Merge "Skip tearDown() if tests skipped in setUp()"
diff --git a/compos/common/lib.rs b/compos/common/lib.rs
index 8d49ff0..1f937c9 100644
--- a/compos/common/lib.rs
+++ b/compos/common/lib.rs
@@ -53,9 +53,6 @@
/// /system_ext available in CompOS.
pub const IDSIG_MANIFEST_EXT_APK_FILE: &str = "idsig_manifest_ext_apk";
-/// Number of CPUs to run dex2oat (actually the entire compos VM) with
-pub const DEX2OAT_THREADS_PROP_NAME: &str = "dalvik.vm.boot-dex2oat-threads";
-
/// The Android path of fs-verity build manifest APK for /system.
pub const BUILD_MANIFEST_APK_PATH: &str = "/system/etc/security/fsverity/BuildManifest.apk";
diff --git a/compos/composd/src/instance_manager.rs b/compos/composd/src/instance_manager.rs
index c4791e9..0a6c3d6 100644
--- a/compos/composd/src/instance_manager.rs
+++ b/compos/composd/src/instance_manager.rs
@@ -22,10 +22,8 @@
use anyhow::{bail, Result};
use binder::Strong;
use compos_common::compos_client::VmParameters;
-use compos_common::{CURRENT_INSTANCE_DIR, DEX2OAT_THREADS_PROP_NAME, TEST_INSTANCE_DIR};
-use rustutils::system_properties;
+use compos_common::{CURRENT_INSTANCE_DIR, TEST_INSTANCE_DIR};
use std::num::NonZeroU32;
-use std::str::FromStr;
use std::sync::{Arc, Mutex, Weak};
use virtualizationservice::IVirtualizationService::IVirtualizationService;
@@ -79,14 +77,10 @@
}
fn new_vm_parameters() -> Result<VmParameters> {
- let cpus = match system_properties::read(DEX2OAT_THREADS_PROP_NAME)? {
- Some(s) => Some(NonZeroU32::from_str(&s)?),
- None => {
- // dex2oat uses all CPUs by default. To match the behavior, give the VM all CPUs by
- // default.
- NonZeroU32::new(num_cpus::get() as u32)
- }
- };
+ // By default, dex2oat starts as many threads as there are CPUs. This can be overridden with
+ // a system property. Start the VM with all CPUs and assume the guest will start a suitable
+ // number of dex2oat threads.
+ let cpus = NonZeroU32::new(num_cpus::get() as u32);
let task_profiles = vec!["SCHED_SP_COMPUTE".to_string()];
Ok(VmParameters { cpus, task_profiles, memory_mib: Some(VM_MEMORY_MIB), ..Default::default() })
}
diff --git a/compos/verify/verify.rs b/compos/verify/verify.rs
index 71d8bcc..528719f 100644
--- a/compos/verify/verify.rs
+++ b/compos/verify/verify.rs
@@ -33,6 +33,7 @@
use log::error;
use std::fs::File;
use std::io::Read;
+use std::num::NonZeroU32;
use std::panic;
use std::path::Path;
@@ -114,7 +115,11 @@
&idsig,
&idsig_manifest_apk,
&idsig_manifest_ext_apk,
- &VmParameters { debug_mode: args.debug, ..Default::default() },
+ &VmParameters {
+ cpus: Some(NonZeroU32::new(1).unwrap()), // This VM runs very little work at boot
+ debug_mode: args.debug,
+ ..Default::default()
+ },
)?;
let service = vm_instance.connect_service()?;
diff --git a/docs/getting_started/index.md b/docs/getting_started/index.md
index f184862..25eb909 100644
--- a/docs/getting_started/index.md
+++ b/docs/getting_started/index.md
@@ -97,15 +97,6 @@
If you run into problems, inspect the logs produced by `atest`. Their location is printed at the
end. The `host_log_*.zip` file should contain the output of individual commands as well as VM logs.
-### Custom pvmfw
-
-Hostside tests, which run on the PC and extends `MicrodroidHostTestCaseBase`, can be run with
-a custom `pvmfw`. Use `--module-arg` to push `pvmfw` for individual test methods.
-
-```shell
-atest com.android.microdroid.test.MicrodroidHostTests -- --module-arg MicrodroidHostTestCases:set-option:pvmfw:pvmfw.img
-```
-
## Spawning your own VMs with custom kernel
You can spawn your own VMs by passing a JSON config file to the VirtualizationService via the `vm`
diff --git a/encryptedstore/src/main.rs b/encryptedstore/src/main.rs
index 2f54534..96c80db 100644
--- a/encryptedstore/src/main.rs
+++ b/encryptedstore/src/main.rs
@@ -46,6 +46,7 @@
let blkdevice = Path::new(matches.get_one::<String>("blkdevice").unwrap());
let key = matches.get_one::<String>("key").unwrap();
let mountpoint = Path::new(matches.get_one::<String>("mountpoint").unwrap());
+ // Note this error context is used in MicrodroidTests.
encryptedstore_init(blkdevice, key, mountpoint).context(format!(
"Unable to initialize encryptedstore on {:?} & mount at {:?}",
blkdevice, mountpoint
diff --git a/javalib/jni/android_system_virtualmachine_VirtualMachine.cpp b/javalib/jni/android_system_virtualmachine_VirtualMachine.cpp
index afdc944..9281e73 100644
--- a/javalib/jni/android_system_virtualmachine_VirtualMachine.cpp
+++ b/javalib/jni/android_system_virtualmachine_VirtualMachine.cpp
@@ -57,6 +57,10 @@
};
RpcSessionHandle session;
+ // We need a thread pool to be able to support linkToDeath, or callbacks
+ // (b/268335700). This if a fairly arbitrary number, although it happens to
+ // match the default max outgoing threads.
+ ARpcSession_setMaxIncomingThreads(session.get(), 10);
auto client = ARpcSession_setupPreconnectedClient(session.get(), requestFunc, &args);
return AIBinder_toJavaBinder(env, client);
}
diff --git a/libs/dice/src/bcc.rs b/libs/dice/src/bcc.rs
index 18b5083..a7ef882 100644
--- a/libs/dice/src/bcc.rs
+++ b/libs/dice/src/bcc.rs
@@ -16,21 +16,15 @@
//! Wrapper around dice/android/bcc.h.
-use core::ffi::CStr;
use core::mem;
use core::ptr;
-use open_dice_bcc_bindgen::BccConfigValues;
-use open_dice_bcc_bindgen::BccFormatConfigDescriptor;
use open_dice_bcc_bindgen::BccHandoverMainFlow;
use open_dice_bcc_bindgen::BccHandoverParse;
-use open_dice_bcc_bindgen::BCC_INPUT_COMPONENT_NAME;
-use open_dice_bcc_bindgen::BCC_INPUT_COMPONENT_VERSION;
-use open_dice_bcc_bindgen::BCC_INPUT_RESETTABLE;
-use crate::check_call;
+use crate::check_result;
use crate::Cdi;
-use crate::Error;
+use crate::DiceError;
use crate::InputValues;
use crate::Result;
@@ -56,7 +50,7 @@
// SAFETY - The buffer is only read and never stored and the returned pointers should all
// point within the address range of the buffer or be NULL.
- check_call(unsafe {
+ check_result(unsafe {
BccHandoverParse(
buffer.as_ptr(),
buffer.len(),
@@ -68,20 +62,20 @@
})?;
let cdi_attest = {
- let i = index_from_ptr(buffer, cdi_attest).ok_or(Error::PlatformError)?;
- let s = buffer.get(i..(i + mem::size_of::<Cdi>())).ok_or(Error::PlatformError)?;
- s.try_into().map_err(|_| Error::PlatformError)?
+ let i = index_from_ptr(buffer, cdi_attest).ok_or(DiceError::PlatformError)?;
+ let s = buffer.get(i..(i + mem::size_of::<Cdi>())).ok_or(DiceError::PlatformError)?;
+ s.try_into().map_err(|_| DiceError::PlatformError)?
};
let cdi_seal = {
- let i = index_from_ptr(buffer, cdi_seal).ok_or(Error::PlatformError)?;
- let s = buffer.get(i..(i + mem::size_of::<Cdi>())).ok_or(Error::PlatformError)?;
- s.try_into().map_err(|_| Error::PlatformError)?
+ let i = index_from_ptr(buffer, cdi_seal).ok_or(DiceError::PlatformError)?;
+ let s = buffer.get(i..(i + mem::size_of::<Cdi>())).ok_or(DiceError::PlatformError)?;
+ s.try_into().map_err(|_| DiceError::PlatformError)?
};
let bcc = if bcc.is_null() {
None
} else {
- let i = index_from_ptr(buffer, bcc).ok_or(Error::PlatformError)?;
- Some(buffer.get(i..(i + bcc_size)).ok_or(Error::PlatformError)?)
+ let i = index_from_ptr(buffer, bcc).ok_or(DiceError::PlatformError)?;
+ Some(buffer.get(i..(i + bcc_size)).ok_or(DiceError::PlatformError)?)
};
Ok(Self { buffer, cdi_attest, cdi_seal, bcc })
@@ -93,7 +87,7 @@
let mut size: usize = 0;
// SAFETY - The function only reads `self.buffer`, writes to `buffer` within its bounds,
// reads `input_values` as a constant input and doesn't store any pointer.
- check_call(unsafe {
+ check_result(unsafe {
BccHandoverMainFlow(
context,
self.buffer.as_ptr(),
@@ -109,57 +103,6 @@
}
}
-/// Formats a configuration descriptor following the BCC's specification.
