Revert "[rkp] Expose RKP Hal implementation in virtualizationservice"
Revert submission 2778549-expose-avf-rkp-hal
Reason for revert: SELinux denial
avc: denied { find } for pid=3400 uid=10085 name=android.hardware.security.keymint.IRemotelyProvisionedComponent/avf scontext=u:r:rkpdapp:s0:c85,c256,c512,c768 tcontext=u:object_r:avf_remotelyprovisionedcomponent_service:s0 tclass=service_manager permissive=0
Reverted changes: /q/submissionid:2778549-expose-avf-rkp-hal
Bug: 308596709
Change-Id: I9c088bb5843433dbf29282f9f48b2d8693b0fedd
diff --git a/apex/Android.bp b/apex/Android.bp
index 7983181..a05f7b0 100644
--- a/apex/Android.bp
+++ b/apex/Android.bp
@@ -60,20 +60,7 @@
],
}
-soong_config_module_type {
- name: "flag_aware_apex_defaults",
- module_type: "apex_defaults",
- config_namespace: "ANDROID",
- bool_variables: [
- "release_avf_enable_remote_attestation",
- ],
- properties: [
- "prebuilts",
- "vintf_fragments",
- ],
-}
-
-flag_aware_apex_defaults {
+apex_defaults {
name: "com.android.virt_avf_enabled",
defaults: ["com.android.virt_common"],
@@ -105,19 +92,8 @@
"fd_server",
"vm",
],
- soong_config_variables: {
- release_avf_enable_remote_attestation: {
- prebuilts: ["com.android.virt.init_attestation_enabled.rc"],
- vintf_fragments: [
- "virtualizationservice.xml",
- ],
- conditions_default: {
- prebuilts: ["com.android.virt.init.rc"],
- },
- },
- },
prebuilts: [
- "com.android.virt.vfio_handler.rc",
+ "com.android.virt.init.rc",
"features_com.android.virt.xml",
"microdroid_initrd_debuggable",
"microdroid_initrd_normal",
@@ -152,23 +128,9 @@
}
prebuilt_etc {
- name: "com.android.virt.vfio_handler.rc",
- src: "vfio_handler.rc",
- filename: "vfio_handler.rc",
- installable: false,
-}
-
-prebuilt_etc {
name: "com.android.virt.init.rc",
src: "virtualizationservice.rc",
- filename: "virtualizationservice.rc",
- installable: false,
-}
-
-prebuilt_etc {
- name: "com.android.virt.init_attestation_enabled.rc",
- src: "virtualizationservice_attestation_enabled.rc",
- filename: "virtualizationservice.rc",
+ filename: "init.rc",
installable: false,
}
diff --git a/apex/vfio_handler.rc b/apex/vfio_handler.rc
deleted file mode 100644
index 419acef..0000000
--- a/apex/vfio_handler.rc
+++ /dev/null
@@ -1,20 +0,0 @@
-# Copyright (C) 2023 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-service vfio_handler /apex/com.android.virt/bin/vfio_handler
- user root
- group system
- interface aidl android.system.virtualizationservice_internal.IVfioHandler
- disabled
- oneshot
diff --git a/apex/virtualizationservice.rc b/apex/virtualizationservice.rc
index 02b2081..8283594 100644
--- a/apex/virtualizationservice.rc
+++ b/apex/virtualizationservice.rc
@@ -19,3 +19,10 @@
interface aidl android.system.virtualizationservice
disabled
oneshot
+
+service vfio_handler /apex/com.android.virt/bin/vfio_handler
+ user root
+ group system
+ interface aidl android.system.virtualizationservice_internal.IVfioHandler
+ disabled
+ oneshot
diff --git a/apex/virtualizationservice.xml b/apex/virtualizationservice.xml
index 60f466f..0ce1e10 100644
--- a/apex/virtualizationservice.xml
+++ b/apex/virtualizationservice.xml
@@ -1,6 +1,6 @@
<manifest version="1.0" type="framework">
<hal format="aidl">
- <name>android.hardware.security.keymint</name>
+ <name>android.system.virtualization</name>
<version>3</version>
<fqname>IRemotelyProvisionedComponent/avf</fqname>
</hal>
diff --git a/apex/virtualizationservice_attestation_enabled.rc b/apex/virtualizationservice_attestation_enabled.rc
deleted file mode 100644
index 8eaccae..0000000
--- a/apex/virtualizationservice_attestation_enabled.rc
+++ /dev/null
@@ -1,22 +0,0 @@
-# Copyright (C) 2021 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-service virtualizationservice /apex/com.android.virt/bin/virtualizationservice
- class main
- user system
- group system
- interface aidl android.system.virtualizationservice
- interface aidl android.hardware.security.keymint.IRemotelyProvisionedComponent/avf
- disabled
- oneshot