Restrict setting cpu affinity or task profiles
Require the USE_CUSTOM_VIRTUAL_MACHINE permission so that only
platform signed code can use these features.
Bug: 243513572
Test: atest MicrodroidTests MicrodroidHostTestCases
Tests: composd_cmd test-compile
Change-Id: I2735995789d12aae57217f0b9b0b493055f11843
diff --git a/virtualizationservice/src/aidl.rs b/virtualizationservice/src/aidl.rs
index 352b4f1..dcc2d48 100644
--- a/virtualizationservice/src/aidl.rs
+++ b/virtualizationservice/src/aidl.rs
@@ -596,6 +596,12 @@
config: &VirtualMachineAppConfig,
temporary_directory: &Path,
) -> Result<VirtualMachineRawConfig> {
+ // Controlling CPUs is reserved for platform apps only, even when using
+ // VirtualMachineAppConfig.
+ if config.cpuAffinity.is_some() || !config.taskProfiles.is_empty() {
+ check_use_custom_virtual_machine()?
+ }
+
let apk_file = clone_file(config.apk.as_ref().unwrap())?;
let idsig_file = clone_file(config.idsig.as_ref().unwrap())?;
let instance_file = clone_file(config.instanceImage.as_ref().unwrap())?;