4670551;
const CONFIG_DESC: i64 = -4670548;
const SECURITY_VERSION: i64 = -70005;
+const SUBCOMPONENT_DESCRIPTORS: i64 = -71002;
+const SUBCOMPONENT_SECURITY_VERSION: i64 = 2;
+const SUBCOMPONENT_AUTHORITY_HASH: i64 = 4;
+// Index of DiceChainEntry corresponding to Payload (relative to the end considering DICE Chain
+// as an array)
+const PAYLOAD_INDEX_FROM_END: usize = 0;
// Generated using hexdump -vn32 -e'14/1 "0x%02X, " 1 "\n"' /dev/urandom
const SALT_ENCRYPTED_STORE: &[u8] = &[
@@ -161,19 +167,55 @@
// components may chose to prevent booting of rollback images for ex, ABL is expected to provide
// rollback protection of pvmfw. Such components may chose to not put SECURITY_VERSION in the
// corresponding DiceChainEntry.
-// TODO(b/291219197) : Add constraints on Extra apks as well!
+// 4. For each Subcomponent on the last DiceChainEntry (which corresponds to VM payload, See
+// microdroid_manager/src/vm_config.cddl):
+// - GreaterOrEqual on SECURITY_VERSION (Required)
+// - ExactMatch on AUTHORITY_HASH (Required).
fn sealing_policy(dice: &[u8]) -> Result<Vec<u8>, String> {
let constraint_spec = [
- ConstraintSpec::new(ConstraintType::ExactMatch, vec![AUTHORITY_HASH], MissingAction::Fail),
- ConstraintSpec::new(ConstraintType::ExactMatch, vec![MODE], MissingAction::Fail),
+ ConstraintSpec::new(
+ ConstraintType::ExactMatch,
+ vec![AUTHORITY_HASH],
+ MissingAction::Fail,
+ CertIndex::All,
+ ),
+ ConstraintSpec::new(
+ ConstraintType::ExactMatch,
+ vec![MODE],
+ MissingAction::Fail,
+ CertIndex::All,
+ ),
ConstraintSpec::new(
ConstraintType::GreaterOrEqual,
vec![CONFIG_DESC, SECURITY_VERSION],
MissingAction::Ignore,
+ CertIndex::All,
+ ),
+ ConstraintSpec::new(
+ ConstraintType::GreaterOrEqual,
+ vec![
+ CONFIG_DESC,
+ SUBCOMPONENT_DESCRIPTORS,
+ WILDCARD_FULL_ARRAY,
+ SUBCOMPONENT_SECURITY_VERSION,
+ ],
+ MissingAction::Fail,
+ CertIndex::FromEnd(PAYLOAD_INDEX_FROM_END),
+ ),
+ ConstraintSpec::new(
+ ConstraintType::ExactMatch,
+ vec![
+ CONFIG_DESC,
+ SUBCOMPONENT_DESCRIPTORS,
+ WILDCARD_FULL_ARRAY,
+ SUBCOMPONENT_AUTHORITY_HASH,
+ ],
+ MissingAction::Fail,
+ CertIndex::FromEnd(PAYLOAD_INDEX_FROM_END),
),
];
- DicePolicy::from_dice_chain(dice, &constraint_spec)?
+ policy_for_dice_chain(dice, &constraint_spec)?
.to_vec()
.map_err(|e| format!("DicePolicy construction failed {e:?}"))
}
diff --git a/tests/aidl/Android.bp b/tests/aidl/Android.bp
index ed4e8ff..7e22646 100644
--- a/tests/aidl/Android.bp
+++ b/tests/aidl/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/tests/benchmark/Android.bp b/tests/benchmark/Android.bp
index 657241c..31fe0f6 100644
--- a/tests/benchmark/Android.bp
+++ b/tests/benchmark/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java b/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java
index e0de9b3..b9faa85 100644
--- a/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java
+++ b/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java
@@ -278,9 +278,7 @@
@Test
public void testMicrodroidDebugBootTime_withVendorPartition() throws Exception {
- assume().withMessage(
- "Cuttlefish doesn't support device tree under"
- + " /sys/firmware/devicetree/base")
+ assume().withMessage("Cuttlefish doesn't support device tree under" + " /proc/device-tree")
.that(isCuttlefish())
.isFalse();
// TODO(b/317567210): Boots fails with vendor partition in HWASAN enabled microdroid
diff --git a/tests/benchmark/src/jni/Android.bp b/tests/benchmark/src/jni/Android.bp
index e1bc8b0..c2e1b7c 100644
--- a/tests/benchmark/src/jni/Android.bp
+++ b/tests/benchmark/src/jni/Android.bp
@@ -1,10 +1,11 @@
-package{
- default_applicable_licenses : ["Android-Apache-2.0"],
+package {
+ default_team: "trendy_team_virtualization",
+ default_applicable_licenses: ["Android-Apache-2.0"],
}
cc_library_shared {
name: "libiovsock_host_jni",
- srcs: [ "io_vsock_host_jni.cpp" ],
+ srcs: ["io_vsock_host_jni.cpp"],
header_libs: ["jni_headers"],
shared_libs: ["libbase"],
-}
\ No newline at end of file
+}
diff --git a/tests/benchmark_hostside/Android.bp b/tests/benchmark_hostside/Android.bp
index b613a8a..8727b05 100644
--- a/tests/benchmark_hostside/Android.bp
+++ b/tests/benchmark_hostside/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/tests/benchmark_hostside/java/android/avf/test/AVFHostTestCase.java b/tests/benchmark_hostside/java/android/avf/test/AVFHostTestCase.java
index b176cfc..f01a76b 100644
--- a/tests/benchmark_hostside/java/android/avf/test/AVFHostTestCase.java
+++ b/tests/benchmark_hostside/java/android/avf/test/AVFHostTestCase.java
@@ -231,7 +231,7 @@
android.tryRun("rm", "-rf", MicrodroidHostTestCaseBase.TEST_ROOT);
// Donate 80% of the available device memory to the VM
- final String configPath = "assets/vm_config.json";
+ final String configPath = "assets/microdroid/vm_config.json";
final int vm_mem_mb = getFreeMemoryInfoMb(android) * 80 / 100;
ITestDevice microdroidDevice =
MicrodroidBuilder.fromDevicePath(getPathForPackage(PACKAGE_NAME), configPath)
diff --git a/tests/helper/Android.bp b/tests/helper/Android.bp
index 614c70c..9223391 100644
--- a/tests/helper/Android.bp
+++ b/tests/helper/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/tests/hostside/Android.bp b/tests/hostside/Android.bp
index e3d9cbe..2cfaffa 100644
--- a/tests/hostside/Android.bp
+++ b/tests/hostside/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/tests/hostside/helper/Android.bp b/tests/hostside/helper/Android.bp
index 75553d0..890e14a 100644
--- a/tests/hostside/helper/Android.bp
+++ b/tests/hostside/helper/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/tests/hostside/helper/java/com/android/microdroid/test/host/MicrodroidHostTestCaseBase.java b/tests/hostside/helper/java/com/android/microdroid/test/host/MicrodroidHostTestCaseBase.java
index 848b43b..9e19b7d 100644
--- a/tests/hostside/helper/java/com/android/microdroid/test/host/MicrodroidHostTestCaseBase.java
+++ b/tests/hostside/helper/java/com/android/microdroid/test/host/MicrodroidHostTestCaseBase.java
@@ -33,12 +33,17 @@
import com.android.tradefed.util.CommandResult;
import com.android.tradefed.util.RunUtil;
+import org.json.JSONArray;
+
import java.io.File;
import java.io.FileNotFoundException;
+import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
+import java.util.List;
import java.util.Set;
+import java.util.stream.Collectors;
public abstract class MicrodroidHostTestCaseBase extends BaseHostJUnit4Test {
protected static final String TEST_ROOT = "/data/local/tmp/virt/";
@@ -164,4 +169,35 @@
.that(pathLine).startsWith("package:");
return pathLine.substring("package:".length());
}
+
+ public List<String> parseStringArrayFieldsFromVmInfo(String header) throws Exception {
+ CommandRunner android = new CommandRunner(getDevice());
+ String result = android.run("/apex/com.android.virt/bin/vm", "info");
+ List<String> ret = new ArrayList<>();
+ for (String line : result.split("\n")) {
+ if (!line.startsWith(header)) continue;
+
+ JSONArray jsonArray = new JSONArray(line.substring(header.length()));
+ for (int i = 0; i < jsonArray.length(); i++) {
+ ret.add(jsonArray.getString(i));
+ }
+ break;
+ }
+ return ret;
+ }
+
+ public List<String> getAssignableDevices() throws Exception {
+ return parseStringArrayFieldsFromVmInfo("Assignable devices: ");
+ }
+
+ public List<String> getSupportedOSList() throws Exception {
+ return parseStringArrayFieldsFromVmInfo("Available OS list: ");
+ }
+
+ public List<String> getSupportedGKIVersions() throws Exception {
+ return getSupportedOSList().stream()
+ .filter(os -> os.startsWith("microdroid_gki-"))
+ .map(os -> os.replaceFirst("^microdroid_gki-", ""))
+ .collect(Collectors.toList());
+ }
}
diff --git a/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java b/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java
index 21abdaa..7a5d69b 100644
--- a/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java
+++ b/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java
@@ -938,7 +938,7 @@
assumeFalse("Unlocked devices may have AVF debug policy", lockProp.equals("orange"));
// Test that AVF debug policy doesn't exist.
