Rename "signature" to "metadata"
Bug: 186396424
Test: atest ApexTestCases MicrodroidHostTestCases
Change-Id: Id401d33edc6c6d4aba2b5982c8ab75820faea793
diff --git a/microdroid/signature/Android.bp b/microdroid/payload/Android.bp
similarity index 67%
rename from microdroid/signature/Android.bp
rename to microdroid/payload/Android.bp
index 1ce7805..5ea6c10 100644
--- a/microdroid/signature/Android.bp
+++ b/microdroid/payload/Android.bp
@@ -3,11 +3,11 @@
}
cc_defaults {
- name: "microdroid_signature_default",
+ name: "microdroid_metadata_default",
host_supported: true,
srcs: [
- "microdroid_signature.proto",
- "signature.cc",
+ "metadata.proto",
+ "metadata.cc",
],
shared_libs: [
"libbase",
@@ -17,32 +17,32 @@
}
cc_library_static {
- name: "lib_microdroid_signature_proto",
+ name: "lib_microdroid_metadata_proto",
proto: {
export_proto_headers: true,
type: "full",
},
- defaults: ["microdroid_signature_default"],
+ defaults: ["microdroid_metadata_default"],
}
cc_library_static {
- name: "lib_microdroid_signature_proto_lite",
+ name: "lib_microdroid_metadata_proto_lite",
recovery_available: true,
proto: {
export_proto_headers: true,
type: "lite",
},
- defaults: ["microdroid_signature_default"],
+ defaults: ["microdroid_metadata_default"],
apex_available: [
"com.android.virt",
],
}
rust_protobuf {
- name: "libmicrodroid_signature_proto_rust",
- crate_name: "microdroid_signature",
- protos: ["microdroid_signature.proto"],
- source_stem: "microdroid_signature",
+ name: "libmicrodroid_metadata_proto_rust",
+ crate_name: "microdroid_metadata",
+ protos: ["metadata.proto"],
+ source_stem: "microdroid_metadata",
host_supported: true,
}
@@ -59,7 +59,7 @@
"libz",
],
static_libs: [
- "lib_microdroid_signature_proto_lite",
+ "lib_microdroid_metadata_proto_lite",
"libcdisk_spec",
"libext2_uuid",
"libimage_aggregator",
diff --git a/microdroid/signature/README.md b/microdroid/payload/README.md
similarity index 67%
rename from microdroid/signature/README.md
rename to microdroid/payload/README.md
index bc97106..b76eead 100644
--- a/microdroid/signature/README.md
+++ b/microdroid/payload/README.md
@@ -1,36 +1,38 @@
# Microdroid Payload
-Payload disk is a composite disk referencing host APEXes and an APK so that microdroid
-reads activates APEXes and executes a binary within the APK.
+Payload disk is a composite disk image referencing host APEXes and an APK so that microdroid
+mounts/activates APK/APEXes and executes a binary within the APK.
-## Format
+## Partitions
Payload disk has 1 + N(number of APEX/APK payloads) partitions.
-The first partition is a Microdroid Signature partition which describes other partitions.
+The first partition is a "metadata" partition which describes other partitions.
And APEXes and an APK are following as separate partitions.
For now, the order of partitions are important.
-* partition 1: Microdroid Signature
+* partition 1: Metadata partition
* partition 2 ~ n: APEX payloads
* partition n + 1: APK payload
It's subject to change in the future, though.
-### Microdroid Signature
+### Metadata partition
-Microdroid Signature contains the signatures of the payloads so that the payloads are
-verified inside the Guest OS.
+Metadata partition provides description of the other partitions and the location for VM payload
+configuration.
-Microdroid Signature is composed of header and body.
+The partition is a protobuf message prefixed with the size of the message.
| offset | size | description |
|--------|------|----------------------------------------------------------------|
| 0 | 4 | Header. unsigned int32: body length(L) in big endian |
-| 4 | L | Body. A protobuf message. [schema](microdroid_signature.proto) |
+| 4 | L | Body. A protobuf message. [schema](metadata.proto) |
-### Payload Partitions
+### Payload partitions
+
+Each payload partition presents APEX or APK passed from the host.
At the end of each payload partition the size of the original payload file (APEX or APK) is stored
in 4-byte big endian.
@@ -48,7 +50,8 @@
### `mk_payload`
-`mk_payload` creates a payload image.
+`mk_payload` creates a payload composite disk image as described in a JSON which is intentionlly
+similar to the schema of VM payload config.