-///
-/// ```
-/// BccConfigDescriptor = {
-/// ? -70002 : tstr, ; Component name
-/// ? -70003 : int, ; Component version
-/// ? -70004 : null, ; Resettable
-/// }
-/// ```
-pub fn format_config_descriptor(
- buffer: &mut [u8],
- name: Option<&CStr>,
- version: Option<u64>,
- resettable: bool,
-) -> Result<usize> {
- let mut inputs = 0;
-
- if name.is_some() {
- inputs |= BCC_INPUT_COMPONENT_NAME;
- }
-
- if version.is_some() {
- inputs |= BCC_INPUT_COMPONENT_VERSION;
- }
-
- if resettable {
- inputs |= BCC_INPUT_RESETTABLE;
- }
-
- let values = BccConfigValues {
- inputs,
- component_name: name.map_or(ptr::null(), |p| p.as_ptr()),
- component_version: version.unwrap_or(0),
- };
-
- let mut buffer_size = 0;
-
- // SAFETY - The function writes to the buffer, within the given bounds, and only reads the
- // input values. It writes its result to buffer_size.
- check_call(unsafe {
- BccFormatConfigDescriptor(
- &values as *const _,
- buffer.len(),
- buffer.as_mut_ptr(),
- &mut buffer_size as *mut _,
- )
- })?;
-
- Ok(buffer_size)
-}
-
fn index_from_ptr(slice: &[u8], pointer: *const u8) -> Option<usize> {
if slice.as_ptr_range().contains(&pointer) {
(pointer as usize).checked_sub(slice.as_ptr() as usize)
diff --git a/libs/dice/src/lib.rs b/libs/dice/src/lib.rs
index f0ac2ae..6870eeb 100644
--- a/libs/dice/src/lib.rs
+++ b/libs/dice/src/lib.rs
@@ -18,70 +18,9 @@
#![no_std]
-use core::fmt;
-use core::result;
-
-pub use diced_open_dice::{Config, Hash, InputValues, HASH_SIZE};
-pub use open_dice_cbor_bindgen::DiceMode;
-
-use open_dice_cbor_bindgen::DiceHash;
-use open_dice_cbor_bindgen::DiceResult;
-use open_dice_cbor_bindgen::DiceResult_kDiceResultBufferTooSmall as DICE_RESULT_BUFFER_TOO_SMALL;
-use open_dice_cbor_bindgen::DiceResult_kDiceResultInvalidInput as DICE_RESULT_INVALID_INPUT;
-use open_dice_cbor_bindgen::DiceResult_kDiceResultOk as DICE_RESULT_OK;
-use open_dice_cbor_bindgen::DiceResult_kDiceResultPlatformError as DICE_RESULT_PLATFORM_ERROR;
+pub use diced_open_dice::{
+ bcc_format_config_descriptor, check_result, Cdi, Config, DiceError, DiceMode, Hash,
+ InputValues, Result, CDI_SIZE, HASH_SIZE, HIDDEN_SIZE,
+};
pub mod bcc;
-
-const CDI_SIZE: usize = open_dice_cbor_bindgen::DICE_CDI_SIZE as usize;
-
-/// Array type of CDIs.
-pub type Cdi = [u8; CDI_SIZE];
-
-/// Error type used by DICE.
-pub enum Error {
- /// Provided input was invalid.
- InvalidInput,
- /// Provided buffer was too small.
- BufferTooSmall,
- /// Unexpected platform error.
- PlatformError,
- /// Unexpected return value.
- Unknown(DiceResult),
-}
-
-impl fmt::Debug for Error {
- fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
- match self {
- Error::InvalidInput => write!(f, "invalid input"),
- Error::BufferTooSmall => write!(f, "buffer too small"),
- Error::PlatformError => write!(f, "platform error"),
- Error::Unknown(n) => write!(f, "unknown error: {}", n),
- }
- }
-}
-
-/// Result of DICE functions.
-pub type Result<T> = result::Result<T, Error>;
-
-fn check_call(ret: DiceResult) -> Result<()> {
- match ret {
- DICE_RESULT_OK => Ok(()),
- DICE_RESULT_INVALID_INPUT => Err(Error::InvalidInput),
- DICE_RESULT_BUFFER_TOO_SMALL => Err(Error::BufferTooSmall),
- DICE_RESULT_PLATFORM_ERROR => Err(Error::PlatformError),
- n => Err(Error::Unknown(n)),
- }
-}
-
-fn ctx() -> *mut core::ffi::c_void {
- core::ptr::null_mut()
-}
-
-/// Hash the provided input using DICE's default hash function.
-pub fn hash(bytes: &[u8]) -> Result<Hash> {
- let mut output: Hash = [0; HASH_SIZE];
- // SAFETY - DiceHash takes a sized input buffer and writes to a constant-sized output buffer.
- check_call(unsafe { DiceHash(ctx(), bytes.as_ptr(), bytes.len(), output.as_mut_ptr()) })?;
- Ok(output)
-}
diff --git a/microdroid/payload/config/src/lib.rs b/microdroid/payload/config/src/lib.rs
index 08b8b42..925a543 100644
--- a/microdroid/payload/config/src/lib.rs
+++ b/microdroid/payload/config/src/lib.rs
@@ -40,8 +40,8 @@
pub prefer_staged: bool,
/// Whether to export the tomsbtones (VM crashes) out of VM to host
- /// This does not have a default & the value is expected to be in json for deserialization
- pub export_tombstones: bool,
+ /// Default: true for debuggable VMs, false for non-debuggable VMs
+ pub export_tombstones: Option<bool>,
/// Whether the authfs service should be started in the VM. This enables read or write of host
/// files with integrity checking, but not confidentiality.
diff --git a/microdroid_manager/Android.bp b/microdroid_manager/Android.bp
index 383f371..bf2d755 100644
--- a/microdroid_manager/Android.bp
+++ b/microdroid_manager/Android.bp
@@ -19,8 +19,7 @@
"libbinder_rs",
"libbyteorder",
"libcap_rust",
- "libdiced",
- "libdiced_open_dice_cbor",
+ "libdiced_open_dice",
"libdiced_sample_inputs",
"libdiced_utils",
"libglob",
diff --git a/microdroid_manager/src/dice.rs b/microdroid_manager/src/dice.rs
index 739c944..cf5e73e 100644
--- a/microdroid_manager/src/dice.rs
+++ b/microdroid_manager/src/dice.rs
@@ -16,8 +16,8 @@
use anyhow::{bail, Context, Error, Result};
use byteorder::{NativeEndian, ReadBytesExt};
-use diced_open_dice_cbor::{
- Config, ContextImpl, DiceMode, Hash, Hidden, InputValuesOwned, OpenDiceCborContext, CDI_SIZE,
+use diced_open_dice::{
+ retry_bcc_main_flow, Config, DiceMode, Hash, Hidden, InputValues, OwnedDiceArtifacts, CDI_SIZE,
};
use keystore2_crypto::ZVec;
use libc::{c_void, mmap, munmap, MAP_FAILED, MAP_PRIVATE, PROT_READ};
@@ -31,12 +31,23 @@
/// Artifacts that are kept in the process address space after the artifacts from the driver have
/// been consumed.
+/// TODO(b/267575445): Replace with `OwnedDiceArtifacts` from the library `diced_open_dice`.
