Merge "Ferrochrome: Don't set kernel" into main
diff --git a/Android.bp b/Android.bp
index b2af69e..3b6b8b5 100644
--- a/Android.bp
+++ b/Android.bp
@@ -77,7 +77,6 @@
config_namespace: "ANDROID",
bool_variables: [
"release_avf_enable_dice_changes",
- "release_avf_enable_network",
"release_avf_enable_vendor_modules",
"release_avf_enable_virt_cpufreq",
],
@@ -92,9 +91,6 @@
release_avf_enable_dice_changes: {
cflags: ["-DAVF_OPEN_DICE_CHANGES=1"],
},
- release_avf_enable_network: {
- cflags: ["-DAVF_ENABLE_NETWORK=1"],
- },
release_avf_enable_vendor_modules: {
cflags: ["-DAVF_ENABLE_VENDOR_MODULES=1"],
},
diff --git a/apex/Android.bp b/apex/Android.bp
index 8a53a3d..17b1f9e 100644
--- a/apex/Android.bp
+++ b/apex/Android.bp
@@ -89,7 +89,6 @@
],
jni_libs: [
"libvirtualizationservice_jni",
- "libvirtualizationsystemservice_jni",
"libvirtualmachine_jni",
],
// TODO(b/295593640) Unfortunately these are added to the apex even though they are unused.
diff --git a/docs/custom_vm.md b/docs/custom_vm.md
index 1e15d16..077d388 100644
--- a/docs/custom_vm.md
+++ b/docs/custom_vm.md
@@ -210,7 +210,7 @@
```
$ adb root
-$ adb shell pm enable com.android.virtualization.vmlauncher/.MainActivity
+$ adb shell pm enable com.android.virtualization.vmlauncher/.MainActivityAlias
$ adb unroot
```
@@ -218,71 +218,14 @@
permission to the app.
```
$ adb root
-$ adb shell pm enable com.google.android.virtualization.vmlauncher/com.android.virtualization.vmlauncher.MainActivity
+$ adb shell pm enable com.google.android.virtualization.vmlauncher/com.android.virtualization.vmlauncher.MainActivityAlias
$ adb shell pm grant com.google.android.virtualization.vmlauncher android.permission.USE_CUSTOM_VIRTUAL_MACHINE
$ adb unroot
```
-Then execute the below to set up the network. In the future, this step won't be necessary.
-```
-$ cat > setup_network.sh; adb push setup_network.sh /data/local/tmp
-#!/system/bin/sh
+Second, ensure your device is connected to the Internet.
-set -e
-
-TAP_IFACE=crosvm_tap
-TAP_ADDR=192.168.1.1
-TAP_NET=192.168.1.0
-
-function setup_network() {
- local WAN_IFACE=$(ip route get 8.8.8.8 2> /dev/null | awk -- '{printf $5}')
- if [ "${WAN_IFACE}" == "" ]; then
- echo "No network. Connect to a WiFi network and start again"
- return 1
- fi
-
- if ip link show ${TAP_IFACE} &> /dev/null ; then
- echo "TAP interface ${TAP_IFACE} already exists"
- return 1
- fi
-
- ip tuntap add mode tap group virtualmachine vnet_hdr ${TAP_IFACE}
- ip addr add ${TAP_ADDR}/24 dev ${TAP_IFACE}
- ip link set ${TAP_IFACE} up
- ip rule flush
- ip rule add from all lookup ${WAN_IFACE}
- ip route add ${TAP_NET}/24 dev ${TAP_IFACE} table ${WAN_IFACE}
- sysctl net.ipv4.ip_forward=1
- iptables -t filter -F
- iptables -t nat -A POSTROUTING -s ${TAP_NET}/24 -j MASQUERADE
-}
-
-function setup_if_necessary() {
- if [ "$(getprop ro.crosvm.network.setup.done)" == 1 ]; then
- return
- fi
- echo "Setting up..."
