Expose network support configuration into AVF Java Framework API
Bug: 340376951
Test: atest MicrodroidTests
Test: atest MicrodroidTestAppNoInternetPerm
Change-Id: I107de04e4c2890936a9c3fb4d6f61b8aff509ace
diff --git a/tests/testapk/AndroidManifestV5.xml b/tests/testapk/AndroidManifestV5.xml
index 7d97680..b869586 100644
--- a/tests/testapk/AndroidManifestV5.xml
+++ b/tests/testapk/AndroidManifestV5.xml
@@ -18,6 +18,7 @@
android:versionCode="5">
<uses-permission android:name="android.permission.MANAGE_VIRTUAL_MACHINE" />
<uses-permission android:name="android.permission.USE_CUSTOM_VIRTUAL_MACHINE" />
+ <uses-permission android:name="android.permission.INTERNET" />
<uses-sdk android:minSdkVersion="33" android:targetSdkVersion="33" />
<uses-feature android:name="android.software.virtualization_framework" android:required="false" />
<queries>
diff --git a/tests/testapk/AndroidManifestV6.xml b/tests/testapk/AndroidManifestV6.xml
index 19d5674..c55da85 100644
--- a/tests/testapk/AndroidManifestV6.xml
+++ b/tests/testapk/AndroidManifestV6.xml
@@ -18,6 +18,7 @@
android:versionCode="6">
<uses-permission android:name="android.permission.MANAGE_VIRTUAL_MACHINE" />
<uses-permission android:name="android.permission.USE_CUSTOM_VIRTUAL_MACHINE" />
+ <uses-permission android:name="android.permission.INTERNET" />
<uses-sdk android:minSdkVersion="33" android:targetSdkVersion="33" />
<uses-feature android:name="android.software.virtualization_framework" android:required="false" />
<queries>
diff --git a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
index 12a46f7..4d8dac6 100644
--- a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
+++ b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
@@ -571,8 +571,9 @@
assertThat(minimal.isProtectedVm()).isEqualTo(isProtectedVm());
assertThat(minimal.isEncryptedStorageEnabled()).isFalse();
assertThat(minimal.getEncryptedStorageBytes()).isEqualTo(0);
- assertThat(minimal.isVmOutputCaptured()).isEqualTo(false);
+ assertThat(minimal.isVmOutputCaptured()).isFalse();
assertThat(minimal.getOs()).isEqualTo("microdroid");
+ assertThat(minimal.isNetworkSupported()).isFalse();
// Maximal has everything that can be set to some non-default value. (And has different
// values than minimal for the required fields.)
@@ -589,6 +590,9 @@
.setEncryptedStorageBytes(1_000_000)
.setVmOutputCaptured(true)
.setOs("microdroid_gki-android14-6.1");
+ if (!mProtectedVm) {
+ maximalBuilder.setNetworkSupported(true);
+ }
VirtualMachineConfig maximal = maximalBuilder.build();
assertThat(maximal.getApkPath()).isEqualTo("/apk/path");
@@ -603,8 +607,11 @@
assertThat(maximal.isProtectedVm()).isEqualTo(isProtectedVm());
assertThat(maximal.isEncryptedStorageEnabled()).isTrue();
assertThat(maximal.getEncryptedStorageBytes()).isEqualTo(1_000_000);
- assertThat(maximal.isVmOutputCaptured()).isEqualTo(true);
+ assertThat(maximal.isVmOutputCaptured()).isTrue();
assertThat(maximal.getOs()).isEqualTo("microdroid_gki-android14-6.1");
+ if (!mProtectedVm) {
+ assertThat(maximal.isNetworkSupported()).isTrue();
+ }
assertThat(minimal.isCompatibleWith(maximal)).isFalse();
assertThat(minimal.isCompatibleWith(minimal)).isTrue();
@@ -659,6 +666,18 @@
.setVmConsoleInputSupported(true);
e = assertThrows(IllegalStateException.class, () -> captureInputOnNonDebuggable.build());
assertThat(e).hasMessageThat().contains("debug level must be FULL to use console input");
+
+ if (mProtectedVm) {
+ VirtualMachineConfig.Builder networkSupportedOnProtectedVm =
+ newVmConfigBuilderWithPayloadBinary("binary.so")
+ .setProtectedVm(mProtectedVm)
+ .setNetworkSupported(true);
+ e =
+ assertThrows(
+ IllegalStateException.class,
+ () -> networkSupportedOnProtectedVm.build());
+ assertThat(e).hasMessageThat().contains("network is not supported on pVM");
+ }
}
@Test
@@ -2300,6 +2319,49 @@
}
}
+ private VirtualMachineConfig buildVmConfigWithNetworkSupported() throws Exception {
+ return buildVmConfigWithNetworkSupported("MicrodroidTestNativeLib.so");
+ }
+
+ private VirtualMachineConfig buildVmConfigWithNetworkSupported(String binaryPath)
+ throws Exception {
+ assumeSupportedDevice();
+ assumeNonProtectedVM();
+ assumeFeatureEnabled(VirtualMachineManager.FEATURE_NETWORK);
+ VirtualMachineConfig config =
+ newVmConfigBuilderWithPayloadBinary(binaryPath)
+ .setNetworkSupported(true)
+ .setDebugLevel(DEBUG_LEVEL_FULL)
+ .build();
+ grantPermission(VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION);
+ return config;
+ }
+
+ @Test
+ public void configuringNetworkSupportedRequiresCustomPermission() throws Exception {
+ VirtualMachineConfig config = buildVmConfigWithNetworkSupported();
+ revokePermission(VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION);
+
+ VirtualMachine vm =
+ forceCreateNewVirtualMachine(
+ "test_network_supported_req_custom_permission", config);
+ SecurityException e =
+ assertThrows(
+ SecurityException.class, () -> runVmTestService(TAG, vm, (ts, tr) -> {}));
+ assertThat(e)
+ .hasMessageThat()
+ .contains("android.permission.USE_CUSTOM_VIRTUAL_MACHINE permission");
+ }
+
+ @Test
+ public void bootsWithNetworkSupported() throws Exception {
+ VirtualMachineConfig config = buildVmConfigWithNetworkSupported();
+
+ VirtualMachine vm =
+ forceCreateNewVirtualMachine("test_boot_with_network_supported", config);
+ runVmTestService(TAG, vm, (ts, tr) -> {}).assertNoException();
+ }
+
private VirtualMachineConfig buildVmConfigWithVendor(File vendorDiskImage) throws Exception {
return buildVmConfigWithVendor(vendorDiskImage, "MicrodroidTestNativeLib.so");
}