pub struct DiceContext {
pub cdi_attest: [u8; CDI_SIZE],
pub cdi_seal: [u8; CDI_SIZE],
pub bcc: Vec<u8>,
}
+impl From<OwnedDiceArtifacts> for DiceContext {
+ fn from(dice_artifacts: OwnedDiceArtifacts) -> Self {
+ Self {
+ cdi_attest: dice_artifacts.cdi_values.cdi_attest,
+ cdi_seal: dice_artifacts.cdi_values.cdi_seal,
+ bcc: dice_artifacts.bcc[..].to_vec(),
+ }
+ }
+}
+
impl DiceContext {
pub fn get_sealing_key(&self, salt: &[u8], identifier: &[u8], keysize: u32) -> Result<ZVec> {
// Deterministically derive a key to use for sealing data based on salt. Use different salt
@@ -68,13 +79,9 @@
bail!("Strict boot requires DICE value from driver but none were found");
} else {
log::warn!("Using sample DICE values");
- let (cdi_attest, cdi_seal, bcc) = diced_sample_inputs::make_sample_bcc_and_cdis()
+ let dice_artifacts = diced_sample_inputs::make_sample_bcc_and_cdis()
.expect("Failed to create sample dice artifacts.");
- return Ok(Self::Fake(DiceContext {
- cdi_attest: cdi_attest[..].try_into().unwrap(),
- cdi_seal: cdi_seal[..].try_into().unwrap(),
- bcc,
- }));
+ return Ok(Self::Fake(dice_artifacts.into()));
};
let mut file = fs::File::open(driver_path)
@@ -142,11 +149,10 @@
debug: bool,
hidden: Hidden,
) -> Result<DiceContext> {
- let input_values = InputValuesOwned::new(
+ let input_values = InputValues::new(
code_hash,
Config::Descriptor(config_desc),
authority_hash,
- None,
if debug { DiceMode::kDiceModeDebug } else { DiceMode::kDiceModeNormal },
hidden,
);
@@ -154,8 +160,7 @@
Self::Real { cdi_attest, cdi_seal, bcc, .. } => (*cdi_attest, *cdi_seal, *bcc),
Self::Fake(fake) => (&fake.cdi_attest, &fake.cdi_seal, fake.bcc.as_slice()),
};
- let (cdi_attest, cdi_seal, bcc) = OpenDiceCborContext::new()
- .bcc_main_flow(cdi_attest, cdi_seal, bcc, &input_values)
+ let dice_artifacts = retry_bcc_main_flow(cdi_attest, cdi_seal, bcc, &input_values)
.context("DICE derive from driver")?;
if let Self::Real { driver_path, .. } = &self {
// Writing to the device wipes the artifacts. The string is ignored by the driver but
@@ -163,11 +168,7 @@
fs::write(driver_path, "wipe")
.map_err(|err| Error::new(err).context("Wiping driver"))?;
}
- Ok(DiceContext {
- cdi_attest: cdi_attest[..].try_into().unwrap(),
- cdi_seal: cdi_seal[..].try_into().unwrap(),
- bcc,
- })
+ Ok(dice_artifacts.into())
}
}
diff --git a/microdroid_manager/src/main.rs b/microdroid_manager/src/main.rs
index 13bc9e3..777a42c 100644
--- a/microdroid_manager/src/main.rs
+++ b/microdroid_manager/src/main.rs
@@ -70,13 +70,15 @@
const EXTRA_APK_PATH_PATTERN: &str = "/dev/block/by-name/extra-apk-*";
const EXTRA_IDSIG_PATH_PATTERN: &str = "/dev/block/by-name/extra-idsig-*";
const DM_MOUNTED_APK_PATH: &str = "/dev/block/mapper/microdroid-apk";
-const APKDMVERITY_BIN: &str = "/system/bin/apkdmverity";
-const ZIPFUSE_BIN: &str = "/system/bin/zipfuse";
const AVF_STRICT_BOOT: &str = "/sys/firmware/devicetree/base/chosen/avf,strict-boot";
const AVF_NEW_INSTANCE: &str = "/sys/firmware/devicetree/base/chosen/avf,new-instance";
const DEBUG_MICRODROID_NO_VERIFIED_BOOT: &str =
"/sys/firmware/devicetree/base/virtualization/guest/debug-microdroid,no-verified-boot";
+const APKDMVERITY_BIN: &str = "/system/bin/apkdmverity";
+const ENCRYPTEDSTORE_BIN: &str = "/system/bin/encryptedstore";
+const ZIPFUSE_BIN: &str = "/system/bin/zipfuse";
+
const APEX_CONFIG_DONE_PROP: &str = "apex_config.done";
const TOMBSTONE_TRANSMIT_DONE_PROP: &str = "tombstone_transmit.init_done";
const DEBUGGABLE_PROP: &str = "ro.boot.microdroid.debuggable";
@@ -84,9 +86,7 @@
// SYNC WITH virtualizationservice/src/crosvm.rs
const FAILURE_SERIAL_DEVICE: &str = "/dev/ttyS1";
-/// Identifier for the key used for encrypted store.
const ENCRYPTEDSTORE_BACKING_DEVICE: &str = "/dev/block/by-name/encryptedstore";
-const ENCRYPTEDSTORE_BIN: &str = "/system/bin/encryptedstore";
const ENCRYPTEDSTORE_KEY_IDENTIFIER: &str = "encryptedstore_key";
const ENCRYPTEDSTORE_KEYSIZE: u32 = 32;
@@ -347,6 +347,13 @@
!Path::new(DEBUG_MICRODROID_NO_VERIFIED_BOOT).exists()
}
+fn should_export_tombstones(config: &VmPayloadConfig) -> bool {
+ match config.export_tombstones {
+ Some(b) => b,
+ None => system_properties::read_bool(DEBUGGABLE_PROP, true).unwrap_or(false),
+ }
+}
+
fn try_run_payload(service: &Strong<dyn IVirtualMachineService>) -> Result<i32> {
let metadata = load_metadata().context("Failed to load payload metadata")?;
let dice = DiceDriver::new(Path::new("/dev/open-dice0")).context("Failed to load DICE")?;
@@ -456,7 +463,7 @@
setup_config_sysprops(&config)?;
// Start tombstone_transmit if enabled
- if config.export_tombstones {
+ if should_export_tombstones(&config) {
system_properties::write("tombstone_transmit.start", "1")
.context("set tombstone_transmit.start")?;
} else {
@@ -481,7 +488,7 @@
.context("set microdroid_manager.init_done")?;
// Wait for tombstone_transmit to init
- if config.export_tombstones {
+ if should_export_tombstones(&config) {
wait_for_tombstone_transmit_done()?;
}
@@ -813,7 +820,7 @@
apexes: vec![],
extra_apks: vec![],
prefer_staged: false,
- export_tombstones: false,
+ export_tombstones: None,
enable_authfs: false,
})
}
diff --git a/pvmfw/Android.bp b/pvmfw/Android.bp
index 21f84a5..0d6a9a4 100644
--- a/pvmfw/Android.bp
+++ b/pvmfw/Android.bp
@@ -14,7 +14,8 @@
rustlibs: [
"libaarch64_paging",
"libbuddy_system_allocator",
- "libdice_nostd",
+ "libdice_nostd", // TODO(b/267575445): Remove this library once the migration is done.
+ "libdiced_open_dice_nostd",
"libfdtpci",
"liblibfdt",
"liblog_rust_nostd",
diff --git a/pvmfw/src/dice.rs b/pvmfw/src/dice.rs
index 4e1e60a..f6a1f3d 100644
--- a/pvmfw/src/dice.rs
+++ b/pvmfw/src/dice.rs
@@ -16,12 +16,11 @@
use core::ffi::CStr;
use core::mem::size_of;
-use dice::bcc::format_config_descriptor;
use dice::bcc::Handover;
-use dice::hash;
use dice::Config;
use dice::DiceMode;
use dice::InputValues;
+use diced_open_dice::{bcc_format_config_descriptor, hash, HIDDEN_SIZE};
use pvmfw_avb::{DebugLevel, Digest, VerifiedBootData};
fn to_dice_mode(debug_level: DebugLevel) -> DiceMode {
@@ -52,22 +51,20 @@
let mode = to_dice_mode(verified_boot_data.debug_level);
let component_name = CStr::from_bytes_with_nul(b"vm_entry\0").unwrap();
let mut config_descriptor_buffer = [0; 128];
- let config_descriptor_size = format_config_descriptor(
- &mut config_descriptor_buffer,
+ let config_descriptor_size = bcc_format_config_descriptor(
Some(component_name),
None, // component_version
false, // resettable
+ &mut config_descriptor_buffer,
)?;
let config = &config_descriptor_buffer[..config_descriptor_size];
let input_values = InputValues::new(
- &code_hash,
- None, // code_descriptor
+ code_hash,
Config::Descriptor(config),
- &auth_hash,
- None, // authority_descriptor
+ auth_hash,
mode,
- None, // TODO(b/249723852): Get salt from instance.img (virtio-blk) and/or TRNG.
+ [0u8; HIDDEN_SIZE], // TODO(b/249723852): Get salt from instance.img (virtio-blk) and/or TRNG.