- check_privilege
- setup_network
- setenforce 0
- chmod 666 /dev/tun
- setprop ro.crosvm.network.setup.done 1
-}
-
-function check_privilege() {
- if [ "$(id -u)" -ne 0 ]; then
- echo "Run 'adb root' first"
- return 1
- fi
-}
-
-setup_if_necessary
-^D
-
-adb root; adb shell /data/local/tmp/setup_network.sh
-```
-
-Then, finally tap the VmLauncherApp app from the launcher UI. You will see
+Finally, tap the VmLauncherApp app from the launcher UI. You will see
Ferrochrome booting!
If it doesn’t work well, try
diff --git a/flags/cpp/include/android/avf_cc_flags.h b/flags/cpp/include/android/avf_cc_flags.h
index 70be925..c922266 100644
--- a/flags/cpp/include/android/avf_cc_flags.h
+++ b/flags/cpp/include/android/avf_cc_flags.h
@@ -27,14 +27,6 @@
#endif
}
-inline bool IsNetworkFlagEnabled() {
-#ifdef AVF_ENABLE_NETWORK
- return AVF_ENABLE_NETWORK;
-#else
- return false;
-#endif
-}
-
inline bool IsVendorModulesFlagEnabled() {
#ifdef AVF_ENABLE_VENDOR_MODULES
return AVF_ENABLE_VENDOR_MODULES;
diff --git a/java/jni/Android.bp b/java/jni/Android.bp
index d9b1880..4a569d4 100644
--- a/java/jni/Android.bp
+++ b/java/jni/Android.bp
@@ -20,20 +20,6 @@
}
cc_library_shared {
- name: "libvirtualizationsystemservice_jni",
- defaults: ["avf_build_flags_cc"],
- srcs: [
- "com_android_system_virtualmachine_VirtualizationSystemService.cpp",
- ],
- apex_available: ["com.android.virt"],
- shared_libs: [
- "liblog",
- "libnativehelper",
- ],
- static_libs: ["libavf_cc_flags"],
-}
-
-cc_library_shared {
name: "libvirtualmachine_jni",
defaults: ["avf_build_flags_cc"],
srcs: [
diff --git a/java/jni/com_android_system_virtualmachine_VirtualizationSystemService.cpp b/java/jni/com_android_system_virtualmachine_VirtualizationSystemService.cpp
deleted file mode 100644
index a15e7a7..0000000
--- a/java/jni/com_android_system_virtualmachine_VirtualizationSystemService.cpp
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * Copyright 2024 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#define LOG_TAG "VirtualizationSystemService"
-
-#include <android/avf_cc_flags.h>
-#include <jni.h>
-#include <log/log.h>
-
-extern "C" JNIEXPORT jboolean JNICALL
-Java_com_android_system_virtualmachine_VirtualizationSystemService_nativeIsNetworkFlagEnabled(
- [[maybe_unused]] JNIEnv* env, [[maybe_unused]] jobject obj) {
- return android::virtualization::IsNetworkFlagEnabled();
-}
diff --git a/java/service/src/com/android/system/virtualmachine/VirtualizationSystemService.java b/java/service/src/com/android/system/virtualmachine/VirtualizationSystemService.java
index 970f780..241eef4 100644
--- a/java/service/src/com/android/system/virtualmachine/VirtualizationSystemService.java
+++ b/java/service/src/com/android/system/virtualmachine/VirtualizationSystemService.java
@@ -21,6 +21,9 @@
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
+import android.net.TetheringManager;
+import android.net.TetheringManager.StartTetheringCallback;
+import android.net.TetheringManager.TetheringRequest;
import android.os.Handler;
import android.os.IBinder;
import android.os.ServiceManager;
@@ -32,6 +35,9 @@
import com.android.internal.os.BackgroundThread;
import com.android.server.SystemService;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+
/**
* This class exists to notify virtualization service of relevant things happening in the Android
* framework.
@@ -40,24 +46,15 @@
* storing secrets for apps or users that no longer exist.
