Merge "Build boot.img for microdroid"
diff --git a/apex/Android.bp b/apex/Android.bp
index 4f7201a..0985577 100644
--- a/apex/Android.bp
+++ b/apex/Android.bp
@@ -26,7 +26,10 @@
],
},
},
- binaries: ["assemble_cvd"],
+ binaries: [
+ "assemble_cvd",
+ "virtmanager",
+ ],
filesystems: ["microdroid"],
}
diff --git a/microdroid/Android.bp b/microdroid/Android.bp
index 8e55ed6..dc9a4bb 100644
--- a/microdroid/Android.bp
+++ b/microdroid/Android.bp
@@ -2,6 +2,13 @@
default_applicable_licenses: ["Android-Apache-2.0"],
}
+microdroid_shell_and_utilities = [
+ "reboot",
+ "sh",
+ "toolbox",
+ "toybox",
+]
+
microdroid_rootdirs = [
"dev",
"proc",
@@ -38,13 +45,52 @@
avb_algorithm: "SHA256_RSA4096",
deps: [
"init_second_stage",
- ],
+ "microdroid_init_rc",
+ "libbinder",
+ "libstdc++",
+ "logcat",
+ "logd",
+ "run-as",
+ "secilc",
+ "adbd",
+ "apexd",
+ "debuggerd",
+ "linker",
+ "servicemanager",
+ "tombstoned",
+ "cgroups.json",
+
+ // These two files are temporary and only for test.
+ // TODO(b/178993690): migrate cil files to Soong
+ "microdroid_plat_sepolicy.cil",
+ "microdroid_plat_mapping_file",
+ ] + microdroid_shell_and_utilities,
+ multilib: {
+ common: {
+ deps: [
+ "com.android.runtime",
+ "plat_file_contexts",
+ "plat_hwservice_contexts",
+ "plat_property_contexts",
+ "plat_service_contexts",
+ "plat_keystore2_key_contexts",
+ ],
+ },
+ },
base_dir: "system",
dirs: microdroid_rootdirs,
symlinks: microdroid_symlinks,
file_contexts: "microdroid_file_contexts",
}
+prebuilt_etc {
+ name: "microdroid_init_rc",
+ filename: "init.rc",
+ src: "init.rc",
+ relative_install_path: "init/hw",
+ installable: false, // avoid collision with system partition's init.rc
+}
+
bootimg {
name: "microdroid_boot-5.10",
ramdisk_module: "microdroid_ramdisk-5.10",
@@ -114,3 +160,17 @@
},
type: "compressed_cpio",
}
+
+prebuilt_etc {
+ name: "microdroid_uboot_env",
+ src: ":microdroid_uboot_env_gen",
+ filename: "uboot_env.img",
+}
+
+genrule {
+ name: "microdroid_uboot_env_gen",
+ tools: ["mkenvimage_host"],
+ srcs: ["uboot-env.txt"],
+ out: ["output.img"],
+ cmd: "$(location mkenvimage_host) -s 4096 -o $(out) $(in)",
+}
diff --git a/microdroid/init.rc b/microdroid/init.rc
new file mode 100644
index 0000000..3ad22f8
--- /dev/null
+++ b/microdroid/init.rc
@@ -0,0 +1,172 @@
+# Copyright (C) 2021 The Android Open Source Project
+#
+# init.rc for microdroid. This contains a minimal script plus basic service definitions (e.g. apexd)
+# needed for microdroid to run.
+# TODO(b/179340780): support APEX init scripts
+#
+# IMPORTANT: Do not create world writable files or directories.
+# This is a common source of Android security bugs.
+#
+
+import /init.environ.rc
+
+# Cgroups are mounted right before early-init using list from /etc/cgroups.json
+on early-init
+ start ueventd
+
+ # Run apexd-bootstrap so that APEXes that provide critical libraries
+ # become available. Note that this is executed as exec_start to ensure that
+ # the libraries are available to the processes started after this statement.
+ exec_start apexd-bootstrap
+
+on init
+ # Mount binderfs
+ mkdir /dev/binderfs
+ mount binder binder /dev/binderfs stats=global
+ chmod 0755 /dev/binderfs
+
+ symlink /dev/binderfs/binder /dev/binder
+ symlink /dev/binderfs/hwbinder /dev/hwbinder
+ symlink /dev/binderfs/vndbinder /dev/vndbinder
+
+ chmod 0666 /dev/binderfs/hwbinder
+ chmod 0666 /dev/binderfs/binder
+ chmod 0666 /dev/binderfs/vndbinder
+
+ # Start logd before any other services run to ensure we capture all of their logs.
+ start logd
+
+ start servicemanager
+
+on load_persist_props_action
+ start logd
+ start logd-reinit
+
+# Mount filesystems and start core system services.
+on late-init
+ trigger early-fs
+
+ # Mount fstab in init.{$device}.rc by mount_all command. Optional parameter
+ # '--early' can be specified to skip entries with 'latemount'.
+ # /system and /vendor must be mounted by the end of the fs stage,
+ # while /data is optional.
+ trigger fs
+ trigger post-fs
+
+ # Mount fstab in init.{$device}.rc by mount_all with '--late' parameter
+ # to only mount entries with 'latemount'. This is needed if '--early' is
+ # specified in the previous mount_all command on the fs stage.
+ # With /system mounted and properties form /system + /factory available,
+ # some services can be started.
+ trigger late-fs
+
+ # Load persist properties and override properties (if enabled) from /data.
+ trigger load_persist_props_action
+
+ # Should be before netd, but after apex, properties and logging is available.
