Add teeServices field to AppConfig & RawConfig
This patch just adds the field. It will be used in the follow up patches
Bug: 360102915
Test: atest MicrodroidTests
Change-Id: I951d911ee60c48085b14a24e0bbf6c394256ce6c
diff --git a/android/virtmgr/src/aidl.rs b/android/virtmgr/src/aidl.rs
index e2b2804..9d72506 100644
--- a/android/virtmgr/src/aidl.rs
+++ b/android/virtmgr/src/aidl.rs
@@ -1152,6 +1152,8 @@
for param in custom_config.extraKernelCmdlineParams.iter() {
append_kernel_param(param, &mut vm_config);
}
+
+ vm_config.teeServices.clone_from(&custom_config.teeServices);
}
// Unfortunately specifying page_shift = 14 in bootconfig doesn't enable 16k pages emulation,
@@ -1759,6 +1761,26 @@
Ok(())
}
+fn check_no_tee_services(config: &VirtualMachineConfig) -> binder::Result<()> {
+ match config {
+ VirtualMachineConfig::RawConfig(config) => {
+ if !config.teeServices.is_empty() {
+ return Err(anyhow!("tee_services_allowlist feature is disabled"))
+ .or_binder_exception(ExceptionCode::UNSUPPORTED_OPERATION);
+ }
+ }
+ VirtualMachineConfig::AppConfig(config) => {
+ if let Some(custom_config) = &config.customConfig {
+ if !custom_config.teeServices.is_empty() {
+ return Err(anyhow!("tee_services_allowlist feature is disabled"))
+ .or_binder_exception(ExceptionCode::UNSUPPORTED_OPERATION);
+ }
+ }
+ }
+ };
+ Ok(())
+}
+
fn check_protected_vm_is_supported() -> binder::Result<()> {
let is_pvm_supported =
hypervisor_props::is_protected_vm_supported().or_service_specific_exception(-1)?;
@@ -1783,6 +1805,9 @@
if !cfg!(debuggable_vms_improvements) {
check_no_extra_kernel_cmdline_params(config)?;
}
+ if !cfg!(tee_services_allowlist) {
+ check_no_tee_services(config)?;
+ }
Ok(())
}