```
$ cat payload_config.json
@@ -73,7 +76,7 @@
payload.img
payload-footer.img
payload-header.img
-payload-signature.img
+payload-metadata.img
payload.img.0 # fillers
payload.img.1
...
diff --git a/microdroid/signature/include/microdroid/signature.h b/microdroid/payload/include/microdroid/metadata.h
similarity index 74%
rename from microdroid/signature/include/microdroid/signature.h
rename to microdroid/payload/include/microdroid/metadata.h
index abacd6e..9e3c907 100644
--- a/microdroid/signature/include/microdroid/signature.h
+++ b/microdroid/payload/include/microdroid/metadata.h
@@ -17,7 +17,7 @@
#pragma once
#include <android-base/result.h>
-#include <microdroid_signature.pb.h>
+#include <metadata.pb.h>
#include <iostream>
#include <string>
@@ -25,10 +25,9 @@
namespace android {
namespace microdroid {
-base::Result<MicrodroidSignature> ReadMicrodroidSignature(const std::string& path);
+base::Result<Metadata> ReadMetadata(const std::string& path);
-base::Result<void> WriteMicrodroidSignature(const MicrodroidSignature& signature,
- std::ostream& out);
+base::Result<void> WriteMetadata(const Metadata& metadata, std::ostream& out);
} // namespace microdroid
} // namespace android
diff --git a/microdroid/signature/signature.cc b/microdroid/payload/metadata.cc
similarity index 74%
rename from microdroid/signature/signature.cc
rename to microdroid/payload/metadata.cc
index 446159e..07083e9 100644
--- a/microdroid/signature/signature.cc
+++ b/microdroid/payload/metadata.cc
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-#include "microdroid/signature.h"
+#include "microdroid/metadata.h"
#include <android-base/endian.h>
#include <android-base/file.h>
@@ -26,7 +26,7 @@
namespace android {
namespace microdroid {
-Result<MicrodroidSignature> ReadMicrodroidSignature(const std::string& path) {
+Result<Metadata> ReadMetadata(const std::string& path) {
std::string content;
if (!base::ReadFileToString(path, &content)) {
return ErrnoError() << "Failed to read " << path;
@@ -36,27 +36,27 @@
uint32_t size;
const size_t length_prefix_bytes = sizeof(size);
if (content.size() < length_prefix_bytes) {
- return Error() << "Invalid signature: size == " << content.size();
+ return Error() << "Invalid metadata: size == " << content.size();
}
size = be32toh(*reinterpret_cast<uint32_t*>(content.data()));
if (content.size() < length_prefix_bytes + size) {
- return Error() << "Invalid signature: size(" << size << ") mimatches to the content size("
+ return Error() << "Invalid metadata: size(" << size << ") mimatches to the content size("
<< content.size() - length_prefix_bytes << ")";
}
content = content.substr(length_prefix_bytes, size);
// parse content
- MicrodroidSignature signature;
- if (!signature.ParseFromString(content)) {
- return Error() << "Can't parse MicrodroidSignature from " << path;
+ Metadata metadata;
+ if (!metadata.ParseFromString(content)) {
+ return Error() << "Can't parse Metadata from " << path;
}
- return signature;
+ return metadata;
}
-Result<void> WriteMicrodroidSignature(const MicrodroidSignature& signature, std::ostream& out) {
+Result<void> WriteMetadata(const Metadata& metadata, std::ostream& out) {
// prepare content
std::string content;
- if (!signature.SerializeToString(&content)) {
+ if (!metadata.SerializeToString(&content)) {
return Error() << "Failed to write protobuf.";
}
diff --git a/microdroid/signature/microdroid_signature.proto b/microdroid/payload/metadata.proto
similarity index 72%
rename from microdroid/signature/microdroid_signature.proto
rename to microdroid/payload/metadata.proto
index 6ae3756..0fa0650 100644
--- a/microdroid/signature/microdroid_signature.proto
+++ b/microdroid/payload/metadata.proto
@@ -18,27 +18,23 @@
package android.microdroid;
-// Microdroid Signature is the body of the signature partition.
-message MicrodroidSignature {
+// Metadata is the body of the "metadata" partition
+message Metadata {
uint32 version = 1;
- // Lists the signature information of the payload apexes.
- // The payload apexes are mapped to the partitions following the signature partition.
- repeated ApexSignature apexes = 2;
+ repeated ApexPayload apexes = 2;
- ApkSignature apk = 3;
+ ApkPayload apk = 3;
string payload_config_path = 4;
}
-message ApexSignature {
+message ApexPayload {
// Required.
// The apex name.
string name = 1;
- // Required.
- // The original size of the apex file.
- uint32 size = 2;
+ string partition_name = 2;
// Optional.
// When specified, the public key used to sign the apex should match with it.
@@ -49,11 +45,12 @@
string rootDigest = 4;
}
-message ApkSignature {
+message ApkPayload {
// Required.