+ trigger load_bpf_programs
+
+ # Now we can start zygote for devices with file based encryption
+ trigger zygote-start
+
+ # Remove a file to wake up anything waiting for firmware.
+ trigger firmware_mounts_complete
+
+ trigger early-boot
+ trigger boot
+
+on post-fs
+ # Once everything is setup, no need to modify /.
+ # The bind+remount combination allows this to work in containers.
+ mount rootfs rootfs / remount bind ro nodev
+
+ # Currently, exec_start apexd-bootstrap is enough to run adb.
+ # TODO(b/179342589): uncomment after turning off APEX session on microdroid
+ # start apexd
+ # Wait for apexd to finish activating APEXes before starting more processes.
+ # wait_for_prop apexd.status activated
+
+ start adbd
+
+service ueventd /system/bin/ueventd
+ class core
+ critical
+ seclabel u:r:ueventd:s0
+ shutdown critical
+
+service console /system/bin/sh
+ class core
+ console
+ disabled
+ user shell
+ group shell log readproc
+ seclabel u:r:shell:s0
+ setenv HOSTNAME console
+
+service servicemanager /system/bin/servicemanager
+ class core animation
+ user system
+ group system readproc
+ critical
+ # TODO(b/179342589): uncomment after turning off APEX session on microdroid
+ # onrestart restart apexd
+ onrestart class_restart main
+ shutdown critical
+
+service logd /system/bin/logd
+ socket logd stream 0666 logd logd
+ socket logdr seqpacket 0666 logd logd
+ socket logdw dgram+passcred 0222 logd logd
+ file /proc/kmsg r
+ file /dev/kmsg w
+ user logd
+ group logd system package_info readproc
+ capabilities SYSLOG AUDIT_CONTROL
+ priority 10
+
+service logd-reinit /system/bin/logd --reinit
+ oneshot
+ disabled
+ user logd
+ group logd
+
+# Limit SELinux denial generation to 5/second
+service logd-auditctl /system/bin/auditctl -r 5
+ oneshot
+ disabled
+ user logd
+ group logd
+ capabilities AUDIT_CONTROL
+
+on fs
+ write /dev/event-log-tags "# content owned by logd
+"
+ chown logd logd /dev/event-log-tags
+ chmod 0644 /dev/event-log-tags
+
+on property:sys.boot_completed=1
+ start logd-auditctl
+
+service adbd /system/bin/adbd --root_seclabel=u:r:su:s0
+ class core
+ socket adbd seqpacket 660 system system
+ disabled
+ seclabel u:r:adbd:s0
+
+#TODO(b/179342589): uncomment after turning off APEX session on microdroid
+#service apexd /system/bin/apexd
+# interface aidl apexservice
+# class core
+# user root
+# group system
+# oneshot
+# disabled # does not start with the core class
+# reboot_on_failure reboot,apexd-failed
+
+service apexd-bootstrap /system/bin/apexd --bootstrap
+ user root
+ group system
+ oneshot
+ disabled
+ reboot_on_failure reboot,bootloader,bootstrap-apexd-failed
+
diff --git a/microdroid/uboot-env.txt b/microdroid/uboot-env.txt
new file mode 100644
index 0000000..0ef66b8
--- /dev/null
+++ b/microdroid/uboot-env.txt
@@ -0,0 +1,8 @@
+# Static u-boot environment variables for microdroid. See b/180481192
+
+bootcmd=boot_android virtio -
+
+# 0:2 is the misc partition
+bootdevice=0:2
+bootdelay=0
+fdtaddr=0x80000000
diff --git a/tests/hostside/AndroidTest.xml b/tests/hostside/AndroidTest.xml
index c97a1df..0995881 100644
--- a/tests/hostside/AndroidTest.xml
+++ b/tests/hostside/AndroidTest.xml
@@ -26,7 +26,7 @@
<!-- CrosVM is installed. -->
<option name="run-command" value="ls /apex/com.android.virt/bin/crosvm" />
<!-- Virt Manager is installed. -->
- <option name="run-command" value="which virtmanager" />
+ <option name="run-command" value="ls /apex/com.android.virt/bin/virtmanager" />
</target_preparer>
<!-- Push test binaries to the device. -->
diff --git a/tests/hostside/java/android/virt/test/VsockTest.java b/tests/hostside/java/android/virt/test/VsockTest.java
index 4895c9a..9de4f2e 100644
--- a/tests/hostside/java/android/virt/test/VsockTest.java
+++ b/tests/hostside/java/android/virt/test/VsockTest.java
@@ -35,7 +35,7 @@
private static final String TEST_MESSAGE = "HelloWorld";
private static final String SERVER_TARGET = "vsock_server";
- private static final String VIRT_MANAGER_COMMAND = "virtmanager";
+ private static final String VIRT_MANAGER_COMMAND = "/apex/com.android.virt/bin/virtmanager";
@Test
public void testVsockServer() throws Exception {
diff --git a/virtmanager/Android.bp b/virtmanager/Android.bp
index 04b7d8b..e22550c 100644
--- a/virtmanager/Android.bp
+++ b/virtmanager/Android.bp
@@ -11,4 +11,5 @@
"libserde",
"libanyhow",
],
+ apex_available: ["com.android.virt"],
}
diff --git a/virtmanager/aidl/Android.bp b/virtmanager/aidl/Android.bp
index e46bd27..2782d45 100644
--- a/virtmanager/aidl/Android.bp
+++ b/virtmanager/aidl/Android.bp
@@ -12,6 +12,7 @@
},
rust: {
enabled: true,
+ apex_available: ["com.android.virt"],
},
},
}