- boolean hasDebugPolicy = device.doesFileExist("/sys/firmware/devicetree/base/avf");
+ boolean hasDebugPolicy = device.doesFileExist("/proc/device-tree/avf");
assertThat(hasDebugPolicy).isFalse();
}
@@ -1075,37 +1075,6 @@
&& device.doesFileExist("/sys/bus/platform/drivers/vfio-platform"));
}
- private List<String> parseStringArrayFieldsFromVmInfo(String header) throws Exception {
- CommandRunner android = new CommandRunner(getDevice());
- String result = android.run("/apex/com.android.virt/bin/vm", "info");
- List<String> ret = new ArrayList<>();
- for (String line : result.split("\n")) {
- if (!line.startsWith(header)) continue;
-
- JSONArray jsonArray = new JSONArray(line.substring(header.length()));
- for (int i = 0; i < jsonArray.length(); i++) {
- ret.add(jsonArray.getString(i));
- }
- break;
- }
- return ret;
- }
-
- private List<String> getAssignableDevices() throws Exception {
- return parseStringArrayFieldsFromVmInfo("Assignable devices: ");
- }
-
- private List<String> getSupportedOSList() throws Exception {
- return parseStringArrayFieldsFromVmInfo("Available OS list: ");
- }
-
- private List<String> getSupportedGKIVersions() throws Exception {
- return getSupportedOSList().stream()
- .filter(os -> os.startsWith("microdroid_gki-"))
- .map(os -> os.replaceFirst("^microdroid_gki-", ""))
- .collect(Collectors.toList());
- }
-
private TestDevice getAndroidDevice() {
TestDevice androidDevice = (TestDevice) getDevice();
assertThat(androidDevice).isNotNull();
diff --git a/tests/no_avf/Android.bp b/tests/no_avf/Android.bp
index 22d099e..cdc9e9f 100644
--- a/tests/no_avf/Android.bp
+++ b/tests/no_avf/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/tests/pvmfw/Android.bp b/tests/pvmfw/Android.bp
index c12f67a..03dcc35 100644
--- a/tests/pvmfw/Android.bp
+++ b/tests/pvmfw/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/tests/pvmfw/helper/Android.bp b/tests/pvmfw/helper/Android.bp
index 1b96842..7258c68 100644
--- a/tests/pvmfw/helper/Android.bp
+++ b/tests/pvmfw/helper/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/tests/pvmfw/tools/Android.bp b/tests/pvmfw/tools/Android.bp
index 7bd3ef5..e4a31d5 100644
--- a/tests/pvmfw/tools/Android.bp
+++ b/tests/pvmfw/tools/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/tests/testapk/Android.bp b/tests/testapk/Android.bp
index 6a30b1c..10bbfb4 100644
--- a/tests/testapk/Android.bp
+++ b/tests/testapk/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
index 33d41ab..df6280d 100644
--- a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
+++ b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
@@ -73,6 +73,7 @@
import org.junit.After;
import org.junit.Before;
+import org.junit.Ignore;
import org.junit.Rule;
import org.junit.Test;
import org.junit.function.ThrowingRunnable;
@@ -543,6 +544,7 @@
assertThrows(NullPointerException.class, () -> builder.setApkPath(null));
assertThrows(NullPointerException.class, () -> builder.setPayloadConfigPath(null));
assertThrows(NullPointerException.class, () -> builder.setPayloadBinaryName(null));
+ assertThrows(NullPointerException.class, () -> builder.setVendorDiskImage(null));
assertThrows(NullPointerException.class, () -> builder.setOs(null));
// Individual property checks.
@@ -2105,8 +2107,7 @@
public void configuringVendorDiskImageRequiresCustomPermission() throws Exception {
assumeSupportedDevice();
assumeFalse(
- "Cuttlefish doesn't support device tree under /sys/firmware/devicetree/base",
- isCuttlefish());
+ "Cuttlefish doesn't support device tree under /proc/device-tree", isCuttlefish());
// TODO(b/317567210): Boots fails with vendor partition in HWASAN enabled microdroid
// after introducing verification based on DT and fstab in microdroid vendor partition.
assumeFalse(
@@ -2132,20 +2133,19 @@
.contains("android.permission.USE_CUSTOM_VIRTUAL_MACHINE permission");
}
+ // TODO(b/323768068): Enable this test when we can inject vendor hashkey for test purpose.
+ // After introducing VM reference DT, non-pVM cannot trust test_microdroid_vendor_image.img
+ // as well, because it doesn't pass the hashtree digest of testing image into VM.
+ @Ignore
@Test
public void bootsWithVendorPartition() throws Exception {
assumeSupportedDevice();
assumeFalse(
- "Cuttlefish doesn't support device tree under /sys/firmware/devicetree/base",
- isCuttlefish());
+ "Cuttlefish doesn't support device tree under /proc/device-tree", isCuttlefish());
// TODO(b/317567210): Boots fails with vendor partition in HWASAN enabled microdroid
// after introducing verification based on DT and fstab in microdroid vendor partition.
assumeFalse(
"Boot with vendor partition is failing in HWASAN enabled Microdroid.", isHwasan());
- assumeFalse(
- "Skip test for protected VM, pvmfw config data doesn't contain any information of"
- + " test images, such as root digest.",
- isProtectedVm());
assumeFeatureEnabled(VirtualMachineManager.FEATURE_VENDOR_MODULES);
grantPermission(VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION);
@@ -2177,8 +2177,7 @@
public void creationFailsWithUnsignedVendorPartition() throws Exception {
assumeSupportedDevice();
assumeFalse(
- "Cuttlefish doesn't support device tree under /sys/firmware/devicetree/base",
- isCuttlefish());
+ "Cuttlefish doesn't support device tree under /proc/device-tree", isCuttlefish());
// TODO(b/317567210): Boots fails with vendor partition in HWASAN enabled microdroid
// after introducing verification based on DT and fstab in microdroid vendor partition.
