[VirtMgr] Allow host-controlled avf/untrusted prop
Allow addition of properties at /avf/untrusted in the DT overlay
created by virtmgr. While I'm here, refactor reference_dt into
dt_overlay to allow this & remove confusion of reference DT which from
the pt. of view of pVM is expected from ABL.
Include (a hardcoded) instance_id of VM in the DT overlay!
Test: vm_shell start-microdroid --auto-connect
Test: Check /proc/device-tree/avf/untrusted/instance-id has value of hardcoded id in non-protected VM
Test: atest virtualizationmanager_device_test
Bug: 291213394
Change-Id: I4ffa8a051532714bba091e7112e757e8b3b651fc
diff --git a/virtualizationmanager/src/aidl.rs b/virtualizationmanager/src/aidl.rs
index 602c670..ca23305 100644
--- a/virtualizationmanager/src/aidl.rs
+++ b/virtualizationmanager/src/aidl.rs
@@ -19,9 +19,9 @@
use crate::composite::make_composite_image;
use crate::crosvm::{CrosvmConfig, DiskFile, PayloadState, VmContext, VmInstance, VmState};
use crate::debug_config::DebugConfig;
+use crate::dt_overlay::{create_device_tree_overlay, DtAddition, VM_REFERENCE_DT_ON_HOST_PATH, VM_DT_OVERLAY_MAX_SIZE, VM_DT_OVERLAY_PATH};
use crate::payload::{add_microdroid_payload_images, add_microdroid_system_images, add_microdroid_vendor_image};
use crate::selinux::{getfilecon, SeContext};
-use crate::reference_dt;
use android_os_permissions_aidl::aidl::android::os::IPermissionController;
use android_system_virtualizationcommon::aidl::android::system::virtualizationcommon::{
Certificate::Certificate,
@@ -68,6 +68,7 @@
Status, StatusCode, Strong,
IntoBinderResult,
};
+use cstr::cstr;
use disk::QcowFile;
use glob::glob;
use lazy_static::lazy_static;
@@ -79,6 +80,7 @@
use semver::VersionReq;
use std::collections::HashSet;
use std::convert::TryInto;
+use std::fs;
use std::ffi::CStr;
use std::fs::{canonicalize, read_dir, remove_file, File, OpenOptions};
use std::io::{BufRead, BufReader, Error, ErrorKind, Seek, SeekFrom, Write};
@@ -376,13 +378,35 @@
check_gdb_allowed(config)?;
}
- let reference_dt = reference_dt::parse_reference_dt(&temporary_directory)
- .context("Failed to create VM reference DT")
- .or_service_specific_exception(-1)?;
- if reference_dt.is_none() {
- warn!("VM reference DT doesn't exist");
+ // Currently, VirtMgr adds the host copy of reference DT & an untrusted prop (instance-id)
+ let mut dt_additions = Vec::with_capacity(2);
+ let host_ref_dt = Path::new(VM_REFERENCE_DT_ON_HOST_PATH);
+ if host_ref_dt.exists()
+ && read_dir(host_ref_dt).or_service_specific_exception(-1)?.next().is_some()
+ {
+ dt_additions.push(DtAddition::FromPath(host_ref_dt));
+ } else {
+ warn!("VM reference DT doesn't exist in host DT");
}
+ if cfg!(llpvm_changes) {
+ // TODO(b/291213394): Replace this with a per-VM instance Id.
+ let instance_id = b"sixtyfourbyteslonghardcoded_indeed_sixtyfourbyteslonghardcoded_h";
+ dt_additions.push(DtAddition::AvfUntrustedProp(cstr!("instance-id"), &instance_id[..]));
+ }
+
+ let device_tree_overlay = if !dt_additions.is_empty() {
+ let dt_output = temporary_directory.join(VM_DT_OVERLAY_PATH);
+ let mut data = [0_u8; VM_DT_OVERLAY_MAX_SIZE];
+ let fdt = create_device_tree_overlay(&mut data, &dt_additions)
+ .map_err(|e| anyhow!("Failed to create DT overlay, {e:?}"))
+ .or_service_specific_exception(-1)?;
+ fs::write(&dt_output, fdt.as_slice()).or_service_specific_exception(-1)?;
+ Some(File::open(dt_output).or_service_specific_exception(-1)?)
+ } else {
+ None
+ };
+
let debug_level = match config {
VirtualMachineConfig::AppConfig(config) => config.debugLevel,
_ => DebugLevel::NONE,
@@ -531,7 +555,7 @@
gdb_port,
vfio_devices,
dtbo,
- reference_dt,
+ device_tree_overlay,
};
let instance = Arc::new(
VmInstance::new(