*/
public class VirtualizationSystemService extends SystemService {
- static {
- System.loadLibrary("virtualizationsystemservice_jni");
- }
-
private static final String TAG = VirtualizationSystemService.class.getName();
private static final String MAINTENANCE_SERVICE_NAME =
"android.system.virtualizationmaintenance";
private Handler mHandler;
private final TetheringService mTetheringService;
- /*
- * Retrieve boolean value whether RELEASE_AVF_ENABLE_NETWORK build flag is enabled or not.
- */
- static native boolean nativeIsNetworkFlagEnabled();
-
public VirtualizationSystemService(Context context) {
super(context);
- if (nativeIsNetworkFlagEnabled()) {
+ if (Files.exists(Paths.get("/apex/com.android.virt/bin/vmnic"))) {
mTetheringService = new TetheringService();
} else {
mTetheringService = null;
@@ -155,10 +152,37 @@
}
}
- private static final class TetheringService extends IVmTethering.Stub {
+ private final class TetheringService extends IVmTethering.Stub {
+ private final TetheringManager tm = getContext().getSystemService(TetheringManager.class);
+
@Override
- public void enableVmTethering() throws UnsupportedOperationException {
- throw new UnsupportedOperationException("VM tethering is not supported yet");
+ public void enableVmTethering() {
+ final TetheringRequest tr =
+ new TetheringRequest.Builder(TetheringManager.TETHERING_VIRTUAL)
+ .setConnectivityScope(TetheringManager.CONNECTIVITY_SCOPE_GLOBAL)
+ .build();
+
+ StartTetheringCallback startTetheringCallback =
+ new StartTetheringCallback() {
+ @Override
+ public void onTetheringStarted() {
+ Log.i(TAG, "VM tethering started successfully");
+ }
+
+ @Override
+ public void onTetheringFailed(int resultCode) {
+ Log.e(
+ TAG,
+ "VM tethering failed. Result Code: "
+ + Integer.toString(resultCode));
+ }
+ };
+ tm.startTethering(tr, c -> c.run() /* executor */, startTetheringCallback);
+ }
+
+ @Override
+ public void disableVmTethering() {
+ tm.stopTethering(TetheringManager.TETHERING_VIRTUAL);
}
}
}
diff --git a/virtualizationmanager/src/crosvm.rs b/virtualizationmanager/src/crosvm.rs
index ee5f5cd..47ef91a 100644
--- a/virtualizationmanager/src/crosvm.rs
+++ b/virtualizationmanager/src/crosvm.rs
@@ -1087,15 +1087,6 @@
}
}
- if cfg!(paravirtualized_devices) {
- // TODO(b/340376951): Remove this after tap in CrosvmConfig is connected to tethering.
- if rustutils::system_properties::read_bool("ro.crosvm.network.setup.done", false)
- .unwrap_or(false)
- {
- command.arg("--net").arg("tap-name=crosvm_tap");
- }
- }
-
if cfg!(network) {
if let Some(tap) = &config.tap {
let tap_fd = tap.as_raw_fd();
diff --git a/virtualizationservice/aidl/android/system/vmtethering/IVmTethering.aidl b/virtualizationservice/aidl/android/system/vmtethering/IVmTethering.aidl
index 732a515..0743ffa 100644
--- a/virtualizationservice/aidl/android/system/vmtethering/IVmTethering.aidl
+++ b/virtualizationservice/aidl/android/system/vmtethering/IVmTethering.aidl
@@ -21,4 +21,9 @@
* Start VM tethering to provide external network to VM.
*/
void enableVmTethering();
+
+ /**
+ * Terminate VM tethering that providing external network to VM.
+ */
+ void disableVmTethering();
}
diff --git a/virtualizationservice/src/aidl.rs b/virtualizationservice/src/aidl.rs
index c0e1cc7..af80998 100644
--- a/virtualizationservice/src/aidl.rs
+++ b/virtualizationservice/src/aidl.rs
@@ -518,7 +518,7 @@
Ok(())
}
- fn createTapInterface(&self, iface_name_suffix: &str) -> binder::Result<ParcelFileDescriptor> {
+ fn createTapInterface(&self, _iface_name_suffix: &str) -> binder::Result<ParcelFileDescriptor> {
check_internet_permission()?;
check_use_custom_virtual_machine()?;
if !cfg!(network) {
@@ -528,18 +528,14 @@
))
.with_log();
}
- let tap_fd = NETWORK_SERVICE.createTapInterface(iface_name_suffix)?;
+ // TODO(340377643): Use iface_name_suffix after introducing bridge interface, not fixed
+ // value.
