Rename "signature" to "metadata"
Bug: 186396424
Test: atest ApexTestCases MicrodroidHostTestCases
Change-Id: Id401d33edc6c6d4aba2b5982c8ab75820faea793
diff --git a/microdroid/signature/Android.bp b/microdroid/payload/Android.bp
similarity index 67%
rename from microdroid/signature/Android.bp
rename to microdroid/payload/Android.bp
index 1ce7805..5ea6c10 100644
--- a/microdroid/signature/Android.bp
+++ b/microdroid/payload/Android.bp
@@ -3,11 +3,11 @@
}
cc_defaults {
- name: "microdroid_signature_default",
+ name: "microdroid_metadata_default",
host_supported: true,
srcs: [
- "microdroid_signature.proto",
- "signature.cc",
+ "metadata.proto",
+ "metadata.cc",
],
shared_libs: [
"libbase",
@@ -17,32 +17,32 @@
}
cc_library_static {
- name: "lib_microdroid_signature_proto",
+ name: "lib_microdroid_metadata_proto",
proto: {
export_proto_headers: true,
type: "full",
},
- defaults: ["microdroid_signature_default"],
+ defaults: ["microdroid_metadata_default"],
}
cc_library_static {
- name: "lib_microdroid_signature_proto_lite",
+ name: "lib_microdroid_metadata_proto_lite",
recovery_available: true,
proto: {
export_proto_headers: true,
type: "lite",
},
- defaults: ["microdroid_signature_default"],
+ defaults: ["microdroid_metadata_default"],
apex_available: [
"com.android.virt",
],
}
rust_protobuf {
- name: "libmicrodroid_signature_proto_rust",
- crate_name: "microdroid_signature",
- protos: ["microdroid_signature.proto"],
- source_stem: "microdroid_signature",
+ name: "libmicrodroid_metadata_proto_rust",
+ crate_name: "microdroid_metadata",
+ protos: ["metadata.proto"],
+ source_stem: "microdroid_metadata",
host_supported: true,
}
@@ -59,7 +59,7 @@
"libz",
],
static_libs: [
- "lib_microdroid_signature_proto_lite",
+ "lib_microdroid_metadata_proto_lite",
"libcdisk_spec",
"libext2_uuid",
"libimage_aggregator",
diff --git a/microdroid/signature/README.md b/microdroid/payload/README.md
similarity index 67%
rename from microdroid/signature/README.md
rename to microdroid/payload/README.md
index bc97106..b76eead 100644
--- a/microdroid/signature/README.md
+++ b/microdroid/payload/README.md
@@ -1,36 +1,38 @@
# Microdroid Payload
-Payload disk is a composite disk referencing host APEXes and an APK so that microdroid
-reads activates APEXes and executes a binary within the APK.
+Payload disk is a composite disk image referencing host APEXes and an APK so that microdroid
+mounts/activates APK/APEXes and executes a binary within the APK.
-## Format
+## Partitions
Payload disk has 1 + N(number of APEX/APK payloads) partitions.
-The first partition is a Microdroid Signature partition which describes other partitions.
+The first partition is a "metadata" partition which describes other partitions.
And APEXes and an APK are following as separate partitions.
For now, the order of partitions are important.
-* partition 1: Microdroid Signature
+* partition 1: Metadata partition
* partition 2 ~ n: APEX payloads
* partition n + 1: APK payload
It's subject to change in the future, though.
-### Microdroid Signature
+### Metadata partition
-Microdroid Signature contains the signatures of the payloads so that the payloads are
-verified inside the Guest OS.
+Metadata partition provides description of the other partitions and the location for VM payload
+configuration.
-Microdroid Signature is composed of header and body.
+The partition is a protobuf message prefixed with the size of the message.
| offset | size | description |
|--------|------|----------------------------------------------------------------|
| 0 | 4 | Header. unsigned int32: body length(L) in big endian |
-| 4 | L | Body. A protobuf message. [schema](microdroid_signature.proto) |
+| 4 | L | Body. A protobuf message. [schema](metadata.proto) |
-### Payload Partitions
+### Payload partitions
+
+Each payload partition presents APEX or APK passed from the host.
At the end of each payload partition the size of the original payload file (APEX or APK) is stored
in 4-byte big endian.
@@ -48,7 +50,8 @@
### `mk_payload`
-`mk_payload` creates a payload image.
+`mk_payload` creates a payload composite disk image as described in a JSON which is intentionlly
+similar to the schema of VM payload config.
