| commit | abb6d8ad4af1b7e8cb6bd138ecf157ebcc78ad5c | [log] [tgz] |
|---|---|---|
| author | Nikita Ioffe <ioffe@google.com> | Tue Mar 12 23:01:47 2024 +0000 |
| committer | Nikita Ioffe <ioffe@google.com> | Thu Apr 04 15:06:21 2024 +0000 |
| tree | caa7f4ad02d9164df2207a768afa3e90f9630132 | |
| parent | ea99b3d3c13440fb8cd8518426dfa7f80c2db320 [diff] |
Actually derive microdroid vendor dice node The derive_microdroid_vendor_dice_node binary gets the current dice chain from the /dev/open-dice0 driver, derives the new dice chain with the microdroid vendor node and writes it to the /microdroid_resources/dice_chain.raw file. The microdroid_manager will read the dice chain from /microdroid_resources/dice_chain.raw and derive the final dice chain with the payload node. After the derivation is done, microdroid_manager will delete the /microdroid_resources/dice_chain.raw file. Additionally, since /microdroid_resources is mounted in first_stage_init which happens before selinux is configured, we also call the restorecon_recursive /microdroid_resources before starting microdroid_manager to make sure that the /microdroid_resources and /microdroid_resources/dice_chain.raw have correct context. Bug: 287593065 Test: run microdroid with vendor partition Test: atest MicrodroidTests Change-Id: Ibeb05b0ed24610624b11ac2c3e907cc900bd4cab
Android Virtualization Framework (AVF) provides secure and private execution environments for executing code. AVF is ideal for security-oriented use cases that require stronger isolation assurances over those offered by Android’s app sandbox.
Visit our public doc site to learn more about what AVF is, what it is for, and how it is structured. This repository contains source code for userspace components of AVF.
If you want a quick start, see the getting started guideline and follow the steps there.
For in-depth explanations about individual topics and components, visit the following links.
AVF components:
AVF APIs:
How-Tos: