Merge "[rkpvm] Decide whether VM is protected using FDT property" into main
diff --git a/android/VmLauncherApp/java/com/android/virtualization/vmlauncher/MainActivity.java b/android/VmLauncherApp/java/com/android/virtualization/vmlauncher/MainActivity.java
index 9004c07..d837c04 100644
--- a/android/VmLauncherApp/java/com/android/virtualization/vmlauncher/MainActivity.java
+++ b/android/VmLauncherApp/java/com/android/virtualization/vmlauncher/MainActivity.java
@@ -46,6 +46,7 @@
import android.util.Log;
import android.view.InputDevice;
import android.view.KeyEvent;
+import android.view.SurfaceControl;
import android.view.SurfaceHolder;
import android.view.SurfaceView;
import android.view.View;
@@ -497,7 +498,11 @@
if (mCursorHandler != null) {
mCursorHandler.interrupt();
}
- mCursorHandler = new CursorHandler(cursorSurfaceView, pfds[0]);
+ mCursorHandler =
+ new CursorHandler(
+ surfaceView.getSurfaceControl(),
+ cursorSurfaceView.getSurfaceControl(),
+ pfds[0]);
mCursorHandler.start();
runWithDisplayService(
(service) -> service.setCursorStream(pfds[1]));
@@ -763,12 +768,16 @@
}
static class CursorHandler extends Thread {
- private final SurfaceView mSurfaceView;
+ private final SurfaceControl mCursor;
private final ParcelFileDescriptor mStream;
+ private final SurfaceControl.Transaction mTransaction;
- CursorHandler(SurfaceView s, ParcelFileDescriptor stream) {
- mSurfaceView = s;
+ CursorHandler(SurfaceControl main, SurfaceControl cursor, ParcelFileDescriptor stream) {
+ mCursor = cursor;
mStream = stream;
+ mTransaction = new SurfaceControl.Transaction();
+
+ mTransaction.reparent(cursor, main).apply();
}
@Override
@@ -795,11 +804,7 @@
}
float x = (float) (byteBuffer.getInt() & 0xFFFFFFFF);
float y = (float) (byteBuffer.getInt() & 0xFFFFFFFF);
- mSurfaceView.post(
- () -> {
- mSurfaceView.setTranslationX(x);
- mSurfaceView.setTranslationY(y);
- });
+ mTransaction.setPosition(mCursor, x, y).apply();
}
} catch (IOException e) {
Log.e(TAG, "failed to run CursorHandler", e);
diff --git a/build/Android.bp b/build/Android.bp
index 3b6b8b5..66cc626 100644
--- a/build/Android.bp
+++ b/build/Android.bp
@@ -18,86 +18,50 @@
default_applicable_licenses: ["Android-Apache-2.0"],
}
-soong_config_module_type {
- name: "avf_flag_aware_rust_defaults",
- module_type: "rust_defaults",
- config_namespace: "ANDROID",
- bool_variables: [
- "release_avf_enable_device_assignment",
- "release_avf_enable_dice_changes",
- "release_avf_enable_llpvm_changes",
- "release_avf_enable_multi_tenant_microdroid_vm",
- "release_avf_enable_network",
- "release_avf_enable_remote_attestation",
- "release_avf_enable_vendor_modules",
- "release_avf_enable_virt_cpufreq",
- "release_avf_support_custom_vm_with_paravirtualized_devices",
- ],
- properties: [
- "cfgs",
- ],
-}
-
-avf_flag_aware_rust_defaults {
+rust_defaults {
name: "avf_build_flags_rust",
- soong_config_variables: {
- release_avf_enable_device_assignment: {
- cfgs: ["device_assignment"],
- },
- release_avf_enable_dice_changes: {
- cfgs: ["dice_changes"],
- },
- release_avf_enable_llpvm_changes: {
- cfgs: ["llpvm_changes"],
- },
- release_avf_enable_multi_tenant_microdroid_vm: {
- cfgs: ["multi_tenant"],
- },
- release_avf_enable_network: {
- cfgs: ["network"],
- },
- release_avf_enable_remote_attestation: {
- cfgs: ["remote_attestation"],
- },
- release_avf_enable_vendor_modules: {
- cfgs: ["vendor_modules"],
- },
- release_avf_enable_virt_cpufreq: {
- cfgs: ["virt_cpufreq"],
- },
- release_avf_support_custom_vm_with_paravirtualized_devices: {
- cfgs: ["paravirtualized_devices"],
- },
- },
+ cfgs: select(release_flag("RELEASE_AVF_ENABLE_DEVICE_ASSIGNMENT"), {