assumeFalse(
@@ -2197,8 +2196,9 @@
.build();
VirtualMachine vm = forceCreateNewVirtualMachine("test_boot_with_unsigned_vendor", config);
- assertThrowsVmExceptionContaining(
- () -> vm.run(), "Failed to get vbmeta from microdroid-vendor.img");
+ BootResult bootResult = tryBootVm(TAG, "test_boot_with_unsigned_vendor");
+ assertThat(bootResult.payloadStarted).isFalse();
+ assertThat(bootResult.deathReason).isEqualTo(VirtualMachineCallback.STOP_REASON_REBOOT);
}
@Test
diff --git a/tests/vendor_images/Android.bp b/tests/vendor_images/Android.bp
index 26dbc01..ecf0bb4 100644
--- a/tests/vendor_images/Android.bp
+++ b/tests/vendor_images/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/tests/vmshareapp/Android.bp b/tests/vmshareapp/Android.bp
index 5f6dc57..d4113bf 100644
--- a/tests/vmshareapp/Android.bp
+++ b/tests/vmshareapp/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/tests/vmshareapp/aidl/Android.bp b/tests/vmshareapp/aidl/Android.bp
index df4a4b4..09e3405 100644
--- a/tests/vmshareapp/aidl/Android.bp
+++ b/tests/vmshareapp/aidl/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/virtualizationmanager/Android.bp b/virtualizationmanager/Android.bp
index f58e999..48b5cd1 100644
--- a/virtualizationmanager/Android.bp
+++ b/virtualizationmanager/Android.bp
@@ -36,10 +36,10 @@
"libbase_rust",
"libbinder_rs",
"libclap",
+ "libcstr",
"libcommand_fds",
"libdisk",
"libglob",
- "libhex",
"libhypervisor_props",
"liblazy_static",
"liblibc",
@@ -60,12 +60,12 @@
"libshared_child",
"libstatslog_virtualization_rust",
"libtombstoned_client_rust",
- "libvbmeta_rust",
"libvm_control",
"libvmconfig",
"libzip",
"libvsock",
"liblibfdt",
+ "libfsfdt",
// TODO(b/202115393) stabilize the interface
"packagemanager_aidl-rust",
],
diff --git a/virtualizationmanager/fsfdt/Android.bp b/virtualizationmanager/fsfdt/Android.bp
new file mode 100644
index 0000000..3a42bf3
--- /dev/null
+++ b/virtualizationmanager/fsfdt/Android.bp
@@ -0,0 +1,32 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+rust_binary {
+ name: "fsfdt",
+ crate_name: "fsfdt",
+ defaults: ["avf_build_flags_rust"],
+ edition: "2021",
+ srcs: ["src/main.rs"],
+ prefer_rlib: true,
+ rustlibs: [
+ "libanyhow",
+ "libclap",
+ "libfsfdt",
+ "liblibfdt",
+ ],
+}
+
+rust_library_rlib {
+ name: "libfsfdt",
+ crate_name: "fsfdt",
+ defaults: ["avf_build_flags_rust"],
+ edition: "2021",
+ srcs: ["src/lib.rs"],
+ prefer_rlib: true,
+ rustlibs: [
+ "liblibfdt",
+ "libanyhow",
+ ],
+ apex_available: ["com.android.virt"],
+}
diff --git a/virtualizationmanager/fsfdt/src/lib.rs b/virtualizationmanager/fsfdt/src/lib.rs
new file mode 100644
index 0000000..a2ca519
--- /dev/null
+++ b/virtualizationmanager/fsfdt/src/lib.rs
@@ -0,0 +1,100 @@
+// Copyright 2024 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Implements converting file system to FDT blob
+
+use anyhow::{anyhow, Context, Result};
+use libfdt::Fdt;
+use std::ffi::{CStr, CString};
+use std::fs;
+use std::os::unix::ffi::OsStrExt;
+use std::path::Path;
+
+/// Trait for Fdt's file system support
+pub trait FsFdt<'a> {
+ /// Creates a Fdt from /proc/device-tree style directory by wrapping a mutable slice
+ fn from_fs(fs_path: &Path, fdt_buffer: &'a mut [u8]) -> Result<&'a mut Self>;
+
+ /// Appends a FDT from /proc/device-tree style directory at the given node path
+ fn append(&mut self, fdt_node_path: &CStr, fs_path: &Path) -> Result<()>;
+}
+
+impl<'a> FsFdt<'a> for Fdt {
+ fn from_fs(fs_path: &Path, fdt_buffer: &'a mut [u8]) -> Result<&'a mut Fdt> {
+ let fdt = Fdt::create_empty_tree(fdt_buffer)
+ .map_err(|e| anyhow!("Failed to create FDT, {e:?}"))?;
+
+ fdt.append(&CString::new("").unwrap(), fs_path)?;
+
+ Ok(fdt)
+ }
+
+ fn append(&mut self, fdt_node_path: &CStr, fs_path: &Path) -> Result<()> {
+ // Recursively traverse fs_path with DFS algorithm.
+ let mut stack = vec![fs_path.to_path_buf()];
+ while let Some(dir_path) = stack.pop() {
+ let relative_path = dir_path
+ .strip_prefix(fs_path)
+ .context("Internal error. Path does not have expected prefix")?
+ .as_os_str();
+ let fdt_path = CString::from_vec_with_nul(
+ [fdt_node_path.to_bytes(), b"/", relative_path.as_bytes(), b"\0"].concat(),
+ )
+ .context("Internal error. Path is not a valid Fdt path")?;
+
+ let mut node = self
+ .node_mut(&fdt_path)
+ .map_err(|e| anyhow!("Failed to write FDT, {e:?}"))?
+ .ok_or_else(|| anyhow!("Failed to find {fdt_node_path:?} in FDT"))?;
+
+ let mut subnode_names = vec![];
+ let entries =
+ fs::read_dir(&dir_path).with_context(|| format!("Failed to read {dir_path:?}"))?;
+ for entry in entries {
+ let entry =
+ entry.with_context(|| format!("Failed to get an entry in {dir_path:?}"))?;
+ let entry_type =
+ entry.file_type().with_context(|| "Unsupported entry type, {entry:?}")?;
+ let entry_name = entry.file_name(); // binding to keep name below.
+ if !entry_name.is_ascii() {
+ return Err(anyhow!("Unsupported entry name for FDT, {entry:?}"));
+ }
+ // Safe to unwrap because validated as an ascii string above.
+ let name = CString::new(entry_name.as_bytes()).unwrap();
+ if entry_type.is_dir() {
+ stack.push(entry.path());
+ subnode_names.push(name);
+ } else if entry_type.is_file() {
+ let value = fs::read(&entry.path())?;
+
+ node.setprop(&name, &value)
+ .map_err(|e| anyhow!("Failed to set FDT property, {e:?}"))?;
+ } else {
+ return Err(anyhow!(
+ "Failed to handle {entry:?}. FDT only uses file or directory"
+ ));
+ }
+ }
+ // Note: sort() is necessary to prevent FdtError::Exists from add_subnodes().
+ // FDT library may omit address in node name when comparing their name, so sort to add
+ // node without address first.