);
bcc.main_flow(&input_values, next_bcc)
diff --git a/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java b/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java
index f17000a..db87126 100644
--- a/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java
+++ b/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java
@@ -50,8 +50,11 @@
import java.io.IOException;
import java.nio.file.Files;
import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.OptionalLong;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Function;
@@ -136,102 +139,87 @@
mInstrumentation.sendStatus(0, bundle);
}
- @Test
- public void testMicrodroidBootTime()
+ private static class BootTimeStats {
+ private final Map<BootTimeMetric, List<Double>> mData = new HashMap<>();
+
+ public BootTimeStats(int trialCount) {
+ for (BootTimeMetric metric : BootTimeMetric.values()) {
+ mData.put(metric, new ArrayList<>(trialCount));
+ }
+ }
+
+ public void collect(BootResult result) {
+ for (BootTimeMetric metric : BootTimeMetric.values()) {
+ OptionalLong value = result.getBootTimeMetricNanoTime(metric);
+ if (value.isPresent()) {
+ mData.get(metric).add(value.getAsLong() / NANO_TO_MILLI);
+ }
+ }
+ }
+
+ public List<Double> get(BootTimeMetric metric) {
+ return Collections.unmodifiableList(mData.get(metric));
+ }
+ }
+
+ private BootTimeStats runBootTimeTest(
+ String name,
+ Function<VirtualMachineConfig.Builder, VirtualMachineConfig.Builder> fnConfig)
throws VirtualMachineException, InterruptedException, IOException {
assume().withMessage("Skip on CF; too slow").that(isCuttlefish()).isFalse();
final int trialCount = 10;
- List<Double> bootTimeMetrics = new ArrayList<>();
+ BootTimeStats stats = new BootTimeStats(trialCount);
for (int i = 0; i < trialCount; i++) {
- VirtualMachineConfig normalConfig =
+ VirtualMachineConfig.Builder builder =
newVmConfigBuilder()
.setPayloadBinaryName("MicrodroidIdleNativeLib.so")
- .setDebugLevel(DEBUG_LEVEL_NONE)
.setMemoryBytes(256 * ONE_MEBI)
- .build();
- forceCreateNewVirtualMachine("test_vm_boot_time", normalConfig);
+ .setDebugLevel(DEBUG_LEVEL_NONE);
+ VirtualMachineConfig config = fnConfig.apply(builder).build();
+ forceCreateNewVirtualMachine(name, config);
- BootResult result = tryBootVm(TAG, "test_vm_boot_time");
+ BootResult result = tryBootVm(TAG, name);
assertThat(result.payloadStarted).isTrue();
-
- bootTimeMetrics.add(result.endToEndNanoTime / NANO_TO_MILLI);
+ stats.collect(result);
}
+ return stats;
+ }
- reportMetrics(bootTimeMetrics, "boot_time", "ms");
+ @Test
+ public void testMicrodroidBootTime()
+ throws VirtualMachineException, InterruptedException, IOException {
+ BootTimeStats stats = runBootTimeTest("test_vm_boot_time", (builder) -> builder);
+ reportMetrics(stats.get(BootTimeMetric.TOTAL), "boot_time", "ms");
}
@Test
public void testMicrodroidMulticoreBootTime()
throws VirtualMachineException, InterruptedException, IOException {
- assume().withMessage("Skip on CF; too slow").that(isCuttlefish()).isFalse();
-
- final int trialCount = 10;
- final int[] trialNumCpus = {2, 4, 8};
-
- for (int numCpus : trialNumCpus) {
- List<Double> bootTimeMetrics = new ArrayList<>();
- for (int i = 0; i < trialCount; i++) {
- VirtualMachineConfig normalConfig =
- newVmConfigBuilder()
- .setPayloadBinaryName("MicrodroidIdleNativeLib.so")
- .setDebugLevel(DEBUG_LEVEL_NONE)
- .setMemoryBytes(256 * ONE_MEBI)
- .setNumCpus(numCpus)
- .build();
- forceCreateNewVirtualMachine("test_vm_boot_time_multicore", normalConfig);
-
- BootResult result = tryBootVm(TAG, "test_vm_boot_time_multicore");
- assertThat(result.payloadStarted).isTrue();
-
- bootTimeMetrics.add(result.endToEndNanoTime / NANO_TO_MILLI);
- }
-
+ for (int numCpus : new int[] {2, 4, 8}) {
+ BootTimeStats stats =
+ runBootTimeTest(
+ "test_vm_boot_time_multicore",
+ (builder) -> builder.setNumCpus(numCpus));
String metricName = "boot_time_" + numCpus + "cpus";
- reportMetrics(bootTimeMetrics, metricName, "ms");
+ reportMetrics(stats.get(BootTimeMetric.TOTAL), metricName, "ms");
}
}
@Test
public void testMicrodroidDebugBootTime()
throws VirtualMachineException, InterruptedException, IOException {
- assume().withMessage("Skip on CF; too slow").that(isCuttlefish()).isFalse();
-
- final int trialCount = 10;
-
- List<Double> vmStartingTimeMetrics = new ArrayList<>();
- List<Double> bootTimeMetrics = new ArrayList<>();
- List<Double> bootloaderTimeMetrics = new ArrayList<>();
- List<Double> kernelBootTimeMetrics = new ArrayList<>();
- List<Double> userspaceBootTimeMetrics = new ArrayList<>();
-
- for (int i = 0; i < trialCount; i++) {
- // To grab boot events from log, set debug mode to FULL
- VirtualMachineConfig normalConfig =
- newVmConfigBuilder()
- .setPayloadBinaryName("MicrodroidIdleNativeLib.so")
- .setDebugLevel(DEBUG_LEVEL_FULL)
- .setVmOutputCaptured(true)
- .setMemoryBytes(256 * ONE_MEBI)
- .build();
- forceCreateNewVirtualMachine("test_vm_boot_time_debug", normalConfig);
-
- BootResult result = tryBootVm(TAG, "test_vm_boot_time_debug");
- assertThat(result.payloadStarted).isTrue();
-
- vmStartingTimeMetrics.add(result.getVMStartingElapsedNanoTime() / NANO_TO_MILLI);
- bootTimeMetrics.add(result.endToEndNanoTime / NANO_TO_MILLI);
- bootloaderTimeMetrics.add(result.getBootloaderElapsedNanoTime() / NANO_TO_MILLI);
- kernelBootTimeMetrics.add(result.getKernelElapsedNanoTime() / NANO_TO_MILLI);
- userspaceBootTimeMetrics.add(result.getUserspaceElapsedNanoTime() / NANO_TO_MILLI);
- }
-
- reportMetrics(vmStartingTimeMetrics, "vm_starting_time", "ms");
- reportMetrics(bootTimeMetrics, "boot_time", "ms");
- reportMetrics(bootloaderTimeMetrics, "bootloader_time", "ms");
- reportMetrics(kernelBootTimeMetrics, "kernel_boot_time", "ms");
- reportMetrics(userspaceBootTimeMetrics, "userspace_boot_time", "ms");
+ BootTimeStats stats =
+ runBootTimeTest(
+ "test_vm_boot_time_debug",
+ (builder) ->
+ builder.setDebugLevel(DEBUG_LEVEL_FULL).setVmOutputCaptured(true));
+ reportMetrics(stats.get(BootTimeMetric.TOTAL), "boot_time", "ms");
+ reportMetrics(stats.get(BootTimeMetric.VM_START), "vm_starting_time", "ms");
+ reportMetrics(stats.get(BootTimeMetric.BOOTLOADER), "bootloader_time", "ms");
+ reportMetrics(stats.get(BootTimeMetric.KERNEL), "kernel_boot_time", "ms");
+ reportMetrics(stats.get(BootTimeMetric.USERSPACE), "userspace_boot_time", "ms");
}
@Test
diff --git a/tests/helper/src/java/com/android/microdroid/test/common/DeviceProperties.java b/tests/helper/src/java/com/android/microdroid/test/common/DeviceProperties.java
index 94f7e99..ba82c38 100644
--- a/tests/helper/src/java/com/android/microdroid/test/common/DeviceProperties.java
+++ b/tests/helper/src/java/com/android/microdroid/test/common/DeviceProperties.java
@@ -26,9 +26,11 @@
}
private static final String KEY_VENDOR_DEVICE = "ro.product.vendor.device";
+ private static final String KEY_BUILD_TYPE = "ro.build.type";
private static final String KEY_METRICS_TAG = "debug.hypervisor.metrics_tag";
private static final String CUTTLEFISH_DEVICE_PREFIX = "vsoc_";
+ private static final String USER_BUILD_TYPE = "user";
private final PropertyGetter mPropertyGetter;
@@ -49,6 +51,13 @@
return vendorDeviceName != null && vendorDeviceName.startsWith(CUTTLEFISH_DEVICE_PREFIX);
}
+ /**
+ * @return whether the device is user build.
+ */
+ public boolean isUserBuild() {
+ return USER_BUILD_TYPE.equals(getProperty(KEY_BUILD_TYPE));
+ }
+
public String getMetricsTag() {
return getProperty(KEY_METRICS_TAG);
}
diff --git a/tests/helper/src/java/com/android/microdroid/test/device/MicrodroidDeviceTestBase.java b/tests/helper/src/java/com/android/microdroid/test/device/MicrodroidDeviceTestBase.java
index f1da43a..9ec36b3 100644
--- a/tests/helper/src/java/com/android/microdroid/test/device/MicrodroidDeviceTestBase.java
+++ b/tests/helper/src/java/com/android/microdroid/test/device/MicrodroidDeviceTestBase.java
@@ -148,8 +148,9 @@
private OptionalLong mPayloadStartedNanoTime = OptionalLong.empty();
private StringBuilder mConsoleOutput = new StringBuilder();
private StringBuilder mLogOutput = new StringBuilder();
+ private boolean mProcessedBootTimeMetrics = false;
- private void processBootEvents(String log) {
+ private void processBootTimeMetrics(String log) {
if (!mVcpuStartedNanoTime.isPresent()) {
mVcpuStartedNanoTime = OptionalLong.of(System.nanoTime());
}
@@ -165,12 +166,13 @@
}
}