// The name of APK.
string name = 1;
string payload_partition_name = 2;
+
string idsig_partition_name = 3;
}
diff --git a/microdroid/signature/mk_payload.cc b/microdroid/payload/mk_payload.cc
similarity index 85%
rename from microdroid/signature/mk_payload.cc
rename to microdroid/payload/mk_payload.cc
index 9caf788..1da71de 100644
--- a/microdroid/signature/mk_payload.cc
+++ b/microdroid/payload/mk_payload.cc
@@ -30,17 +30,17 @@
#include <image_aggregator.h>
#include <json/json.h>
-#include "microdroid/signature.h"
+#include "microdroid/metadata.h"
using android::base::Dirname;
using android::base::ErrnoError;
using android::base::Error;
using android::base::Result;
using android::base::unique_fd;
-using android::microdroid::ApexSignature;
-using android::microdroid::ApkSignature;
-using android::microdroid::MicrodroidSignature;
-using android::microdroid::WriteMicrodroidSignature;
+using android::microdroid::ApexPayload;
+using android::microdroid::ApkPayload;
+using android::microdroid::Metadata;
+using android::microdroid::WriteMetadata;
using com::android::apex::ApexInfoList;
using com::android::apex::readApexInfoList;
@@ -94,7 +94,9 @@
struct Config {
std::string dirname; // config file's direname to resolve relative paths in the config
+ // TODO(b/185956069) remove this when VirtualizationService can provide apex paths
std::vector<std::string> system_apexes;
+
std::vector<ApexConfig> apexes;
std::optional<ApkConfig> apk;
std::optional<std::string> payload_config_path;
@@ -199,47 +201,40 @@
return {};
}
-Result<void> MakeSignature(const Config& config, const std::string& filename) {
- MicrodroidSignature signature;
- signature.set_version(1);
+Result<void> MakeMetadata(const Config& config, const std::string& filename) {
+ Metadata metadata;
+ metadata.set_version(1);
for (const auto& apex_config : config.apexes) {
- ApexSignature* apex_signature = signature.add_apexes();
+ auto* apex = metadata.add_apexes();
// name
- apex_signature->set_name(apex_config.name);
-
- // size
- auto file_size = GetFileSize(ToAbsolute(apex_config.path, config.dirname));
- if (!file_size.ok()) {
- return Error() << "I/O error: " << file_size.error();
- }
- apex_signature->set_size(file_size.value());
+ apex->set_name(apex_config.name);
// publicKey
if (apex_config.public_key.has_value()) {
- apex_signature->set_publickey(apex_config.public_key.value());
+ apex->set_publickey(apex_config.public_key.value());
}
// rootDigest
if (apex_config.root_digest.has_value()) {
- apex_signature->set_rootdigest(apex_config.root_digest.value());
+ apex->set_rootdigest(apex_config.root_digest.value());
}
}
if (config.apk.has_value()) {
- ApkSignature* apk_signature = signature.mutable_apk();
- apk_signature->set_name(config.apk->name);
- apk_signature->set_payload_partition_name("microdroid-apk");
+ auto* apk = metadata.mutable_apk();
+ apk->set_name(config.apk->name);
+ apk->set_payload_partition_name("microdroid-apk");
// TODO(jooyung): set idsig partition as well
}
if (config.payload_config_path.has_value()) {
- *signature.mutable_payload_config_path() = config.payload_config_path.value();
+ *metadata.mutable_payload_config_path() = config.payload_config_path.value();
}
std::ofstream out(filename);
- return WriteMicrodroidSignature(signature, out);
+ return WriteMetadata(metadata, out);
}
Result<void> GenerateFiller(const std::string& file_path, const std::string& filler_path) {
@@ -266,14 +261,14 @@
return {};
}
-Result<void> MakePayload(const Config& config, const std::string& signature_file,
+Result<void> MakePayload(const Config& config, const std::string& metadata_file,
const std::string& output_file) {
std::vector<MultipleImagePartition> partitions;
- // put signature at the first partition
+ // put metadata at the first partition
partitions.push_back(MultipleImagePartition{
- .label = "signature",
- .image_file_paths = {signature_file},
+ .label = "metadata",
+ .image_file_paths = {metadata_file},
.type = kLinuxFilesystem,
.read_only = true,
});
@@ -335,13 +330,13 @@
}
const std::string output_file(argv[2]);
- const std::string signature_file = AppendFileName(output_file, "-signature");
+ const std::string metadata_file = AppendFileName(output_file, "-metadata");
- if (const auto res = MakeSignature(*config, signature_file); !res.ok()) {
+ if (const auto res = MakeMetadata(*config, metadata_file); !res.ok()) {
std::cerr << res.error() << '\n';
return 1;
}
- if (const auto res = MakePayload(*config, signature_file, output_file); !res.ok()) {
+ if (const auto res = MakePayload(*config, metadata_file, output_file); !res.ok()) {
std::cerr << res.error() << '\n';
return 1;
}
diff --git a/microdroid/sepolicy/system/private/microdroid_manager.te b/microdroid/sepolicy/system/private/microdroid_manager.te
index ce55ba8..f2feca2 100644
--- a/microdroid/sepolicy/system/private/microdroid_manager.te
+++ b/microdroid/sepolicy/system/private/microdroid_manager.te
@@ -6,7 +6,7 @@
# allow domain transition from init
init_daemon_domain(microdroid_manager)