+ subnode_names.sort();
+ let subnode_names_c_str: Vec<_> = subnode_names.iter().map(|x| x.as_c_str()).collect();
+ node.add_subnodes(&subnode_names_c_str)
+ .map_err(|e| anyhow!("Failed to add node, {e:?}"))?;
+ }
+
+ Ok(())
+ }
+}
diff --git a/virtualizationmanager/fsfdt/src/main.rs b/virtualizationmanager/fsfdt/src/main.rs
new file mode 100644
index 0000000..2fe71e7
--- /dev/null
+++ b/virtualizationmanager/fsfdt/src/main.rs
@@ -0,0 +1,42 @@
+// Copyright 2024 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! CLI for converting file system to FDT
+
+use clap::Parser;
+use fsfdt::FsFdt;
+use libfdt::Fdt;
+use std::fs;
+use std::path::PathBuf;
+
+const FDT_MAX_SIZE: usize = 1_000_000_usize;
+
+/// Option parser
+#[derive(Parser, Debug)]
+struct Opt {
+ /// File system path (directory path) to parse from
+ fs_path: PathBuf,
+
+ /// FDT file path for writing
+ fdt_file_path: PathBuf,
+}
+
+fn main() {
+ let opt = Opt::parse();
+
+ let mut data = vec![0_u8; FDT_MAX_SIZE];
+ let fdt = Fdt::from_fs(&opt.fs_path, &mut data).unwrap();
+ fdt.pack().unwrap();
+ fs::write(&opt.fdt_file_path, fdt.as_slice()).unwrap();
+}
diff --git a/virtualizationmanager/src/aidl.rs b/virtualizationmanager/src/aidl.rs
index 2603e77..602c670 100644
--- a/virtualizationmanager/src/aidl.rs
+++ b/virtualizationmanager/src/aidl.rs
@@ -15,13 +15,13 @@
//! Implementation of the AIDL interface of the VirtualizationService.
use crate::{get_calling_pid, get_calling_uid};
-use crate::atom::{
- write_vm_booted_stats, write_vm_creation_stats};
+use crate::atom::{write_vm_booted_stats, write_vm_creation_stats};
use crate::composite::make_composite_image;
use crate::crosvm::{CrosvmConfig, DiskFile, PayloadState, VmContext, VmInstance, VmState};
use crate::debug_config::DebugConfig;
use crate::payload::{add_microdroid_payload_images, add_microdroid_system_images, add_microdroid_vendor_image};
use crate::selinux::{getfilecon, SeContext};
+use crate::reference_dt;
use android_os_permissions_aidl::aidl::android::os::IPermissionController;
use android_system_virtualizationcommon::aidl::android::system::virtualizationcommon::{
Certificate::Certificate,
@@ -71,25 +71,23 @@
use disk::QcowFile;
use glob::glob;
use lazy_static::lazy_static;
-use libfdt::Fdt;
use log::{debug, error, info, warn};
-use microdroid_payload_config::{OsConfig, Task, TaskType, VmPayloadConfig};
+use microdroid_payload_config::{ApkConfig, OsConfig, Task, TaskType, VmPayloadConfig};
use nix::unistd::pipe;
use rpcbinder::RpcServer;
use rustutils::system_properties;
use semver::VersionReq;
use std::collections::HashSet;
use std::convert::TryInto;
-use std::ffi::{CStr, CString};
+use std::ffi::CStr;
use std::fs::{canonicalize, read_dir, remove_file, File, OpenOptions};
-use std::io::{BufRead, BufReader, Error, ErrorKind, Write};
+use std::io::{BufRead, BufReader, Error, ErrorKind, Seek, SeekFrom, Write};
use std::iter;
use std::num::{NonZeroU16, NonZeroU32};
use std::os::unix::io::{FromRawFd, IntoRawFd};
use std::os::unix::raw::pid_t;
use std::path::{Path, PathBuf};
use std::sync::{Arc, Mutex, Weak};
-use vbmeta::VbMetaImage;
use vmconfig::VmConfig;
use vsock::VsockStream;
use zip::ZipArchive;
@@ -117,9 +115,6 @@
const UNFORMATTED_STORAGE_MAGIC: &str = "UNFORMATTED-STORAGE";
-/// Rough size for storing root digest of vendor hash descriptor into DTBO.
-const EMPTY_VENDOR_DT_OVERLAY_BUF_SIZE: usize = 10000;
-
/// crosvm requires all partitions to be a multiple of 4KiB.
const PARTITION_GRANULARITY_BYTES: u64 = 4096;
@@ -159,6 +154,9 @@
// We will anyway overwrite the file to the v4signature generated from input_fd.
}
+ output
+ .seek(SeekFrom::Start(0))
+ .context("failed to move cursor to start on the idsig output")?;
output.set_len(0).context("failed to set_len on the idsig output")?;
sig.write_into(&mut output).context("failed to write idsig")?;
Ok(())
@@ -243,9 +241,14 @@
.with_context(|| format!("Invalid size: {}", size_bytes))
.or_binder_exception(ExceptionCode::ILLEGAL_ARGUMENT)?;
let size_bytes = round_up(size_bytes, PARTITION_GRANULARITY_BYTES);
- let image = clone_file(image_fd)?;
+ let mut image = clone_file(image_fd)?;
// initialize the file. Any data in the file will be erased.
+ image
+ .seek(SeekFrom::Start(0))
+ .context("failed to move cursor to start")
+ .or_service_specific_exception(-1)?;
image.set_len(0).context("Failed to reset a file").or_service_specific_exception(-1)?;
+
let mut part = QcowFile::new(image, size_bytes)
.context("Failed to create QCOW2 image")
.or_service_specific_exception(-1)?;
@@ -362,21 +365,7 @@
// Allocating VM context checks the MANAGE_VIRTUAL_MACHINE permission.
let (vm_context, cid, temporary_directory) = self.create_vm_context(requester_debug_pid)?;
- let is_custom = match config {
- VirtualMachineConfig::RawConfig(_) => true,
- VirtualMachineConfig::AppConfig(config) => {
- // Some features are reserved for platform apps only, even when using
- // VirtualMachineAppConfig. Almost all of these features are grouped in the
- // CustomConfig struct:
- // - controlling CPUs;
- // - specifying a config file in the APK; (this one is not part of CustomConfig)
- // - gdbPort is set, meaning that crosvm will start a gdb server;
- // - using anything other than the default kernel;
- // - specifying devices to be assigned.
- config.customConfig.is_some() || matches!(config.payload, Payload::ConfigPath(_))
- }
- };
- if is_custom {
+ if is_custom_config(config) {
check_use_custom_virtual_machine()?;
}
@@ -387,25 +376,12 @@
check_gdb_allowed(config)?;
}
- let vendor_hashtree_descriptor_root_digest =
- extract_vendor_hashtree_descriptor_root_digest(config)
- .context("Failed to extract root digest of vendor")
- .or_service_specific_exception(-1)?;
- let dtbo_vendor = if let Some(vendor_hashtree_descriptor_root_digest) =
- vendor_hashtree_descriptor_root_digest
- {
- let root_digest_hex = hex::encode(vendor_hashtree_descriptor_root_digest);
- let dtbo_for_vendor_image = temporary_directory.join("dtbo_vendor");
- create_dtbo_for_vendor_image(root_digest_hex.as_bytes(), &dtbo_for_vendor_image)
- .context("Failed to write root digest of vendor")
- .or_service_specific_exception(-1)?;
- let file = File::open(dtbo_for_vendor_image)
- .context("Failed to open dtbo_vendor")
- .or_service_specific_exception(-1)?;
- Some(file)
- } else {
- None
- };
+ let reference_dt = reference_dt::parse_reference_dt(&temporary_directory)
+ .context("Failed to create VM reference DT")
+ .or_service_specific_exception(-1)?;
+ if reference_dt.is_none() {
+ warn!("VM reference DT doesn't exist");
+ }
let debug_level = match config {
VirtualMachineConfig::AppConfig(config) => config.debugLevel,
@@ -522,7 +498,7 @@
.getDtboFile()?
.as_ref()
.try_clone()
- .context("Failed to create File from ParcelFileDescriptor")
+ .context("Failed to create VM DTBO from ParcelFileDescriptor")
.or_binder_exception(ExceptionCode::BAD_PARCELABLE)?,
);
(devices, Some(dtbo_file))
@@ -555,7 +531,7 @@
gdb_port,
vfio_devices,
dtbo,
- dtbo_vendor,
+ reference_dt,
};
let instance = Arc::new(
VmInstance::new(
@@ -574,78 +550,33 @@
}
}
-fn extract_vendor_hashtree_descriptor_root_digest(
- config: &VirtualMachineConfig,
-) -> Result<Option<Vec<u8>>> {
- let VirtualMachineConfig::AppConfig(config) = config else {
- return Ok(None);
- };
- let Some(custom_config) = &config.customConfig else {
- return Ok(None);
- };
- let Some(file) = custom_config.vendorImage.as_ref() else {
- return Ok(None);
- };
-
- let file = clone_file(file)?;
- let size = file.metadata().context("Failed to get metadata from microdroid-vendor.img")?.len();
- let vbmeta = VbMetaImage::verify_reader_region(&file, 0, size)
- .context("Failed to get vbmeta from microdroid-vendor.img")?;
-
- for descriptor in vbmeta.descriptors()?.iter() {
- if let vbmeta::Descriptor::Hashtree(_) = descriptor {
- return Ok(Some(descriptor.to_hashtree()?.root_digest().to_vec()));
+/// Returns whether a VM config represents a "custom" virtual machine, which requires the
+/// USE_CUSTOM_VIRTUAL_MACHINE.