- private void logVmOutputAndMonitorBootEvents(
+ private void logVmOutputAndMonitorBootTimeMetrics(
String tag,
InputStream vmOutputStream,
String name,
StringBuilder result,
boolean monitorEvents) {
+ mProcessedBootTimeMetrics |= monitorEvents;
new Thread(
() -> {
try {
@@ -180,7 +182,7 @@
String line;
while ((line = reader.readLine()) != null
&& !Thread.interrupted()) {
- if (monitorEvents) processBootEvents(line);
+ if (monitorEvents) processBootTimeMetrics(line);
Log.i(tag, name + ": " + line);
result.append(line + "\n");
}
@@ -191,15 +193,15 @@
.start();
}
- private void logVmOutputAndMonitorBootEvents(
+ private void logVmOutputAndMonitorBootTimeMetrics(
String tag, InputStream vmOutputStream, String name, StringBuilder result) {
- logVmOutputAndMonitorBootEvents(tag, vmOutputStream, name, result, true);
+ logVmOutputAndMonitorBootTimeMetrics(tag, vmOutputStream, name, result, true);
}
/** Copy output from the VM to logcat. This is helpful when things go wrong. */
protected void logVmOutput(
String tag, InputStream vmOutputStream, String name, StringBuilder result) {
- logVmOutputAndMonitorBootEvents(tag, vmOutputStream, name, result, false);
+ logVmOutputAndMonitorBootTimeMetrics(tag, vmOutputStream, name, result, false);
}
public void runToFinish(String logTag, VirtualMachine vm)
@@ -207,7 +209,7 @@
vm.setCallback(mExecutorService, this);
vm.run();
if (vm.getConfig().isVmOutputCaptured()) {
- logVmOutputAndMonitorBootEvents(
+ logVmOutputAndMonitorBootTimeMetrics(
logTag, vm.getConsoleOutput(), "Console", mConsoleOutput);
logVmOutput(logTag, vm.getLogOutput(), "Log", mLogOutput);
}
@@ -238,6 +240,10 @@
return mLogOutput.toString();
}
+ public boolean hasProcessedBootTimeMetrics() {
+ return mProcessedBootTimeMetrics;
+ }
+
protected void forceStop(VirtualMachine vm) {
try {
vm.stop();
@@ -266,12 +272,21 @@
}
}
+ public enum BootTimeMetric {
+ TOTAL,
+ VM_START,
+ BOOTLOADER,
+ KERNEL,
+ USERSPACE,
+ }
+
public static class BootResult {
public final boolean payloadStarted;
public final int deathReason;
public final long apiCallNanoTime;
public final long endToEndNanoTime;
+ public final boolean processedBootTimeMetrics;
public final OptionalLong vcpuStartedNanoTime;
public final OptionalLong kernelStartedNanoTime;
public final OptionalLong initStartedNanoTime;
@@ -285,6 +300,7 @@
int deathReason,
long apiCallNanoTime,
long endToEndNanoTime,
+ boolean processedBootTimeMetrics,
OptionalLong vcpuStartedNanoTime,
OptionalLong kernelStartedNanoTime,
OptionalLong initStartedNanoTime,
@@ -295,6 +311,7 @@
this.payloadStarted = payloadStarted;
this.deathReason = deathReason;
this.endToEndNanoTime = endToEndNanoTime;
+ this.processedBootTimeMetrics = processedBootTimeMetrics;
this.vcpuStartedNanoTime = vcpuStartedNanoTime;
this.kernelStartedNanoTime = kernelStartedNanoTime;
this.initStartedNanoTime = initStartedNanoTime;
@@ -336,6 +353,27 @@
public long getUserspaceElapsedNanoTime() {
return getPayloadStartedNanoTime() - getInitStartedNanoTime();
}
+
+ public OptionalLong getBootTimeMetricNanoTime(BootTimeMetric metric) {
+ if (metric == BootTimeMetric.TOTAL) {
+ return OptionalLong.of(endToEndNanoTime);
+ }
+
+ if (processedBootTimeMetrics) {
+ switch (metric) {
+ case VM_START:
+ return OptionalLong.of(getVMStartingElapsedNanoTime());
+ case BOOTLOADER:
+ return OptionalLong.of(getBootloaderElapsedNanoTime());
+ case KERNEL:
+ return OptionalLong.of(getKernelElapsedNanoTime());
+ case USERSPACE:
+ return OptionalLong.of(getUserspaceElapsedNanoTime());
+ }
+ }
+
+ return OptionalLong.empty();
+ }
}
public BootResult tryBootVm(String logTag, String vmName)
@@ -366,6 +404,7 @@
deathReason.getNow(VmEventListener.STOP_REASON_INFRASTRUCTURE_ERROR),
apiCallNanoTime,
endTime.getNow(apiCallNanoTime) - apiCallNanoTime,
+ listener.hasProcessedBootTimeMetrics(),
listener.getVcpuStartedNanoTime(),
listener.getKernelStartedNanoTime(),
listener.getInitStartedNanoTime(),
diff --git a/tests/hostside/helper/Android.bp b/tests/hostside/helper/Android.bp
index 6196ec5..e8b6f36 100644
--- a/tests/hostside/helper/Android.bp
+++ b/tests/hostside/helper/Android.bp
@@ -6,6 +6,7 @@
name: "MicrodroidHostTestHelper",
srcs: ["java/**/*.java"],
libs: [
+ "androidx.annotation_annotation",
"compatibility-tradefed",
"tradefed",
"truth-prebuilt",
diff --git a/tests/hostside/helper/java/com/android/microdroid/test/host/MicrodroidHostTestCaseBase.java b/tests/hostside/helper/java/com/android/microdroid/test/host/MicrodroidHostTestCaseBase.java
index 8d328bc..20a6045 100644
--- a/tests/hostside/helper/java/com/android/microdroid/test/host/MicrodroidHostTestCaseBase.java
+++ b/tests/hostside/helper/java/com/android/microdroid/test/host/MicrodroidHostTestCaseBase.java
@@ -29,7 +29,6 @@
import com.android.microdroid.test.common.DeviceProperties;
import com.android.microdroid.test.common.MetricsProcessor;
import com.android.tradefed.build.IBuildInfo;
-import com.android.tradefed.config.Option;
import com.android.tradefed.device.DeviceNotAvailableException;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.device.TestDevice;
@@ -42,15 +41,12 @@
import java.util.Arrays;
public abstract class MicrodroidHostTestCaseBase extends BaseHostJUnit4Test {
-
protected static final String TEST_ROOT = "/data/local/tmp/virt/";
protected static final String LOG_PATH = TEST_ROOT + "log.txt";
protected static final String CONSOLE_PATH = TEST_ROOT + "console.txt";
private static final int TEST_VM_ADB_PORT = 8000;
private static final String MICRODROID_SERIAL = "localhost:" + TEST_VM_ADB_PORT;
private static final String INSTANCE_IMG = "instance.img";
- private static final String PVMFW_IMG_PATH = TEST_ROOT + "pvmfw.img";
- private static final String PVMFW_IMG_PATH_PROP = "hypervisor.pvmfw.path";
private static final long MICRODROID_ADB_CONNECT_TIMEOUT_MINUTES = 5;
protected static final long MICRODROID_COMMAND_TIMEOUT_MILLIS = 30000;
@@ -59,19 +55,6 @@
(int) (MICRODROID_ADB_CONNECT_TIMEOUT_MINUTES * 60 * 1000
/ MICRODROID_COMMAND_RETRY_INTERVAL_MILLIS);
- @Option(
- name = "pvmfw",
- description =
- "Custom pvmfw.img path on host device."
- + " If present, it will be pushed to "
- + PVMFW_IMG_PATH,
- mandatory = false)
- private static String sCustomPvmfwPathOnHost = "";
-
- private static boolean isEmptyText(String str) {
- return str == null || str.length() == 0;
- }
-
public static void prepareVirtualizationTestSetup(ITestDevice androidDevice)
throws DeviceNotAvailableException {
CommandRunner android = new CommandRunner(androidDevice);
@@ -84,13 +67,6 @@
// remove any leftover files under test root
android.tryRun("rm", "-rf", TEST_ROOT + "*");
-
- // prepare custom pvmfw.img if necessary
- if (!isEmptyText(sCustomPvmfwPathOnHost)) {
- runOnHost("adb", "root");
- runOnHost("adb", "push", sCustomPvmfwPathOnHost, PVMFW_IMG_PATH);
- runOnHost("adb", "shell", "setprop", PVMFW_IMG_PATH_PROP, PVMFW_IMG_PATH);
- }
}
public static void cleanUpVirtualizationTestSetup(ITestDevice androidDevice)
@@ -104,10 +80,10 @@
android.tryRun("killall", "crosvm");
android.tryRun("stop", "virtualizationservice");
android.tryRun("rm", "-rf", "/data/misc/virtualizationservice/*");
+ }
- if (!isEmptyText(sCustomPvmfwPathOnHost)) {
- runOnHost("adb", "shell", "setprop", PVMFW_IMG_PATH_PROP, "\"\"");
- }
+ public boolean isUserBuild() {
+ return DeviceProperties.create(getDevice()::getProperty).isUserBuild();
}
protected boolean isCuttlefish() {
diff --git a/tests/hostside/helper/java/com/android/microdroid/test/host/Pvmfw.java b/tests/hostside/helper/java/com/android/microdroid/test/host/Pvmfw.java
new file mode 100644
index 0000000..95eaa58
--- /dev/null
+++ b/tests/hostside/helper/java/com/android/microdroid/test/host/Pvmfw.java
@@ -0,0 +1,143 @@
+/*
+ * Copyright 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.microdroid.test.host;
+
+import static java.nio.ByteOrder.LITTLE_ENDIAN;
+
+import androidx.annotation.NonNull;
+import androidx.annotation.Nullable;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.util.Objects;
+import java.nio.ByteBuffer;
+
+/** pvmfw.bin with custom config payloads on host. */
+public final class Pvmfw {
+ private static final int SIZE_8B = 8; // 8 bytes
+ private static final int SIZE_4K = 4 << 10; // 4 KiB, PAGE_SIZE
+ private static final int BUFFER_SIZE = 1024;
+ private static final int HEADER_SIZE = Integer.BYTES * 8; // Header has 8 integers.
