Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 4d262dc70366f86942fdf245ff04e7588bce6aa3
commit4d262dc70366f86942fdf245ff04e7588bce6aa3[log] [tgz]
authorAndrew Scull <ascull@google.com>Fri Oct 21 13:14:33 2022 +0000
committerAndrew Scull <ascull@google.com>Mon Oct 24 15:58:47 2022 +0000
treed93f502aafd8dbcceeb8bfa4474d0e01b98e9b3f
parentc522ec76573a540cdf0fa7f809f878691129c6f4 [diff]
Restrict access to certain vm_payload APIs

Require the USE_CUSTOM_VIRTUAL_MACHINE permission in order to use
certain APIs from the VM payload that should not be exposed to all
clients of the AVF API. The permission is inferred from the use of a VM
config file, which requires the permission. The permission is only
granted to platform and test components.

Use this new ability to prevent VM payloads from accessing the raw DICE
chain and attestation CDI.

Fix: 243514248
Test: atest MicrodroidTests ComposHostTestCases
Change-Id: I1fd65ee1d0f624bc3ff9143f597e455c84ed2b02
5 files changed
tree: d93f502aafd8dbcceeb8bfa4474d0e01b98e9b3f
  1. apex/
  2. apkdmverity/
  3. authfs/
  4. avmd/
  5. compos/
  6. demo/
  7. docs/
  8. javalib/
  9. launcher/
  10. libs/
  11. microdroid/
  12. microdroid_manager/
  13. pvmfw/
  14. rialto/
  15. tests/
  16. virtualizationservice/
  17. vm/
  18. vmbase/
  19. vmclient/
  20. zipfuse/
  21. rustfmt.toml ⇨ ../../../build/soong/scripts/rustfmt.toml
  22. .clang-format
  23. .gitignore
  24. Android.bp
  25. OWNERS
  26. PREUPLOAD.cfg
  27. README.md
  28. TEST_MAPPING
README.md

Virtualization

This repository contains userspace services related to running virtual machines on Android, especially protected virtual machines. See the getting started documentation and Microdroid README for more information.