+ true: ["device_assignment"],
+ default: [],
+ }) + select(release_flag("RELEASE_AVF_ENABLE_DICE_CHANGES"), {
+ true: ["dice_changes"],
+ default: [],
+ }) + select(release_flag("RELEASE_AVF_ENABLE_LLPVM_CHANGES"), {
+ true: ["llpvm_changes"],
+ default: [],
+ }) + select(release_flag("RELEASE_AVF_ENABLE_MULTI_TENANT_MICRODROID_VM"), {
+ true: ["multi_tenant"],
+ default: [],
+ }) + select(release_flag("RELEASE_AVF_ENABLE_NETWORK"), {
+ true: ["network"],
+ default: [],
+ }) + select(release_flag("RELEASE_AVF_ENABLE_REMOTE_ATTESTATION"), {
+ true: ["remote_attestation"],
+ default: [],
+ }) + select(release_flag("RELEASE_AVF_ENABLE_VENDOR_MODULES"), {
+ true: ["vendor_modules"],
+ default: [],
+ }) + select(release_flag("RELEASE_AVF_ENABLE_VIRT_CPUFREQ"), {
+ true: ["virt_cpufreq"],
+ default: [],
+ }) + select(release_flag("RELEASE_AVF_SUPPORT_CUSTOM_VM_WITH_PARAVIRTUALIZED_DEVICES"), {
+ true: ["paravirtualized_devices"],
+ default: [],
+ }),
}
-soong_config_module_type {
- name: "avf_flag_aware_cc_defaults",
- module_type: "cc_defaults",
- config_namespace: "ANDROID",
- bool_variables: [
- "release_avf_enable_dice_changes",
- "release_avf_enable_vendor_modules",
- "release_avf_enable_virt_cpufreq",
- ],
- properties: [
- "cflags",
- ],
-}
-
-avf_flag_aware_cc_defaults {
+cc_defaults {
name: "avf_build_flags_cc",
- soong_config_variables: {
- release_avf_enable_dice_changes: {
- cflags: ["-DAVF_OPEN_DICE_CHANGES=1"],
- },
- release_avf_enable_vendor_modules: {
- cflags: ["-DAVF_ENABLE_VENDOR_MODULES=1"],
- },
- release_avf_enable_virt_cpufreq: {
- cflags: ["-DAVF_ENABLE_VIRT_CPUFREQ=1"],
- },
- },
+ cflags: select(release_flag("RELEASE_AVF_ENABLE_DICE_CHANGES"), {
+ true: ["-DAVF_OPEN_DICE_CHANGES=1"],
+ default: [],
+ }) + select(release_flag("RELEASE_AVF_ENABLE_VENDOR_MODULES"), {
+ true: ["-DAVF_ENABLE_VENDOR_MODULES=1"],
+ default: [],
+ }) + select(release_flag("RELEASE_AVF_ENABLE_VIRT_CPUFREQ"), {
+ true: ["-DAVF_ENABLE_VIRT_CPUFREQ=1"],
+ default: [],
+ }),
}
genrule_defaults {
diff --git a/guest/kernel/Android.bp b/guest/kernel/Android.bp
index 7a8af90..19cdc49 100644
--- a/guest/kernel/Android.bp
+++ b/guest/kernel/Android.bp
@@ -26,66 +26,30 @@
// large-scale-change unable to identify any license_text files
}
-soong_config_module_type {
- name: "avf_microdroid_kernel_prebuilt",
- module_type: "filegroup",
- config_namespace: "ANDROID",
- variables: [
- "release_avf_microdroid_kernel_version",
- ],
- properties: [
- "srcs",
- ],
-}
-
-soong_config_string_variable {
- name: "release_avf_microdroid_kernel_version",
- values: [
- "android14_61",
- "android15_66",
- ],
-}
-
-avf_microdroid_kernel_prebuilt {
+filegroup {
name: "microdroid_kernel_prebuilt-arm64",
// Below are properties that are conditionally set depending on value of build flags.
- soong_config_variables: {
- release_avf_microdroid_kernel_version: {
- android14_61: {
- srcs: ["android14-6.1/arm64/kernel-6.1"],
- },
- android15_66: {
- srcs: ["android15-6.6/arm64/kernel-6.6"],
- },
- // In case release configuration doesn't specify value of the
- // RELEASE_AVF_MICRODROID_KERNEL_VERSION fallback to the kernel we
- // already released.
- // TODO(b/298011555): remove this once we set the flag in all release configs.
- conditions_default: {
- srcs: ["android14-6.1/arm64/kernel-6.1"],
- },
- },
- },
+ srcs: select(release_flag("RELEASE_AVF_MICRODROID_KERNEL_VERSION"), {
+ "android14_61": ["android14-6.1/arm64/kernel-6.1"],
+ "android15_66": ["android15-6.6/arm64/kernel-6.6"],
+ // In case release configuration doesn't specify value of the
+ // RELEASE_AVF_MICRODROID_KERNEL_VERSION fallback to the kernel we
+ // already released.