+ private static final int HEADER_MAGIC = 0x666d7670;
+ private static final int HEADER_VERSION = getVersion(1, 0);
+ private static final int HEADER_FLAGS = 0;
+
+ @NonNull private final File mPvmfwBinFile;
+ @NonNull private final File mBccFile;
+ @Nullable private final File mDebugPolicyFile;
+
+ private Pvmfw(
+ @NonNull File pvmfwBinFile, @NonNull File bccFile, @Nullable File debugPolicyFile) {
+ mPvmfwBinFile = Objects.requireNonNull(pvmfwBinFile);
+ mBccFile = Objects.requireNonNull(bccFile);
+ mDebugPolicyFile = debugPolicyFile;
+ }
+
+ /**
+ * Serializes pvmfw.bin and its config, as written in the <a
+ * href="https://android.googlesource.com/platform/packages/modules/Virtualization/+/master/pvmfw/README.md">README.md</a>
+ */
+ public void serialize(@NonNull File outFile) throws IOException {
+ Objects.requireNonNull(outFile);
+
+ int bccOffset = HEADER_SIZE;
+ int bccSize = (int) mBccFile.length();
+
+ int debugPolicyOffset = alignTo(bccOffset + bccSize, SIZE_8B);
+ int debugPolicySize = mDebugPolicyFile == null ? 0 : (int) mDebugPolicyFile.length();
+
+ int totalSize = debugPolicyOffset + debugPolicySize;
+
+ ByteBuffer header = ByteBuffer.allocate(HEADER_SIZE).order(LITTLE_ENDIAN);
+ header.putInt(HEADER_MAGIC);
+ header.putInt(HEADER_VERSION);
+ header.putInt(totalSize);
+ header.putInt(HEADER_FLAGS);
+ header.putInt(bccOffset);
+ header.putInt(bccSize);
+ header.putInt(debugPolicyOffset);
+ header.putInt(debugPolicySize);
+
+ try (FileOutputStream pvmfw = new FileOutputStream(outFile)) {
+ appendFile(pvmfw, mPvmfwBinFile);
+ padTo(pvmfw, SIZE_4K);
+ pvmfw.write(header.array());
+ padTo(pvmfw, HEADER_SIZE);
+ appendFile(pvmfw, mBccFile);
+ if (mDebugPolicyFile != null) {
+ padTo(pvmfw, SIZE_8B);
+ appendFile(pvmfw, mDebugPolicyFile);
+ }
+ padTo(pvmfw, SIZE_4K);
+ }
+ }
+
+ private void appendFile(@NonNull FileOutputStream out, @NonNull File inFile)
+ throws IOException {
+ byte buffer[] = new byte[BUFFER_SIZE];
+ try (FileInputStream in = new FileInputStream(inFile)) {
+ int size;
+ while (true) {
+ size = in.read(buffer);
+ if (size < 0) {
+ return;
+ }
+ out.write(buffer, /* offset= */ 0, size);
+ }
+ }
+ }
+
+ private void padTo(@NonNull FileOutputStream out, int size) throws IOException {
+ int streamSize = (int) out.getChannel().size();
+ for (int i = streamSize; i < alignTo(streamSize, size); i++) {
+ out.write(0); // write byte.
+ }
+ }
+
+ private static int alignTo(int x, int size) {
+ return (x + size - 1) & ~(size - 1);
+ }
+
+ private static int getVersion(int major, int minor) {
+ return ((major & 0xFFFF) << 16) | (minor & 0xFFFF);
+ }
+
+ /** Builder for {@link Pvmfw}. */
+ public static final class Builder {
+ @NonNull private final File mPvmfwBinFile;
+ @NonNull private final File mBccFile;
+ @Nullable private File mDebugPolicyFile;
+
+ public Builder(@NonNull File pvmfwBinFile, @NonNull File bccFile) {
+ mPvmfwBinFile = Objects.requireNonNull(pvmfwBinFile);
+ mBccFile = Objects.requireNonNull(bccFile);
+ }
+
+ @NonNull
+ public Builder setDebugPolicyOverlay(@Nullable File debugPolicyFile) {
+ mDebugPolicyFile = debugPolicyFile;
+ return this;
+ }
+
+ @NonNull
+ public Pvmfw build() {
+ return new Pvmfw(mPvmfwBinFile, mBccFile, mDebugPolicyFile);
+ }
+ }
+}
diff --git a/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java b/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java
index 0623ff2..d40dcba 100644
--- a/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java
+++ b/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java
@@ -55,6 +55,7 @@
import org.json.JSONObject;
import org.junit.After;
import org.junit.Before;
+import org.junit.Ignore;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TestName;
@@ -513,24 +514,7 @@
vmInfo.mProcess.destroy();
}
- private boolean isTombstoneGenerated(String configPath, String... crashCommand)
- throws Exception {
- // Note this test relies on logcat values being printed by tombstone_transmit on
- // and the reeceiver on host (virtualization_service)
- mMicrodroidDevice =
- MicrodroidBuilder.fromDevicePath(getPathForPackage(PACKAGE_NAME), configPath)
- .debugLevel("full")
- .memoryMib(minMemorySize())
- .numCpus(NUM_VCPUS)
- .build(getAndroidDevice());
- mMicrodroidDevice.waitForBootComplete(BOOT_COMPLETE_TIMEOUT);
- mMicrodroidDevice.enableAdbRoot();
-
- CommandRunner microdroid = new CommandRunner(mMicrodroidDevice);
- microdroid.run(crashCommand);
-
- // check until microdroid is shut down
- CommandRunner android = new CommandRunner(getDevice());
+ private void waitForCrosvmExit(CommandRunner android) throws Exception {
// TODO: improve crosvm exit check. b/258848245
android.runWithTimeout(
15000,
@@ -539,8 +523,12 @@
"1",
"-e",
"'virtualizationmanager::crosvm.*exited with status exit status:'");
+ }
- // Check that tombstone is received (from host logcat)
+ private boolean isTombstoneReceivedFromHostLogcat() throws Exception {
+ // Note this method relies on logcat values being printed by the receiver on host
+ // userspace crash log: virtualizationservice/src/aidl.rs
+ // kernel ramdump log: virtualizationmanager/src/crosvm.rs
String ramdumpRegex =
"Received [0-9]+ bytes from guest & wrote to tombstone file|"
+ "Ramdump \"[^ ]+/ramdump\" sent to tombstoned";
@@ -560,11 +548,32 @@
return !result.trim().isEmpty();
}
+ private boolean isTombstoneGeneratedWithCmd(String configPath, String... crashCommand)
+ throws Exception {
+ mMicrodroidDevice =
+ MicrodroidBuilder.fromDevicePath(getPathForPackage(PACKAGE_NAME), configPath)
+ .debugLevel("full")
+ .memoryMib(minMemorySize())
+ .numCpus(NUM_VCPUS)
+ .build(getAndroidDevice());
+ mMicrodroidDevice.waitForBootComplete(BOOT_COMPLETE_TIMEOUT);
+ mMicrodroidDevice.enableAdbRoot();
+
+ CommandRunner microdroid = new CommandRunner(mMicrodroidDevice);
+ microdroid.run(crashCommand);
+
+ // check until microdroid is shut down
+ CommandRunner android = new CommandRunner(getDevice());
+ waitForCrosvmExit(android);
+
+ return isTombstoneReceivedFromHostLogcat();
+ }
+
@Test
public void testTombstonesAreGeneratedUponUserspaceCrash() throws Exception {
assertThat(
- isTombstoneGenerated(
- "assets/vm_config_crash.json",
+ isTombstoneGeneratedWithCmd(
+ "assets/vm_config.json",
"kill",
"-SIGSEGV",
"$(pidof microdroid_launcher)"))
@@ -574,8 +583,8 @@
@Test
public void testTombstonesAreNotGeneratedIfNotExportedUponUserspaceCrash() throws Exception {
assertThat(
- isTombstoneGenerated(
- "assets/vm_config_crash_no_tombstone.json",
+ isTombstoneGeneratedWithCmd(
+ "assets/vm_config_no_tombstone.json",
"kill",
"-SIGSEGV",
"$(pidof microdroid_launcher)"))
@@ -583,18 +592,50 @@
}
@Test
+ @Ignore("b/243630590: Temporal workaround until lab devices has flashed new DPM")
public void testTombstonesAreGeneratedUponKernelCrash() throws Exception {
assumeFalse("Cuttlefish is not supported", isCuttlefish());
+ assumeFalse("Skipping test because ramdump is disabled on user build", isUserBuild());
assertThat(
- isTombstoneGenerated(
- "assets/vm_config_crash.json",
- "echo",
- "c",
- ">",
- "/proc/sysrq-trigger"))
+ isTombstoneGeneratedWithCmd(
+ "assets/vm_config.json", "echo", "c", ">", "/proc/sysrq-trigger"))
.isTrue();
}
+ private boolean isTombstoneGeneratedWithCrashPayload(boolean debuggable) throws Exception {
+ // we can't use microdroid builder as it wants ADB connection (debuggable)
+ CommandRunner android = new CommandRunner(getDevice());
+
+ android.run("rm", "-rf", TEST_ROOT + "*");
+ android.run("mkdir", "-p", TEST_ROOT + "*");
+
+ final String apkPath = getPathForPackage(PACKAGE_NAME);
+ final String idsigPath = TEST_ROOT + "idsig";
+ final String instanceImgPath = TEST_ROOT + "instance.img";
+ android.run(
+ VIRT_APEX + "bin/vm",
+ "run-app",
+ "--payload-binary-name",
+ "MicrodroidCrashNativeLib.so",
+ "--debug",
+ debuggable ? "full" : "none",
+ apkPath,
+ idsigPath,
