Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 8bb67b66f704cbcc817e1eb6d215b7727d1f901d^! / .
commit8bb67b66f704cbcc817e1eb6d215b7727d1f901d[log] [tgz]
authorVictor Hsieh <victorhsieh@google.com>Wed Aug 04 12:10:58 2021 -0700
committerVictor Hsieh <victorhsieh@google.com>Fri Aug 06 14:45:45 2021 -0700
treeb05f9d8d9e524f3a80e53d7b78077097dbbce7bd
parent6932ee02a6935d88c9e4f3a9a35bf300b882bae5 [diff]
Start authfs_service during boot on microdroid

Bug: 194717985
Test: see the service starts on boot
Test: MicrodroidHostTestCases
Change-Id: Ia91cf6d8316bfd95ba3a0ea1fb45c64422c2f85f

diff --git a/authfs/service/Android.bp b/authfs/service/Android.bp
index 3f3a0c3..943db35 100644
--- a/authfs/service/Android.bp
+++ b/authfs/service/Android.bp

@@ -19,4 +19,5 @@
         "libshared_child",
     ],
     prefer_rlib: true,
+    init_rc: ["authfs_service.rc"],
 }

diff --git a/authfs/service/authfs_service.rc b/authfs/service/authfs_service.rc
new file mode 100644
index 0000000..9ad0ce6
--- /dev/null
+++ b/authfs/service/authfs_service.rc

@@ -0,0 +1,2 @@
+service authfs_service /system/bin/authfs_service
+    disabled

diff --git a/authfs/service/src/authfs.rs b/authfs/service/src/authfs.rs
index 5b41244..3b4febb 100644
--- a/authfs/service/src/authfs.rs
+++ b/authfs/service/src/authfs.rs

@@ -123,6 +123,8 @@
     debuggable: bool,
 ) -> Result<SharedChild> {
     let mut args = vec![mountpoint.to_owned(), OsString::from("--cid=2")];
+    args.push(OsString::from("-o"));
+    args.push(OsString::from("fscontext=u:object_r:authfs_fuse:s0"));
     for conf in in_fds {
         // TODO(b/185178698): Many input files need to be signed and verified.
         // or can we use debug cert for now, which is better than nothing?

diff --git a/authfs/service/src/main.rs b/authfs/service/src/main.rs
index 0ba19cb..e426734 100644
--- a/authfs/service/src/main.rs
+++ b/authfs/service/src/main.rs

@@ -40,8 +40,7 @@
 };
 
 const SERVICE_NAME: &str = "authfs_service";
-// TODO: Replace with a valid directory setup in the VM.
-const SERVICE_ROOT: &str = "/data/local/tmp/authfs";
+const SERVICE_ROOT: &str = "/data/misc/authfs";
 
 /// Implementation of `IAuthFsService`.
 pub struct AuthFsService {

diff --git a/microdroid/Android.bp b/microdroid/Android.bp
index a0215c3..4926e2c 100644
--- a/microdroid/Android.bp
+++ b/microdroid/Android.bp

@@ -111,6 +111,7 @@
             deps: [
                 "apkdmverity",
                 "authfs",
+                "authfs_service",
                 "zipfuse",
 
                 // TODO(b/184872979): Needed by authfs. Remove once the Rust API is created.

diff --git a/microdroid/init.rc b/microdroid/init.rc
index d43ab22..f9cd915 100644
--- a/microdroid/init.rc
+++ b/microdroid/init.rc

@@ -136,6 +136,9 @@
 
     start keystore2
 
+    mkdir /data/misc/authfs 0700 root root
+    start authfs_service
+
 on late-fs
     start vendor.keymint-microdroid