-# microdroid_manager accesses /dev/block/by-name/signature which points to
+# microdroid_manager accesses /dev/block/by-name/metadata which points to
# a /dev/vd* block device file.
allow microdroid_manager block_device:dir r_dir_perms;
allow microdroid_manager block_device:lnk_file r_file_perms;
diff --git a/microdroid_manager/Android.bp b/microdroid_manager/Android.bp
index 38d500c..ea811c8 100644
--- a/microdroid_manager/Android.bp
+++ b/microdroid_manager/Android.bp
@@ -12,7 +12,7 @@
"libandroid_logger",
"libanyhow",
"liblog_rust",
- "libmicrodroid_signature_proto_rust",
+ "libmicrodroid_metadata_proto_rust",
"libprotobuf",
"libserde_json",
"libserde",
diff --git a/microdroid_manager/src/main.rs b/microdroid_manager/src/main.rs
index fbbe8f3..1ab17d5 100644
--- a/microdroid_manager/src/main.rs
+++ b/microdroid_manager/src/main.rs
@@ -15,8 +15,8 @@
//! Microdroid Manager
mod ioutil;
+mod metadata;
mod payload_config;
-mod signature;
use android_logger::Config;
use log::{info, Level};
@@ -32,9 +32,9 @@
info!("started.");
- let signature = signature::load()?;
- if !signature.payload_config_path.is_empty() {
- let config = VmPayloadConfig::load_from(Path::new(&signature.payload_config_path))?;
+ let metadata = metadata::load()?;
+ if !metadata.payload_config_path.is_empty() {
+ let config = VmPayloadConfig::load_from(Path::new(&metadata.payload_config_path))?;
if let Some(main_task) = &config.task {
exec(main_task)?;
}
diff --git a/microdroid_manager/src/metadata.rs b/microdroid_manager/src/metadata.rs
new file mode 100644
index 0000000..4f7d7af
--- /dev/null
+++ b/microdroid_manager/src/metadata.rs
@@ -0,0 +1,39 @@
+// Copyright 2021, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Payload metadata from /dev/block/by-name/metadata
+
+use log::info;
+use microdroid_metadata::metadata::Metadata;
+use protobuf::Message;
+use std::fs::File;
+use std::io;
+use std::io::Read;
+
+const METADATA_PATH: &str = "/dev/block/by-name/metadata";
+
+/// loads payload metadata from /dev/block/by-name/metadata
+pub fn load() -> io::Result<Metadata> {
+ info!("loading payload metadata...");
+
+ let mut f = File::open(METADATA_PATH)?;
+ // metadata partition is
+ // 4 bytes : size(N) in big endian
+ // N bytes : message for Metadata
+ let mut buf = [0u8; 4];
+ f.read_exact(&mut buf)?;
+ let size = i32::from_be_bytes(buf);
+
+ Ok(Metadata::parse_from_reader(&mut f.take(size as u64))?)
+}
diff --git a/microdroid_manager/src/signature.rs b/microdroid_manager/src/signature.rs
deleted file mode 100644
index 4f06885..0000000
--- a/microdroid_manager/src/signature.rs
+++ /dev/null
@@ -1,40 +0,0 @@
-// Copyright 2021, The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-//! MicrodroidSignature from /dev/block/by-name/signature
-//! TODO(jooyung): migrate to "metadata" partition
-
-use log::info;
-use microdroid_signature::microdroid_signature::MicrodroidSignature;
-use protobuf::Message;
-use std::fs::File;
-use std::io;
-use std::io::Read;
-
-const SIGNATURE_PATH: &str = "/dev/block/by-name/signature";
-
-/// loads microdroid_signature from /dev/block/by-name/signature
-pub fn load() -> io::Result<MicrodroidSignature> {
- info!("loading signature...");
-
- let mut f = File::open(SIGNATURE_PATH)?;
- // signature partition is
- // 4 bytes : size(N) in big endian
- // N bytes : message for MicrodroidSignature
- let mut buf = [0u8; 4];
- f.read_exact(&mut buf)?;
- let size = i32::from_be_bytes(buf);
-
- Ok(MicrodroidSignature::parse_from_reader(&mut f.take(size as u64))?)
-}