+ instanceImgPath);
+
+ return isTombstoneReceivedFromHostLogcat();
+ }
+
+ @Test
+ public void testTombstonesAreGeneratedWithCrashPayload() throws Exception {
+ assertThat(isTombstoneGeneratedWithCrashPayload(true /* debuggable */)).isTrue();
+ }
+
+ @Test
+ public void testTombstonesAreNotGeneratedWithCrashPayloadWhenNonDebuggable() throws Exception {
+ assertThat(isTombstoneGeneratedWithCrashPayload(false /* debuggable */)).isFalse();
+ }
+
@Test
public void testTelemetryPushedAtoms() throws Exception {
// Reset statsd config and report before the test
diff --git a/tests/hostside/tools/Android.bp b/tests/hostside/tools/Android.bp
new file mode 100644
index 0000000..f3cc275
--- /dev/null
+++ b/tests/hostside/tools/Android.bp
@@ -0,0 +1,10 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+java_binary_host {
+ name: "pvmfw-tool",
+ manifest: "pvmfw-tool-manifest.txt",
+ srcs: ["PvmfwTool.java"],
+ static_libs: ["MicrodroidHostTestHelper"],
+}
diff --git a/tests/hostside/tools/PvmfwTool.java b/tests/hostside/tools/PvmfwTool.java
new file mode 100644
index 0000000..18dd6d7
--- /dev/null
+++ b/tests/hostside/tools/PvmfwTool.java
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.microdroid;
+
+import com.android.microdroid.test.host.Pvmfw;
+
+import java.io.File;
+import java.io.IOException;
+
+/** CLI for {@link com.android.microdroid.test.host.Pvmfw}. */
+public class PvmfwTool {
+ public static void printUsage() {
+ System.out.println("pvmfw-tool: Appends pvmfw.bin and config payloads.");
+ System.out.println("Requires BCC and debug policy dtbo files");
+ System.out.println("");
+ System.out.println("Usage: pvmfw-tool <pvmfw_with_config> <pvmfw_bin> <bcc.dat> <dp.dtbo>");
+ }
+
+ public static void main(String[] args) {
+ if (args.length != 4) {
+ printUsage();
+ System.exit(1);
+ }
+
+ File out = new File(args[0]);
+ File pvmfw_bin = new File(args[1]);
+ File bcc_dat = new File(args[2]);
+ File dtbo = new File(args[3]);
+
+ try {
+ Pvmfw pvmfw = new Pvmfw.Builder(pvmfw_bin, bcc_dat).setDebugPolicyOverlay(dtbo).build();
+ pvmfw.serialize(out);
+ } catch (IOException e) {
+ e.printStackTrace();
+ printUsage();
+ System.exit(1);
+ }
+ }
+}
diff --git a/tests/hostside/tools/pvmfw-tool-manifest.txt b/tests/hostside/tools/pvmfw-tool-manifest.txt
new file mode 100644
index 0000000..dc71fd2
--- /dev/null
+++ b/tests/hostside/tools/pvmfw-tool-manifest.txt
@@ -0,0 +1,2 @@
+Manifest-Version: 1.0
+Main-Class: com.android.microdroid.PvmfwTool
diff --git a/tests/testapk/Android.bp b/tests/testapk/Android.bp
index 5f9b915..3c487ee 100644
--- a/tests/testapk/Android.bp
+++ b/tests/testapk/Android.bp
@@ -2,12 +2,22 @@
default_applicable_licenses: ["Android-Apache-2.0"],
}
-android_test {
- name: "MicrodroidTestApp",
+java_defaults {
+ name: "MicrodroidTestAppsDefaults",
test_suites: [
"cts",
"general-tests",
],
+ sdk_version: "test_current",
+ jni_uses_platform_apis: true,
+ use_embedded_native_libs: true,
+ // We only support 64-bit ABI, but CTS demands all APKs to be multi-ABI.
+ compile_multilib: "both",
+}
+
+android_test {
+ name: "MicrodroidTestApp",
+ defaults: ["MicrodroidTestAppsDefaults"],
srcs: ["src/java/**/*.java"],
static_libs: [
"MicrodroidDeviceTestHelper",
@@ -19,23 +29,24 @@
"truth-prebuilt",
"compatibility-common-util-devicesidelib",
],
- sdk_version: "test_current",
jni_libs: [
"MicrodroidTestNativeLib",
"MicrodroidIdleNativeLib",
"MicrodroidEmptyNativeLib",
"MicrodroidExitNativeLib",
"MicrodroidPrivateLinkingNativeLib",
+ "MicrodroidCrashNativeLib",
],
- jni_uses_platform_apis: true,
- use_embedded_native_libs: true,
- // We only support 64-bit ABI, but CTS demands all APKs to be multi-ABI.
- compile_multilib: "both",
min_sdk_version: "33",
+ // Defined in ../vmshareapp/Android.bp
+ data: [":MicrodroidVmShareApp"],
}
-cc_library_shared {
- name: "MicrodroidTestNativeLib",
+// Defaults shared between MicrodroidTestNativeLib and MicrodroidPayloadInOtherAppNativeLib shared
+// libs. They are expected to share everything apart from the name, so that one app
+// (MicrodroidTestApp) can start a payload defined in the another app (MicrodroidVmShareApp).
+cc_defaults {
+ name: "MicrodroidTestNativeLibDefaults",
srcs: ["src/native/testbinary.cpp"],
stl: "libc++_static",
header_libs: ["vm_payload_restricted_headers"],
@@ -55,6 +66,16 @@
}
cc_library_shared {
+ name: "MicrodroidPayloadInOtherAppNativeLib",
+ defaults: ["MicrodroidTestNativeLibDefaults"],
+}
+
+cc_library_shared {
+ name: "MicrodroidTestNativeLib",
+ defaults: ["MicrodroidTestNativeLibDefaults"],
+}
+
+cc_library_shared {
name: "MicrodroidTestNativeLibSub",
srcs: ["src/native/testlib.cpp"],
stl: "libc++_static",
@@ -92,3 +113,11 @@
shared_libs: ["libselinux#latest"],
stl: "libc++_static",
}
+
+// A payload that crashes immediately on start
+cc_library_shared {
+ name: "MicrodroidCrashNativeLib",
+ srcs: ["src/native/crashbinary.cpp"],
+ header_libs: ["vm_payload_headers"],
+ stl: "libc++_static",
+}
diff --git a/tests/testapk/AndroidManifest.xml b/tests/testapk/AndroidManifest.xml
index fefd20a..2ea3f6c 100644
--- a/tests/testapk/AndroidManifest.xml
+++ b/tests/testapk/AndroidManifest.xml
@@ -19,6 +19,9 @@
<uses-permission android:name="android.permission.USE_CUSTOM_VIRTUAL_MACHINE" />
<uses-sdk android:minSdkVersion="33" android:targetSdkVersion="33" />
<uses-feature android:name="android.software.virtualization_framework" android:required="false" />
+ <queries>
+ <package android:name="com.android.microdroid.vmshare_app" />
+ </queries>
<application>
</application>
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
diff --git a/tests/testapk/AndroidTest.xml b/tests/testapk/AndroidTest.xml
index 787ebd4..929dd31 100644
--- a/tests/testapk/AndroidTest.xml
+++ b/tests/testapk/AndroidTest.xml
@@ -21,6 +21,7 @@
<option name="config-descriptor:metadata" key="parameter" value="secondary_user" />
<target_preparer class="com.android.tradefed.targetprep.suite.SuiteApkInstaller">
<option name="test-file-name" value="MicrodroidTestApp.apk" />
+ <option name="test-file-name" value="MicrodroidVmShareApp.apk" />
</target_preparer>
<test class="com.android.tradefed.testtype.AndroidJUnitTest" >
<option name="package" value="com.android.microdroid.test" />
diff --git a/tests/testapk/assets/vm_config_crash.json b/tests/testapk/assets/vm_config_crash.json
deleted file mode 100644
index 3ec34a3..0000000
--- a/tests/testapk/assets/vm_config_crash.json
+++ /dev/null
@@ -1,10 +0,0 @@
-{
- "os": {
- "name": "microdroid"
- },
- "task": {
- "type": "microdroid_launcher",
- "command": "MicrodroidIdleNativeLib.so"
- },
- "export_tombstones": true
- }
diff --git a/tests/testapk/assets/vm_config_crash_no_tombstone.json b/tests/testapk/assets/vm_config_crash_no_tombstone.json
deleted file mode 100644
index 9678e38..0000000
--- a/tests/testapk/assets/vm_config_crash_no_tombstone.json
+++ /dev/null
@@ -1,10 +0,0 @@
-{
- "os": {
- "name": "microdroid"
- },
- "task": {
- "type": "microdroid_launcher",
- "command": "MicrodroidIdleNativeLib.so"
- },
- "export_tombstones": false
- }
diff --git a/tests/testapk/assets/vm_config_no_tombstone.json b/tests/testapk/assets/vm_config_no_tombstone.json
new file mode 100644
index 0000000..97e764d
--- /dev/null
+++ b/tests/testapk/assets/vm_config_no_tombstone.json
@@ -0,0 +1,10 @@
+{
+ "os": {
+ "name": "microdroid"
+ },
+ "task": {
+ "type": "microdroid_launcher",
+ "command": "MicrodroidTestNativeLib.so"
+ },
+ "export_tombstones": false
+}
diff --git a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
index 9cafd68..e0748c1 100644
--- a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
+++ b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
@@ -125,6 +125,8 @@
private static final long MIN_MEM_X86_64 = 196 * ONE_MEBI;
private static final String EXAMPLE_STRING = "Literally any string!! :)";