+fn is_custom_config(config: &VirtualMachineConfig) -> bool {
+ match config {
+ // Any raw (non-Microdroid) VM is considered custom.
+ VirtualMachineConfig::RawConfig(_) => true,
+ VirtualMachineConfig::AppConfig(config) => {
+ // Some features are reserved for platform apps only, even when using
+ // VirtualMachineAppConfig. Almost all of these features are grouped in the
+ // CustomConfig struct:
+ // - controlling CPUs;
+ // - gdbPort is set, meaning that crosvm will start a gdb server;
+ // - using anything other than the default kernel;
+ // - specifying devices to be assigned.
+ if config.customConfig.is_some() {
+ true
+ } else {
+ // Additional custom features not included in CustomConfig:
+ // - specifying a config file;
+ // - specifying extra APKs.
+ match &config.payload {
+ Payload::ConfigPath(_) => true,
+ Payload::PayloadConfig(payload_config) => !payload_config.extraApks.is_empty(),
+ }
+ }
}
}
- Err(anyhow!("No root digest is extracted from microdroid-vendor.img"))
-}
-
-fn create_dtbo_for_vendor_image(
- vendor_hashtree_descriptor_root_digest: &[u8],
- dtbo: &PathBuf,
-) -> Result<()> {
- if dtbo.exists() {
- return Err(anyhow!("DTBO file already exists"));
- }
-
- let mut buf = vec![0; EMPTY_VENDOR_DT_OVERLAY_BUF_SIZE];
- let fdt = Fdt::create_empty_tree(buf.as_mut_slice())
- .map_err(|e| anyhow!("Failed to create FDT: {:?}", e))?;
- let mut root = fdt.root_mut().map_err(|e| anyhow!("Failed to get root node: {:?}", e))?;
-
- let fragment_node_name = CString::new("fragment@0")?;
- let mut fragment_node = root
- .add_subnode(fragment_node_name.as_c_str())
- .map_err(|e| anyhow!("Failed to create fragment node: {:?}", e))?;
- let target_path_prop_name = CString::new("target-path")?;
- let target_path = CString::new("/")?;
- fragment_node
- .setprop(target_path_prop_name.as_c_str(), target_path.to_bytes_with_nul())
- .map_err(|e| anyhow!("Failed to set target-path: {:?}", e))?;
- let overlay_node_name = CString::new("__overlay__")?;
- let mut overlay_node = fragment_node
- .add_subnode(overlay_node_name.as_c_str())
- .map_err(|e| anyhow!("Failed to create overlay node: {:?}", e))?;
-
- let avf_node_name = CString::new("avf")?;
- let mut avf_node = overlay_node
- .add_subnode(avf_node_name.as_c_str())
- .map_err(|e| anyhow!("Failed to create avf node: {:?}", e))?;
- let vendor_hashtree_descriptor_root_digest_name =
- CString::new("vendor_hashtree_descriptor_root_digest")?;
- avf_node
- .setprop(
- vendor_hashtree_descriptor_root_digest_name.as_c_str(),
- vendor_hashtree_descriptor_root_digest,
- )
- .map_err(|e| {
- anyhow!("Failed to set avf/vendor_hashtree_descriptor_root_digest: {:?}", e)
- })?;
-
- fdt.pack().map_err(|e| anyhow!("Failed to pack fdt: {:?}", e))?;
- let mut file = File::create(dtbo)?;
- file.write_all(fdt.as_slice())?;
- Ok(file.flush()?)
}
fn write_zero_filler(zero_filler_path: &Path) -> Result<()> {
@@ -777,12 +708,28 @@
None
};
- let vm_payload_config = match &config.payload {
+ let vm_payload_config;
+ let extra_apk_files: Vec<_>;
+ match &config.payload {
Payload::ConfigPath(config_path) => {
- load_vm_payload_config_from_file(&apk_file, config_path.as_str())
- .with_context(|| format!("Couldn't read config from {}", config_path))?
+ vm_payload_config =
+ load_vm_payload_config_from_file(&apk_file, config_path.as_str())
+ .with_context(|| format!("Couldn't read config from {}", config_path))?;
+ extra_apk_files = vm_payload_config
+ .extra_apks
+ .iter()
+ .enumerate()
+ .map(|(i, apk)| {
+ File::open(PathBuf::from(&apk.path))
+ .with_context(|| format!("Failed to open extra apk #{i} {}", apk.path))
+ })
+ .collect::<Result<_>>()?;
}
- Payload::PayloadConfig(payload_config) => create_vm_payload_config(payload_config)?,
+ Payload::PayloadConfig(payload_config) => {
+ vm_payload_config = create_vm_payload_config(payload_config)?;
+ extra_apk_files =
+ payload_config.extraApks.iter().map(clone_file).collect::<binder::Result<_>>()?;
+ }
};
// For now, the only supported OS is Microdroid and Microdroid GKI
@@ -830,6 +777,7 @@
temporary_directory,
apk_file,
idsig_file,
+ extra_apk_files,
&vm_payload_config,
&mut vm_config,
)?;
@@ -857,11 +805,17 @@
let task = Task { type_: TaskType::MicrodroidLauncher, command: payload_binary_name.clone() };
let name = payload_config.osName.clone();
+
+ // The VM only cares about how many there are, these names are actually ignored.
+ let extra_apk_count = payload_config.extraApks.len();
+ let extra_apks =
+ (0..extra_apk_count).map(|i| ApkConfig { path: format!("extra-apk-{i}") }).collect();
+
Ok(VmPayloadConfig {
os: OsConfig { name },
task: Some(task),
apexes: vec![],
- extra_apks: vec![],
+ extra_apks,
prefer_staged: false,
export_tombstones: None,
enable_authfs: false,
@@ -1276,6 +1230,16 @@
Ok(())
}
+fn check_no_extra_apks(config: &VirtualMachineConfig) -> binder::Result<()> {
+ let VirtualMachineConfig::AppConfig(config) = config else { return Ok(()) };
+ let Payload::PayloadConfig(payload_config) = &config.payload else { return Ok(()) };
+ if !payload_config.extraApks.is_empty() {
+ return Err(anyhow!("multi-tenant feature is disabled"))
+ .or_binder_exception(ExceptionCode::UNSUPPORTED_OPERATION);
+ }
+ Ok(())
+}
+
fn check_config_features(config: &VirtualMachineConfig) -> binder::Result<()> {
if !cfg!(vendor_modules) {
check_no_vendor_modules(config)?;
@@ -1283,6 +1247,9 @@
if !cfg!(device_assignment) {
check_no_devices(config)?;
}
+ if !cfg!(multi_tenant) {
+ check_no_extra_apks(config)?;
+ }
Ok(())
}
@@ -1545,6 +1512,40 @@
}
#[test]
+ fn test_create_or_update_idsig_on_non_empty_file() -> Result<()> {
+ use std::io::Read;
+
+ // Pick any APK
+ let mut apk = File::open("/system/priv-app/Shell/Shell.apk").unwrap();
+ let idsig_empty = tempfile::tempfile().unwrap();
+ let mut idsig_invalid = tempfile::tempfile().unwrap();
+ idsig_invalid.write_all(b"Oops")?;
+
+ // Create new idsig
+ create_or_update_idsig_file(
+ &ParcelFileDescriptor::new(apk.try_clone()?),
+ &ParcelFileDescriptor::new(idsig_empty.try_clone()?),
+ )?;
+ apk.rewind()?;
+
+ // Update idsig_invalid
+ create_or_update_idsig_file(
+ &ParcelFileDescriptor::new(apk.try_clone()?),
+ &ParcelFileDescriptor::new(idsig_invalid.try_clone()?),
+ )?;
+
+ // Ensure the 2 idsig files have same size!