```
$ cat payload_config.json
@@ -73,7 +76,7 @@
payload.img
payload-footer.img
payload-header.img
-payload-signature.img
+payload-metadata.img
payload.img.0 # fillers
payload.img.1
...
diff --git a/microdroid/signature/include/microdroid/signature.h b/microdroid/payload/include/microdroid/metadata.h
similarity index 74%
rename from microdroid/signature/include/microdroid/signature.h
rename to microdroid/payload/include/microdroid/metadata.h
index abacd6e..9e3c907 100644
--- a/microdroid/signature/include/microdroid/signature.h
+++ b/microdroid/payload/include/microdroid/metadata.h
@@ -17,7 +17,7 @@
#pragma once
#include <android-base/result.h>
-#include <microdroid_signature.pb.h>
+#include <metadata.pb.h>
#include <iostream>
#include <string>
@@ -25,10 +25,9 @@
namespace android {
namespace microdroid {
-base::Result<MicrodroidSignature> ReadMicrodroidSignature(const std::string& path);
+base::Result<Metadata> ReadMetadata(const std::string& path);
-base::Result<void> WriteMicrodroidSignature(const MicrodroidSignature& signature,
- std::ostream& out);
+base::Result<void> WriteMetadata(const Metadata& metadata, std::ostream& out);
} // namespace microdroid
} // namespace android
diff --git a/microdroid/signature/signature.cc b/microdroid/payload/metadata.cc
similarity index 74%
rename from microdroid/signature/signature.cc
rename to microdroid/payload/metadata.cc
index 446159e..07083e9 100644
--- a/microdroid/signature/signature.cc
+++ b/microdroid/payload/metadata.cc
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-#include "microdroid/signature.h"
+#include "microdroid/metadata.h"
#include <android-base/endian.h>
#include <android-base/file.h>
@@ -26,7 +26,7 @@
namespace android {
namespace microdroid {
-Result<MicrodroidSignature> ReadMicrodroidSignature(const std::string& path) {
+Result<Metadata> ReadMetadata(const std::string& path) {
std::string content;
if (!base::ReadFileToString(path, &content)) {
return ErrnoError() << "Failed to read " << path;
@@ -36,27 +36,27 @@
uint32_t size;
const size_t length_prefix_bytes = sizeof(size);
if (content.size() < length_prefix_bytes) {
- return Error() << "Invalid signature: size == " << content.size();
+ return Error() << "Invalid metadata: size == " << content.size();
}
size = be32toh(*reinterpret_cast<uint32_t*>(content.data()));
if (content.size() < length_prefix_bytes + size) {
- return Error() << "Invalid signature: size(" << size << ") mimatches to the content size("
+ return Error() << "Invalid metadata: size(" << size << ") mimatches to the content size("
<< content.size() - length_prefix_bytes << ")";
}
content = content.substr(length_prefix_bytes, size);
// parse content
- MicrodroidSignature signature;
- if (!signature.ParseFromString(content)) {
- return Error() << "Can't parse MicrodroidSignature from " << path;
+ Metadata metadata;
+ if (!metadata.ParseFromString(content)) {
+ return Error() << "Can't parse Metadata from " << path;
}
- return signature;
+ return metadata;
}
-Result<void> WriteMicrodroidSignature(const MicrodroidSignature& signature, std::ostream& out) {
+Result<void> WriteMetadata(const Metadata& metadata, std::ostream& out) {
// prepare content
std::string content;
- if (!signature.SerializeToString(&content)) {
+ if (!metadata.SerializeToString(&content)) {
return Error() << "Failed to write protobuf.";
}
diff --git a/microdroid/signature/microdroid_signature.proto b/microdroid/payload/metadata.proto
similarity index 72%
rename from microdroid/signature/microdroid_signature.proto
rename to microdroid/payload/metadata.proto
index 6ae3756..0fa0650 100644
--- a/microdroid/signature/microdroid_signature.proto
+++ b/microdroid/payload/metadata.proto
@@ -18,27 +18,23 @@
package android.microdroid;
-// Microdroid Signature is the body of the signature partition.
-message MicrodroidSignature {
+// Metadata is the body of the "metadata" partition
+message Metadata {
uint32 version = 1;
- // Lists the signature information of the payload apexes.
- // The payload apexes are mapped to the partitions following the signature partition.
- repeated ApexSignature apexes = 2;
+ repeated ApexPayload apexes = 2;
- ApkSignature apk = 3;
+ ApkPayload apk = 3;
string payload_config_path = 4;
}
-message ApexSignature {
+message ApexPayload {
// Required.
// The apex name.
string name = 1;
- // Required.
- // The original size of the apex file.
- uint32 size = 2;
+ string partition_name = 2;
// Optional.
// When specified, the public key used to sign the apex should match with it.
@@ -49,11 +45,12 @@
string rootDigest = 4;
}
-message ApkSignature {
+message ApkPayload {
// Required.