+ private static final String VM_SHARE_APP_PACKAGE_NAME = "com.android.microdroid.vmshare_app";
+
@Test
@CddTest(requirements = {"9.17/C-1-1", "9.17/C-2-1"})
public void createAndConnectToVm() throws Exception {
@@ -1303,6 +1305,65 @@
@Test
@CddTest(requirements = {"9.17/C-1-1", "9.17/C-2-1"})
+ public void encryptedStorageIsInaccessibleToDifferentVm() throws Exception {
+ assumeSupportedKernel();
+
+ VirtualMachineConfig config =
+ newVmConfigBuilder()
+ .setPayloadBinaryName("MicrodroidTestNativeLib.so")
+ .setMemoryBytes(minMemoryRequired())
+ .setEncryptedStorageBytes(4_000_000)
+ .setDebugLevel(DEBUG_LEVEL_FULL)
+ .setVmOutputCaptured(true)
+ .build();
+
+ VirtualMachine vm = forceCreateNewVirtualMachine("test_vm", config);
+
+ TestResults testResults =
+ runVmTestService(
+ vm,
+ (ts, tr) -> {
+ ts.writeToFile(
+ /* content= */ EXAMPLE_STRING,
+ /* path= */ "/mnt/encryptedstore/test_file");
+ });
+ assertThat(testResults.mException).isNull();
+
+ // Start a different vm (this changes the vm identity)
+ VirtualMachine diff_test_vm = forceCreateNewVirtualMachine("diff_test_vm", config);
+
+ // Replace the backing storage image to the original one
+ File storageImgOrig = getVmFile("test_vm", "storage.img");
+ File storageImgNew = getVmFile("diff_test_vm", "storage.img");
+ Files.copy(storageImgOrig.toPath(), storageImgNew.toPath(), REPLACE_EXISTING);
+ assertFileContentsAreEqualInTwoVms("storage.img", "test_vm", "diff_test_vm");
+
+ CompletableFuture<Boolean> onPayloadReadyExecuted = new CompletableFuture<>();
+ CompletableFuture<Boolean> onStoppedExecuted = new CompletableFuture<>();
+ VmEventListener listener =
+ new VmEventListener() {
+ @Override
+ public void onPayloadReady(VirtualMachine vm) {
+ onPayloadReadyExecuted.complete(true);
+ super.onPayloadReady(vm);
+ }
+
+ @Override
+ public void onStopped(VirtualMachine vm, int reason) {
+ onStoppedExecuted.complete(true);
+ super.onStopped(vm, reason);
+ }
+ };
+ listener.runToFinish(TAG, diff_test_vm);
+
+ // Assert that payload never started & logs contains encryptedstore initialization error
+ assertThat(onStoppedExecuted.getNow(false)).isTrue();
+ assertThat(onPayloadReadyExecuted.getNow(false)).isFalse();
+ assertThat(listener.getConsoleOutput()).contains("Unable to initialize encryptedstore");
+ }
+
+ @Test
+ @CddTest(requirements = {"9.17/C-1-1", "9.17/C-2-1"})
public void microdroidLauncherHasEmptyCapabilities() throws Exception {
assumeSupportedKernel();
@@ -1458,6 +1519,33 @@
assertThat(checkVmOutputIsRedirectedToLogcat(false)).isFalse();
}
+ @Test
+ public void testStartVmWithPayloadOfAnotherApp() throws Exception {
+ assumeSupportedKernel();
+
+ Context ctx = getContext();
+ Context otherAppCtx = ctx.createPackageContext(VM_SHARE_APP_PACKAGE_NAME, 0);
+
+ VirtualMachineConfig config =
+ new VirtualMachineConfig.Builder(otherAppCtx)
+ .setDebugLevel(DEBUG_LEVEL_FULL)
+ .setProtectedVm(isProtectedVm())
+ .setPayloadBinaryName("MicrodroidPayloadInOtherAppNativeLib.so")
+ .build();
+
+ try (VirtualMachine vm = forceCreateNewVirtualMachine("vm_from_another_app", config)) {
+ TestResults results =
+ runVmTestService(
+ vm,
+ (ts, tr) -> {
+ tr.mAddInteger = ts.addInteger(101, 303);
+ });
+ assertThat(results.mAddInteger).isEqualTo(404);
+ }
+
+ getVirtualMachineManager().delete("vm_from_another_app");
+ }
+
private void assertFileContentsAreEqualInTwoVms(String fileName, String vmName1, String vmName2)
throws IOException {
File file1 = getVmFile(vmName1, fileName);
@@ -1531,6 +1619,11 @@
mTestService =
ITestService.Stub.asInterface(
vm.connectToVsockServer(ITestService.SERVICE_PORT));
+ // Make sure linkToDeath works, and include it in the log in case it's
+ // helpful.
+ mTestService
+ .asBinder()
+ .linkToDeath(() -> Log.i(TAG, "ITestService binder died"), 0);
} catch (Exception e) {
testResults.mException = e;
}
diff --git a/tests/testapk/src/native/crashbinary.cpp b/tests/testapk/src/native/crashbinary.cpp
new file mode 100644
index 0000000..27f10ec
--- /dev/null
+++ b/tests/testapk/src/native/crashbinary.cpp
@@ -0,0 +1,22 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// A binary killing itself by SIGABRT.
+#include <stdlib.h>
+#include <unistd.h>
+extern "C" int AVmPayload_main() {
+ abort();
+}
diff --git a/tests/vmshareapp/Android.bp b/tests/vmshareapp/Android.bp
new file mode 100644
index 0000000..2b117a1
--- /dev/null
+++ b/tests/vmshareapp/Android.bp
@@ -0,0 +1,15 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+// Helper app to verify that we can create a VM using others app payload, and share VMs between apps
+android_test_helper_app {
+ name: "MicrodroidVmShareApp",
+ // Defaults are defined in ../testapk/Android.bp
+ defaults: ["MicrodroidTestAppsDefaults"],
+ jni_libs: [
+ // Defined in ../testapk/Android.bp
+ "MicrodroidPayloadInOtherAppNativeLib",
+ ],
+ min_sdk_version: "UpsideDownCake",
+}
diff --git a/tests/vmshareapp/AndroidManifest.xml b/tests/vmshareapp/AndroidManifest.xml
new file mode 100644
index 0000000..eed3364
--- /dev/null
+++ b/tests/vmshareapp/AndroidManifest.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (C) 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="com.android.microdroid.vmshare_app">
+ <uses-permission android:name="android.permission.MANAGE_VIRTUAL_MACHINE" />
+
+ <uses-feature android:name="android.software.virtualization_framework"
+ android:required="false" />
+
+ <application />
+</manifest>
diff --git a/virtualizationmanager/src/aidl.rs b/virtualizationmanager/src/aidl.rs
index cab7c71..678c91f 100644
--- a/virtualizationmanager/src/aidl.rs
+++ b/virtualizationmanager/src/aidl.rs
@@ -611,7 +611,7 @@
apexes: vec![],
extra_apks: vec![],
prefer_staged: false,
- export_tombstones: false,
+ export_tombstones: None,
enable_authfs: false,
})
}
diff --git a/virtualizationmanager/src/crosvm.rs b/virtualizationmanager/src/crosvm.rs
index 8f88daf..19d862a 100644
--- a/virtualizationmanager/src/crosvm.rs
+++ b/virtualizationmanager/src/crosvm.rs
@@ -663,6 +663,24 @@
}
}
+fn should_configure_ramdump(protected: bool) -> bool {
+ if protected {
+ // Protected VM needs ramdump configuration here.
+ // pvmfw will disable ramdump if unnecessary.
+ true
+ } else {
+ // For unprotected VM, ramdump should be handled here.
+ // ramdump wouldn't be enabled if ramdump is explicitly set to <1>.
+ if let Ok(mut file) = File::open("/proc/device-tree/avf/guest/common/ramdump") {
+ let mut ramdump: [u8; 4] = Default::default();
+ file.read_exact(&mut ramdump).map_err(|_| false).unwrap();
+ // DT spec uses big endian although Android is always little endian.
+ return u32::from_be_bytes(ramdump) == 1;
+ }
+ false
+ }
+}
+
/// Starts an instance of `crosvm` to manage a new VM.
fn run_vm(
config: CrosvmConfig,
@@ -779,7 +797,10 @@
debug!("Preserving FDs {:?}", preserved_fds);
command.preserved_fds(preserved_fds);
- command.arg("--params").arg("crashkernel=17M");
+ if should_configure_ramdump(config.protected) {
+ command.arg("--params").arg("crashkernel=17M");
+ }
+
print_crosvm_args(&command);
let result = SharedChild::spawn(&mut command)?;
diff --git a/vmbase/example/Android.bp b/vmbase/example/Android.bp
index 94eb21a..26be51b 100644
--- a/vmbase/example/Android.bp
+++ b/vmbase/example/Android.bp
@@ -11,7 +11,7 @@
rustlibs: [
"libaarch64_paging",
"libbuddy_system_allocator",
- "libdice_nostd",
+ "libdiced_open_dice_nostd",
"libfdtpci",
"liblibfdt",
"liblog_rust_nostd",
diff --git a/vmbase/example/src/main.rs b/vmbase/example/src/main.rs
index ec28a11..3b0e9db 100644
--- a/vmbase/example/src/main.rs
+++ b/vmbase/example/src/main.rs
@@ -225,7 +225,7 @@
fn check_dice() {
info!("Testing DICE integration...");
- let hash = dice::hash("hello world".as_bytes()).expect("DiceHash failed");
+ let hash = diced_open_dice::hash("hello world".as_bytes()).expect("DiceHash failed");
assert_eq!(
hash,
[