+ assert!(
+ idsig_empty.metadata()?.len() == idsig_invalid.metadata()?.len(),
+ "idsig files differ in size"
+ );
+ // Ensure the 2 idsig files have same content!
+ for (b1, b2) in idsig_empty.bytes().zip(idsig_invalid.bytes()) {
+ assert!(b1.unwrap() == b2.unwrap(), "idsig files differ")
+ }
+ Ok(())
+ }
+ #[test]
fn test_append_kernel_param_first_param() {
let mut vm_config = VirtualMachineRawConfig { ..Default::default() };
append_kernel_param("foo=1", &mut vm_config);
@@ -1559,65 +1560,6 @@
assert_eq!(vm_config.params, Some("foo=5 bar=42".to_owned()))
}
- #[test]
- fn test_create_dtbo_for_vendor_image() -> Result<()> {
- let vendor_hashtree_descriptor_root_digest = String::from("foo");
- let vendor_hashtree_descriptor_root_digest =
- vendor_hashtree_descriptor_root_digest.as_bytes();
-
- let tmp_dir = tempfile::TempDir::new()?;
- let dtbo_path = tmp_dir.path().to_path_buf().join("bar");
-
- create_dtbo_for_vendor_image(vendor_hashtree_descriptor_root_digest, &dtbo_path)?;
-
- let data = std::fs::read(dtbo_path)?;
- let fdt = Fdt::from_slice(&data).unwrap();
-
- let fragment_node_path = CString::new("/fragment@0")?;
- let fragment_node = fdt.node(fragment_node_path.as_c_str()).unwrap();
- let Some(fragment_node) = fragment_node else {
- bail!("fragment_node shouldn't be None.");
- };
- let target_path_prop_name = CString::new("target-path")?;
- let target_path_from_dtbo =
- fragment_node.getprop(target_path_prop_name.as_c_str()).unwrap();
- let target_path_expected = CString::new("/")?;
- assert_eq!(target_path_from_dtbo, Some(target_path_expected.to_bytes_with_nul()));
-
- let avf_node_path = CString::new("/fragment@0/__overlay__/avf")?;
- let avf_node = fdt.node(avf_node_path.as_c_str()).unwrap();
- let Some(avf_node) = avf_node else {
- bail!("avf_node shouldn't be None.");
- };
- let vendor_hashtree_descriptor_root_digest_name =
- CString::new("vendor_hashtree_descriptor_root_digest")?;
- let digest_from_dtbo =
- avf_node.getprop(vendor_hashtree_descriptor_root_digest_name.as_c_str()).unwrap();
- assert_eq!(digest_from_dtbo, Some(vendor_hashtree_descriptor_root_digest));
-
- tmp_dir.close()?;
- Ok(())
- }
-
- #[test]
- fn test_create_dtbo_for_vendor_image_throws_error_if_already_exists() -> Result<()> {
- let vendor_hashtree_descriptor_root_digest = String::from("foo");
- let vendor_hashtree_descriptor_root_digest =
- vendor_hashtree_descriptor_root_digest.as_bytes();
-
- let tmp_dir = tempfile::TempDir::new()?;
- let dtbo_path = tmp_dir.path().to_path_buf().join("bar");
-
- create_dtbo_for_vendor_image(vendor_hashtree_descriptor_root_digest, &dtbo_path)?;
-
- let ret_second_trial =
- create_dtbo_for_vendor_image(vendor_hashtree_descriptor_root_digest, &dtbo_path);
- assert!(ret_second_trial.is_err(), "should fail");
-
- tmp_dir.close()?;
- Ok(())
- }
-
fn test_extract_os_name_from_config_path(
path: &Path,
expected_result: Option<&str>,
diff --git a/virtualizationmanager/src/crosvm.rs b/virtualizationmanager/src/crosvm.rs
index 4b3478e..84c60bd 100644
--- a/virtualizationmanager/src/crosvm.rs
+++ b/virtualizationmanager/src/crosvm.rs
@@ -118,7 +118,7 @@
pub gdb_port: Option<NonZeroU16>,
pub vfio_devices: Vec<VfioDevice>,
pub dtbo: Option<File>,
- pub dtbo_vendor: Option<File>,
+ pub reference_dt: Option<File>,
}
/// A disk image to pass to crosvm for a VM.
@@ -810,8 +810,10 @@
}
if config.host_cpu_topology {
- // TODO(b/266664564): replace with --host-cpu-topology once available
- if let Some(cpus) = get_num_cpus() {
+ if cfg!(virt_cpufreq) {
+ command.arg("--host-cpu-topology");
+ command.arg("--virt-cpufreq");
+ } else if let Some(cpus) = get_num_cpus() {
command.arg("--cpus").arg(cpus.to_string());
} else {
bail!("Could not determine the number of CPUs in the system");
@@ -894,8 +896,10 @@
.arg("--socket")
.arg(add_preserved_fd(&mut preserved_fds, &control_server_socket.as_raw_descriptor()));
- if let Some(dtbo_vendor) = &config.dtbo_vendor {
- command.arg("--device-tree-overlay").arg(add_preserved_fd(&mut preserved_fds, dtbo_vendor));
+ if let Some(reference_dt) = &config.reference_dt {
+ command
+ .arg("--device-tree-overlay")
+ .arg(add_preserved_fd(&mut preserved_fds, reference_dt));
}
append_platform_devices(&mut command, &mut preserved_fds, &config)?;
diff --git a/virtualizationmanager/src/debug_config.rs b/virtualizationmanager/src/debug_config.rs
index 003a7d4..e2b657a 100644
--- a/virtualizationmanager/src/debug_config.rs
+++ b/virtualizationmanager/src/debug_config.rs
@@ -45,7 +45,7 @@
// unwrap() is safe for to_str() because node_path and prop_name were &str.
PathBuf::from(
[
- "/sys/firmware/devicetree/base",
+ "/proc/device-tree",
self.node_path.to_str().unwrap(),
"/",
self.prop_name.to_str().unwrap(),
diff --git a/virtualizationmanager/src/main.rs b/virtualizationmanager/src/main.rs
index f058547..2e542c3 100644
--- a/virtualizationmanager/src/main.rs
+++ b/virtualizationmanager/src/main.rs
@@ -20,6 +20,7 @@
mod crosvm;
mod debug_config;
mod payload;
+mod reference_dt;
mod selinux;
use crate::aidl::{GLOBAL_SERVICE, VirtualizationService};
@@ -27,7 +28,7 @@
use anyhow::{bail, Context, Result};
use binder::{BinderFeatures, ProcessState};
use lazy_static::lazy_static;
-use log::{info, Level};
+use log::{info, LevelFilter};
use rpcbinder::{FileDescriptorTransportMode, RpcServer};
use std::os::unix::io::{FromRawFd, OwnedFd, RawFd};
use clap::Parser;
@@ -107,8 +108,8 @@
android_logger::init_once(
android_logger::Config::default()
.with_tag(LOG_TAG)
- .with_min_level(Level::Info)
- .with_log_id(android_logger::LogId::System),
+ .with_max_level(LevelFilter::Info)
+ .with_log_buffer(android_logger::LogId::System),
);
check_vm_support().unwrap();
diff --git a/virtualizationmanager/src/payload.rs b/virtualizationmanager/src/payload.rs
index c19c103..05626d3 100644
--- a/virtualizationmanager/src/payload.rs
+++ b/virtualizationmanager/src/payload.rs
@@ -194,7 +194,8 @@
let payload_metadata = match &app_config.payload {
Payload::PayloadConfig(payload_config) => PayloadMetadata::Config(PayloadConfig {
payload_binary_name: payload_config.payloadBinaryName.clone(),
- ..Default::default()
+ extra_apk_count: payload_config.extraApks.len().try_into()?,
+ special_fields: Default::default(),
}),
Payload::ConfigPath(config_path) => {
PayloadMetadata::ConfigPath(format!("/mnt/apk/{}", config_path))
@@ -258,10 +259,11 @@
debug_config: &DebugConfig,
apk_file: File,
idsig_file: File,
+ extra_apk_files: Vec<File>,
vm_payload_config: &VmPayloadConfig,
temporary_directory: &Path,
) -> Result<DiskImage> {
- if vm_payload_config.extra_apks.len() != app_config.extraIdsigs.len() {
+ if extra_apk_files.len() != app_config.extraIdsigs.len() {
bail!(
"payload config has {} apks, but app config has {} idsigs",
vm_payload_config.extra_apks.len(),
@@ -309,26 +311,23 @@
});
// we've already checked that extra_apks and extraIdsigs are in the same size.