// The name of APK.
string name = 1;
string payload_partition_name = 2;
+
string idsig_partition_name = 3;
}
diff --git a/microdroid/signature/mk_payload.cc b/microdroid/payload/mk_payload.cc
similarity index 85%
rename from microdroid/signature/mk_payload.cc
rename to microdroid/payload/mk_payload.cc
index 9caf788..1da71de 100644
--- a/microdroid/signature/mk_payload.cc
+++ b/microdroid/payload/mk_payload.cc
@@ -30,17 +30,17 @@
#include <image_aggregator.h>
#include <json/json.h>
-#include "microdroid/signature.h"
+#include "microdroid/metadata.h"
using android::base::Dirname;
using android::base::ErrnoError;
using android::base::Error;
using android::base::Result;
using android::base::unique_fd;
-using android::microdroid::ApexSignature;
-using android::microdroid::ApkSignature;
-using android::microdroid::MicrodroidSignature;
-using android::microdroid::WriteMicrodroidSignature;
+using android::microdroid::ApexPayload;
+using android::microdroid::ApkPayload;
+using android::microdroid::Metadata;
+using android::microdroid::WriteMetadata;
using com::android::apex::ApexInfoList;
using com::android::apex::readApexInfoList;
@@ -94,7 +94,9 @@
struct Config {
std::string dirname; // config file's direname to resolve relative paths in the config
+ // TODO(b/185956069) remove this when VirtualizationService can provide apex paths
std::vector<std::string> system_apexes;
+
std::vector<ApexConfig> apexes;
std::optional<ApkConfig> apk;
std::optional<std::string> payload_config_path;
@@ -199,47 +201,40 @@
return {};
}
-Result<void> MakeSignature(const Config& config, const std::string& filename) {
- MicrodroidSignature signature;
- signature.set_version(1);
+Result<void> MakeMetadata(const Config& config, const std::string& filename) {
+ Metadata metadata;
+ metadata.set_version(1);
for (const auto& apex_config : config.apexes) {
- ApexSignature* apex_signature = signature.add_apexes();
+ auto* apex = metadata.add_apexes();
// name
- apex_signature->set_name(apex_config.name);
-
- // size
- auto file_size = GetFileSize(ToAbsolute(apex_config.path, config.dirname));
- if (!file_size.ok()) {
- return Error() << "I/O error: " << file_size.error();
- }
- apex_signature->set_size(file_size.value());
+ apex->set_name(apex_config.name);
// publicKey
if (apex_config.public_key.has_value()) {
- apex_signature->set_publickey(apex_config.public_key.value());
+ apex->set_publickey(apex_config.public_key.value());
}
// rootDigest
if (apex_config.root_digest.has_value()) {
- apex_signature->set_rootdigest(apex_config.root_digest.value());
+ apex->set_rootdigest(apex_config.root_digest.value());
}
}
if (config.apk.has_value()) {
- ApkSignature* apk_signature = signature.mutable_apk();
- apk_signature->set_name(config.apk->name);
- apk_signature->set_payload_partition_name("microdroid-apk");
+ auto* apk = metadata.mutable_apk();
+ apk->set_name(config.apk->name);
+ apk->set_payload_partition_name("microdroid-apk");
// TODO(jooyung): set idsig partition as well
}
if (config.payload_config_path.has_value()) {
- *signature.mutable_payload_config_path() = config.payload_config_path.value();
+ *metadata.mutable_payload_config_path() = config.payload_config_path.value();
}
std::ofstream out(filename);
- return WriteMicrodroidSignature(signature, out);
+ return WriteMetadata(metadata, out);
}
Result<void> GenerateFiller(const std::string& file_path, const std::string& filler_path) {
@@ -266,14 +261,14 @@
return {};
}
-Result<void> MakePayload(const Config& config, const std::string& signature_file,
+Result<void> MakePayload(const Config& config, const std::string& metadata_file,
const std::string& output_file) {
std::vector<MultipleImagePartition> partitions;
- // put signature at the first partition
+ // put metadata at the first partition
partitions.push_back(MultipleImagePartition{
- .label = "signature",
- .image_file_paths = {signature_file},
+ .label = "metadata",
+ .image_file_paths = {metadata_file},
.type = kLinuxFilesystem,
.read_only = true,
});
@@ -335,13 +330,13 @@
}
const std::string output_file(argv[2]);
- const std::string signature_file = AppendFileName(output_file, "-signature");
+ const std::string metadata_file = AppendFileName(output_file, "-metadata");
- if (const auto res = MakeSignature(*config, signature_file); !res.ok()) {
+ if (const auto res = MakeMetadata(*config, metadata_file); !res.ok()) {
std::cerr << res.error() << '\n';
return 1;
}
- if (const auto res = MakePayload(*config, signature_file, output_file); !res.ok()) {
+ if (const auto res = MakePayload(*config, metadata_file, output_file); !res.ok()) {
std::cerr << res.error() << '\n';
return 1;
}
diff --git a/microdroid/sepolicy/system/private/microdroid_manager.te b/microdroid/sepolicy/system/private/microdroid_manager.te
index ce55ba8..f2feca2 100644
--- a/microdroid/sepolicy/system/private/microdroid_manager.te
+++ b/microdroid/sepolicy/system/private/microdroid_manager.te
@@ -6,7 +6,7 @@
# allow domain transition from init
init_daemon_domain(microdroid_manager)
-# microdroid_manager accesses /dev/block/by-name/signature which points to
+# microdroid_manager accesses /dev/block/by-name/metadata which points to
# a /dev/vd* block device file.
allow microdroid_manager block_device:dir r_dir_perms;
allow microdroid_manager block_device:lnk_file r_file_perms;