+ let tap_fd = NETWORK_SERVICE.createTapInterface("fixed")?;
// TODO(340377643): Due to lack of implementation of creating bridge interface, tethering is
// enabled for TAP interface instead of bridge interface. After introducing creation of
// bridge interface in AVF, we should modify it.
- if let Err(e) = TETHERING_SERVICE.enableVmTethering() {
- if e.exception_code() == ExceptionCode::UNSUPPORTED_OPERATION {
- warn!("{}", e.get_description());
- } else {
- return Err(e);
- }
- }
+ TETHERING_SERVICE.enableVmTethering()?;
Ok(tap_fd)
}
@@ -554,6 +550,10 @@
))
.with_log();
}
+
+ // TODO(340377643): Disabling tethering should be for bridge interface, not TAP interface.
+ TETHERING_SERVICE.disableVmTethering()?;
+
NETWORK_SERVICE.deleteTapInterface(tap_fd)
}
}
diff --git a/vmlauncher_app/AndroidManifest.xml b/vmlauncher_app/AndroidManifest.xml
index 48e3200..ecfef86 100644
--- a/vmlauncher_app/AndroidManifest.xml
+++ b/vmlauncher_app/AndroidManifest.xml
@@ -7,8 +7,7 @@
<uses-permission android:name="android.permission.INTERNET" />
<uses-feature android:name="android.software.virtualization_framework" android:required="true" />
<application
- android:label="VmLauncherApp"
- android:networkSecurityConfig="@xml/network_security_config">
+ android:label="VmLauncherApp">
<activity android:name=".MainActivity"
android:screenOrientation="landscape"
android:configChanges="orientation|screenSize|keyboard|keyboardHidden|navigation|uiMode"
diff --git a/vmlauncher_app/java/com/android/virtualization/vmlauncher/MainActivity.java b/vmlauncher_app/java/com/android/virtualization/vmlauncher/MainActivity.java
index 33e4755..a103dd0 100644
--- a/vmlauncher_app/java/com/android/virtualization/vmlauncher/MainActivity.java
+++ b/vmlauncher_app/java/com/android/virtualization/vmlauncher/MainActivity.java
@@ -83,6 +83,7 @@
configBuilder.setCpuTopology(CPU_TOPOLOGY_MATCH_HOST);
configBuilder.setProtectedVm(false);
+ configBuilder.setNetworkSupported(true);
if (DEBUG) {
configBuilder.setDebugLevel(VirtualMachineConfig.DEBUG_LEVEL_FULL);
configBuilder.setVmOutputCaptured(true);
diff --git a/vmlauncher_app/res/xml/network_security_config.xml b/vmlauncher_app/res/xml/network_security_config.xml
deleted file mode 100644
index f27fa56..0000000
--- a/vmlauncher_app/res/xml/network_security_config.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
- ~ Copyright (C) 2024 The Android Open Source Project
- ~
- ~ Licensed under the Apache License, Version 2.0 (the "License");
- ~ you may not use this file except in compliance with the License.
- ~ You may obtain a copy of the License at
- ~
- ~ http://www.apache.org/licenses/LICENSE-2.0
- ~
- ~ Unless required by applicable law or agreed to in writing, software
- ~ distributed under the License is distributed on an "AS IS" BASIS,
- ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ~ See the License for the specific language governing permissions and
- ~ limitations under the License.
- -->
-
-<network-security-config>
- <domain-config cleartextTrafficPermitted="true">
- <domain includeSubdomains="true">localhost</domain>
- </domain-config>
-</network-security-config>