- let extra_apks = &vm_payload_config.extra_apks;
let extra_idsigs = &app_config.extraIdsigs;
- for (i, (extra_apk, extra_idsig)) in extra_apks.iter().zip(extra_idsigs.iter()).enumerate() {
+ for (i, (extra_apk_file, extra_idsig)) in
+ extra_apk_files.into_iter().zip(extra_idsigs.iter()).enumerate()
+ {
partitions.push(Partition {
- label: format!("extra-apk-{}", i),
- image: Some(ParcelFileDescriptor::new(
- File::open(PathBuf::from(&extra_apk.path)).with_context(|| {
- format!("Failed to open the extra apk #{} {}", i, extra_apk.path)
- })?,
- )),
+ label: format!("extra-apk-{i}"),
+ image: Some(ParcelFileDescriptor::new(extra_apk_file)),
writable: false,
});
partitions.push(Partition {
- label: format!("extra-idsig-{}", i),
+ label: format!("extra-idsig-{i}"),
image: Some(ParcelFileDescriptor::new(
extra_idsig
.as_ref()
.try_clone()
- .with_context(|| format!("Failed to clone the extra idsig #{}", i))?,
+ .with_context(|| format!("Failed to clone the extra idsig #{i}"))?,
)),
writable: false,
});
@@ -459,12 +458,14 @@
Ok(())
}
+#[allow(clippy::too_many_arguments)] // TODO: Fewer arguments
pub fn add_microdroid_payload_images(
config: &VirtualMachineAppConfig,
debug_config: &DebugConfig,
temporary_directory: &Path,
apk_file: File,
idsig_file: File,
+ extra_apk_files: Vec<File>,
vm_payload_config: &VmPayloadConfig,
vm_config: &mut VirtualMachineRawConfig,
) -> Result<()> {
@@ -473,6 +474,7 @@
debug_config,
apk_file,
idsig_file,
+ extra_apk_files,
vm_payload_config,
temporary_directory,
)?);
diff --git a/virtualizationmanager/src/reference_dt.rs b/virtualizationmanager/src/reference_dt.rs
new file mode 100644
index 0000000..797ee3c
--- /dev/null
+++ b/virtualizationmanager/src/reference_dt.rs
@@ -0,0 +1,93 @@
+// Copyright 2024, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Functions for VM reference DT
+
+use anyhow::{anyhow, Result};
+use cstr::cstr;
+use fsfdt::FsFdt;
+use libfdt::Fdt;
+use std::fs;
+use std::fs::File;
+use std::path::Path;
+
+const VM_REFERENCE_DT_ON_HOST_PATH: &str = "/proc/device-tree/avf/reference";
+const VM_REFERENCE_DT_NAME: &str = "vm_reference_dt.dtbo";
+const VM_REFERENCE_DT_MAX_SIZE: usize = 2000;
+
+// Parses to VM reference if exists.
+// TODO(b/318431695): Allow to parse from custom VM reference DT
+pub(crate) fn parse_reference_dt(out_dir: &Path) -> Result<Option<File>> {
+ parse_reference_dt_internal(
+ Path::new(VM_REFERENCE_DT_ON_HOST_PATH),
+ &out_dir.join(VM_REFERENCE_DT_NAME),
+ )
+}
+
+fn parse_reference_dt_internal(dir_path: &Path, fdt_path: &Path) -> Result<Option<File>> {
+ if !dir_path.exists() || fs::read_dir(dir_path)?.next().is_none() {
+ return Ok(None);
+ }
+
+ let mut data = vec![0_u8; VM_REFERENCE_DT_MAX_SIZE];
+
+ let fdt = Fdt::create_empty_tree(&mut data)
+ .map_err(|e| anyhow!("Failed to create an empty DT, {e:?}"))?;
+ let mut root = fdt.root_mut().map_err(|e| anyhow!("Failed to find the DT root, {e:?}"))?;
+ let mut fragment = root
+ .add_subnode(cstr!("fragment@0"))
+ .map_err(|e| anyhow!("Failed to create the fragment@0, {e:?}"))?;
+ fragment
+ .setprop(cstr!("target-path"), b"/\0")
+ .map_err(|e| anyhow!("Failed to set target-path, {e:?}"))?;
+ fragment
+ .add_subnode(cstr!("__overlay__"))
+ .map_err(|e| anyhow!("Failed to create the __overlay__, {e:?}"))?;
+
+ fdt.append(cstr!("/fragment@0/__overlay__"), dir_path)?;
+
+ fdt.pack().map_err(|e| anyhow!("Failed to pack VM reference DT, {e:?}"))?;
+ fs::write(fdt_path, fdt.as_slice())?;
+
+ Ok(Some(File::open(fdt_path)?))
+}
+
+#[cfg(test)]
+mod tests {
+ use super::*;
+
+ #[test]
+ fn test_parse_reference_dt_from_empty_dir() {
+ let empty_dir = tempfile::TempDir::new().unwrap();
+ let test_dir = tempfile::TempDir::new().unwrap();
+
+ let empty_dir_path = empty_dir.path();
+ let fdt_path = test_dir.path().join("test.dtb");
+
+ let fdt_file = parse_reference_dt_internal(empty_dir_path, &fdt_path).unwrap();
+
+ assert!(fdt_file.is_none());
+ }
+
+ #[test]
+ fn test_parse_reference_dt_from_empty_reference() {
+ let fdt_file = parse_reference_dt_internal(
+ Path::new("/this/path/would/not/exists"),
+ Path::new("test.dtb"),
+ )
+ .unwrap();
+
+ assert!(fdt_file.is_none());
+ }
+}
diff --git a/virtualizationservice/aidl/android/system/virtualizationservice/VirtualMachinePayloadConfig.aidl b/virtualizationservice/aidl/android/system/virtualizationservice/VirtualMachinePayloadConfig.aidl
index f3f54f3..7ca5b62 100644
--- a/virtualizationservice/aidl/android/system/virtualizationservice/VirtualMachinePayloadConfig.aidl
+++ b/virtualizationservice/aidl/android/system/virtualizationservice/VirtualMachinePayloadConfig.aidl
@@ -28,4 +28,7 @@
* Name of the OS to run the payload. Currently "microdroid" and "microdroid_gki" is supported.
