Start apexd later Only start apexd, which activates APEXes and might allow code from them to execute, after we have created the payload DICE node, so Microdroid's CDIs are gone. This may slow down VM startup slightly. Bug: 308759880 Test: atest MicrodroidTests Change-Id: I0d736955660ee70f04ede288415c2aa362db996a

commit: 9a7f67e927bcc4fb861f8f291017b328c47a8243 [log] [tgz]
author: Alan Stokes <alanstokes@google.com> Tue Nov 07 09:37:40 2023 +0000
committer: Alan Stokes <alanstokes@google.com> Thu Nov 09 11:46:29 2023 +0000
tree: 3f6df1ef399ce6d81b0d185ecd05d09364215e32
parent: 26efd190929e01275c1dbbe8d90f15ff40ec4cc7 [diff] [blame]
diff --git a/microdroid_manager/src/verify.rs b/microdroid_manager/src/verify.rs
index 78951f7..e63530b 100644
--- a/microdroid_manager/src/verify.rs
+++ b/microdroid_manager/src/verify.rs

@@ -135,8 +135,10 @@
         write_apex_payload_data(saved_data, &apex_data_from_payload)?;
     }
 
-    // Start apexd to activate APEXes
-    system_properties::write("ctl.start", "apexd-vm")?;
+    if cfg!(not(dice_changes)) {
+        // Start apexd to activate APEXes
+        system_properties::write("ctl.start", "apexd-vm")?;
+    }
 
     // TODO(inseob): add timeout
     apkdmverity_child.wait()?;
commit	9a7f67e927bcc4fb861f8f291017b328c47a8243	[log] [tgz]
author	Alan Stokes <alanstokes@google.com>	Tue Nov 07 09:37:40 2023 +0000
committer	Alan Stokes <alanstokes@google.com>	Thu Nov 09 11:46:29 2023 +0000
tree	3f6df1ef399ce6d81b0d185ecd05d09364215e32
parent	26efd190929e01275c1dbbe8d90f15ff40ec4cc7 [diff] [blame]