+ // TODO(b/298011555): remove this once we set the flag in all release configs.
+ default: ["android14-6.1/arm64/kernel-6.1"],
+ }),
}
-avf_microdroid_kernel_prebuilt {
+filegroup {
name: "microdroid_kernel_prebuilt-x86_64",
// Below are properties that are conditionally set depending on value of build flags.
- soong_config_variables: {
- release_avf_microdroid_kernel_version: {
- android14_61: {
- srcs: ["android14-6.1/x86_64/kernel-6.1"],
- },
- android15_66: {
- srcs: ["android15-6.6/x86_64/kernel-6.6"],
- },
- // In case release configuration doesn't specify value of the
- // RELEASE_AVF_MICRODROID_KERNEL_VERSION fallback to the kernel we
- // already released.
- // TODO(b/298011555): remove this once we set the flag in all release configs.
- conditions_default: {
- srcs: ["android14-6.1/x86_64/kernel-6.1"],
- },
- },
- },
+ srcs: select(release_flag("RELEASE_AVF_MICRODROID_KERNEL_VERSION"), {
+ "android14_61": ["android14-6.1/x86_64/kernel-6.1"],
+ "android15_66": ["android15-6.6/x86_64/kernel-6.6"],
+ // In case release configuration doesn't specify value of the
+ // RELEASE_AVF_MICRODROID_KERNEL_VERSION fallback to the kernel we
+ // already released.
+ // TODO(b/298011555): remove this once we set the flag in all release configs.
+ default: ["android14-6.1/x86_64/kernel-6.1"],
+ }),
}
diff --git a/tests/vm_accessor/accessor/Android.bp b/tests/vm_accessor/accessor/Android.bp
index d9d1026..7c0ee6d 100644
--- a/tests/vm_accessor/accessor/Android.bp
+++ b/tests/vm_accessor/accessor/Android.bp
@@ -21,11 +21,11 @@
"libenv_logger",
"libglob",
"libhypervisor_props",
- "liblibc",
"liblog_rust",
"libmicrodroid_payload_config",
"librand",
"libvmconfig",
"libvmclient",
+ "libnix",
],
}
diff --git a/tests/vm_accessor/accessor/src/run.rs b/tests/vm_accessor/accessor/src/run.rs
index 03aa80d..932baab 100644
--- a/tests/vm_accessor/accessor/src/run.rs
+++ b/tests/vm_accessor/accessor/src/run.rs
@@ -26,11 +26,10 @@
use glob::glob;
use log::{error, info};
use rand::{distributions::Alphanumeric, Rng};
-use std::fs;
-use std::fs::File;
-use std::io;
-use std::os::unix::io::{AsRawFd, FromRawFd};
+use std::fs::{self, File};
+use std::io::{self, BufRead, BufReader};
use std::path::PathBuf;
+use std::thread;
use vmclient::{ErrorCode, VmInstance};
use vmconfig::open_parcel_file;
@@ -126,9 +125,9 @@
let vm = VmInstance::create(
service.as_ref(),
&vm_config,
- Some(duplicate_fd(io::stdout())?), /* console_out */
- None, /* console_in */
- Some(duplicate_fd(io::stdout())?), /* log */
+ Some(android_log_fd()?), /* console_out */
+ None, /* console_in */
+ Some(android_log_fd()?), /* log */
Some(Box::new(Callback {})),
)
.context("Failed to create VM")?;
@@ -159,17 +158,24 @@
}
}
-/// Safely duplicate the file descriptor.
-fn duplicate_fd<T: AsRawFd>(file: T) -> io::Result<File> {
- let fd = file.as_raw_fd();
- // SAFETY: This just duplicates a file descriptor which we know to be valid, and we check for an
- // an error.
- let dup_fd = unsafe { libc::dup(fd) };
- if dup_fd < 0 {
- Err(io::Error::last_os_error())
- } else {
- // SAFETY: We have just duplicated the file descriptor so we own it, and `from_raw_fd` takes
- // ownership of it.
- Ok(unsafe { File::from_raw_fd(dup_fd) })
- }
+/// This function is only exposed for testing.
+/// Production code prefer not expose logs from VM.
+fn android_log_fd() -> io::Result<File> {
+ let (reader_fd, writer_fd) = nix::unistd::pipe()?;
+
+ let reader = File::from(reader_fd);
+ let writer = File::from(writer_fd);
+
+ thread::spawn(|| {
+ for line in BufReader::new(reader).lines() {
+ match line {
+ Ok(l) => info!("{}", l),
+ Err(e) => {
+ error!("Failed to read line from VM: {e:?}");
+ break;
+ }
+ }
+ }
+ });
+ Ok(writer)
}