*/
@utf8InCpp String osName = "microdroid";
+
+ /** Any extra APKs. */
+ List<ParcelFileDescriptor> extraApks;
}
diff --git a/virtualizationservice/src/main.rs b/virtualizationservice/src/main.rs
index ea073bf..ad21e89 100644
--- a/virtualizationservice/src/main.rs
+++ b/virtualizationservice/src/main.rs
@@ -27,7 +27,7 @@
use android_system_virtualizationservice_internal::aidl::android::system::virtualizationservice_internal::IVirtualizationServiceInternal::BnVirtualizationServiceInternal;
use anyhow::Error;
use binder::{register_lazy_service, BinderFeatures, ProcessState, ThreadState};
-use log::{info, Level};
+use log::{info, LevelFilter};
use std::fs::{create_dir, read_dir};
use std::os::unix::raw::{pid_t, uid_t};
use std::path::Path;
@@ -48,8 +48,8 @@
android_logger::init_once(
Config::default()
.with_tag(LOG_TAG)
- .with_min_level(Level::Info)
- .with_log_id(android_logger::LogId::System)
+ .with_max_level(LevelFilter::Info)
+ .with_log_buffer(android_logger::LogId::System)
.with_filter(
// Reduce logspam by silencing logs from the disk crate which don't provide much
// information to us.
diff --git a/virtualizationservice/vfio_handler/src/main.rs b/virtualizationservice/vfio_handler/src/main.rs
index 1a1cce8..318d134 100644
--- a/virtualizationservice/vfio_handler/src/main.rs
+++ b/virtualizationservice/vfio_handler/src/main.rs
@@ -24,7 +24,7 @@
IVfioHandler,
};
use binder::{register_lazy_service, BinderFeatures, ProcessState};
-use log::{info, Level};
+use log::{info, LevelFilter};
const LOG_TAG: &str = "VfioHandler";
@@ -32,8 +32,8 @@
android_logger::init_once(
Config::default()
.with_tag(LOG_TAG)
- .with_min_level(Level::Info)
- .with_log_id(android_logger::LogId::System),
+ .with_max_level(LevelFilter::Info)
+ .with_log_buffer(android_logger::LogId::System),
);
let service = VfioHandler::init();
diff --git a/vm/src/main.rs b/vm/src/main.rs
index 5c07eed..de9291c 100644
--- a/vm/src/main.rs
+++ b/vm/src/main.rs
@@ -34,7 +34,7 @@
#[derive(Debug)]
struct Idsigs(Vec<PathBuf>);
-#[derive(Args)]
+#[derive(Args, Default)]
/// Collection of flags that are at VM level and therefore applicable to all subcommands
pub struct CommonConfig {
/// Name of VM
@@ -59,7 +59,7 @@
protected: bool,
}
-#[derive(Args)]
+#[derive(Args, Default)]
/// Collection of flags for debugging
pub struct DebugConfig {
/// Debug level of the VM. Supported values: "full" (default), and "none".
@@ -84,7 +84,7 @@
gdb: Option<NonZeroU16>,
}
-#[derive(Args)]
+#[derive(Args, Default)]
/// Collection of flags that are Microdroid specific
pub struct MicrodroidConfig {
/// Path to the file backing the storage.
@@ -145,7 +145,7 @@
}
}
-#[derive(Args)]
+#[derive(Args, Default)]
/// Flags for the run_app subcommand
pub struct RunAppConfig {
#[command(flatten)]
@@ -175,12 +175,30 @@
#[arg(alias = "payload_path")]
payload_binary_name: Option<String>,
+ /// Paths to extra apk files.
+ #[cfg(multi_tenant)]
+ #[arg(long = "extra-apk")]
+ #[clap(conflicts_with = "config_path")]
+ extra_apks: Vec<PathBuf>,
+
/// Paths to extra idsig files.
#[arg(long = "extra-idsig")]
extra_idsigs: Vec<PathBuf>,
}
-#[derive(Args)]
+impl RunAppConfig {
+ #[cfg(multi_tenant)]
+ fn extra_apks(&self) -> &[PathBuf] {
+ &self.extra_apks
+ }
+
+ #[cfg(not(multi_tenant))]
+ fn extra_apks(&self) -> &[PathBuf] {
+ &[]
+ }
+}
+
+#[derive(Args, Default)]
/// Flags for the run_microdroid subcommand
pub struct RunMicrodroidConfig {
#[command(flatten)]
@@ -199,7 +217,7 @@
work_dir: Option<PathBuf>,
}
-#[derive(Args)]
+#[derive(Args, Default)]
/// Flags for the run subcommand
pub struct RunCustomVmConfig {
#[command(flatten)]
diff --git a/vm/src/run.rs b/vm/src/run.rs
index cfc5454..1d2f48b 100644
--- a/vm/src/run.rs
+++ b/vm/src/run.rs
@@ -48,7 +48,7 @@
let extra_apks = match config.config_path.as_deref() {
Some(path) => parse_extra_apk_list(&config.apk, path)?,
- None => vec![],
+ None => config.extra_apks().to_vec(),
};
if extra_apks.len() != config.extra_idsigs.len() {
@@ -101,8 +101,7 @@
let vendor =
config.microdroid.vendor().as_ref().map(|p| open_parcel_file(p, false)).transpose()?;
- let extra_idsig_files: Result<Vec<File>, _> =
- config.extra_idsigs.iter().map(File::open).collect();
+ let extra_idsig_files: Result<Vec<_>, _> = config.extra_idsigs.iter().map(File::open).collect();
let extra_idsig_fds = extra_idsig_files?.into_iter().map(ParcelFileDescriptor::new).collect();
let payload = if let Some(config_path) = config.config_path {
@@ -119,9 +118,14 @@
} else {
"microdroid".to_owned()
};
+
+ let extra_apk_files: Result<Vec<_>, _> = extra_apks.iter().map(File::open).collect();
+ let extra_apk_fds = extra_apk_files?.into_iter().map(ParcelFileDescriptor::new).collect();
+
Payload::PayloadConfig(VirtualMachinePayloadConfig {
payloadBinaryName: payload_binary_name,
osName: os_name,
+ extraApks: extra_apk_fds,
})
} else {
bail!("Either --config-path or --payload-binary-name must be defined")
@@ -208,9 +212,8 @@
apk,
idsig,
instance: instance_img,
- config_path: None,
payload_binary_name: Some("MicrodroidEmptyPayloadJniLib.so".to_owned()),
- extra_idsigs: [].to_vec(),
+ ..Default::default()
};
command_run_app(app_config)
}
@@ -310,11 +313,11 @@
Ok(())
}
-fn parse_extra_apk_list(apk: &Path, config_path: &str) -> Result<Vec<String>, Error> {
+fn parse_extra_apk_list(apk: &Path, config_path: &str) -> Result<Vec<PathBuf>, Error> {
let mut archive = ZipArchive::new(File::open(apk)?)?;
let config_file = archive.by_name(config_path)?;
let config: VmPayloadConfig = serde_json::from_reader(config_file)?;
- Ok(config.extra_apks.into_iter().map(|x| x.path).collect())
+ Ok(config.extra_apks.into_iter().map(|x| x.path.into()).collect())
}
struct Callback {}
diff --git a/vm_payload/src/api.rs b/vm_payload/src/api.rs
index c76f2d3..7978059 100644
--- a/vm_payload/src/api.rs
+++ b/vm_payload/src/api.rs
@@ -24,7 +24,7 @@
Strong, ExceptionCode,
};
use lazy_static::lazy_static;
-use log::{error, info, Level};
+use log::{error, info, LevelFilter};
use rpcbinder::{RpcServer, RpcSession};
use openssl::{ec::EcKey, sha::sha256, ecdsa::EcdsaSig};
use std::convert::Infallible;
@@ -67,7 +67,7 @@
/// Make sure our logging goes to logcat. It is harmless to call this more than once.
fn initialize_logging() {
android_logger::init_once(
- android_logger::Config::default().with_tag("vm_payload").with_min_level(Level::Info),
+ android_logger::Config::default().with_tag("vm_payload").with_max_level(LevelFilter::Info),
);
}