Merge changes from topic "vt_enable" into main
* changes:
Implement disableVmTethering
Deprecate old implementation around providing network to ferrochrome
Turn network feature on in VmLauncherApp
Implement enableVmTethering
diff --git a/docs/custom_vm.md b/docs/custom_vm.md
index 1e15d16..4b027f1 100644
--- a/docs/custom_vm.md
+++ b/docs/custom_vm.md
@@ -222,67 +222,10 @@
$ adb shell pm grant com.google.android.virtualization.vmlauncher android.permission.USE_CUSTOM_VIRTUAL_MACHINE
$ adb unroot
```
-Then execute the below to set up the network. In the future, this step won't be necessary.
-```
-$ cat > setup_network.sh; adb push setup_network.sh /data/local/tmp
-#!/system/bin/sh
+Second, ensure your device is connected to the Internet.
-set -e
-
-TAP_IFACE=crosvm_tap
-TAP_ADDR=192.168.1.1
-TAP_NET=192.168.1.0
-
-function setup_network() {
- local WAN_IFACE=$(ip route get 8.8.8.8 2> /dev/null | awk -- '{printf $5}')
- if [ "${WAN_IFACE}" == "" ]; then
- echo "No network. Connect to a WiFi network and start again"
- return 1
- fi
-
- if ip link show ${TAP_IFACE} &> /dev/null ; then
- echo "TAP interface ${TAP_IFACE} already exists"
- return 1
- fi
-
- ip tuntap add mode tap group virtualmachine vnet_hdr ${TAP_IFACE}
- ip addr add ${TAP_ADDR}/24 dev ${TAP_IFACE}
- ip link set ${TAP_IFACE} up
- ip rule flush
- ip rule add from all lookup ${WAN_IFACE}
- ip route add ${TAP_NET}/24 dev ${TAP_IFACE} table ${WAN_IFACE}
- sysctl net.ipv4.ip_forward=1
- iptables -t filter -F
- iptables -t nat -A POSTROUTING -s ${TAP_NET}/24 -j MASQUERADE
-}
-
-function setup_if_necessary() {
- if [ "$(getprop ro.crosvm.network.setup.done)" == 1 ]; then
- return
- fi
- echo "Setting up..."
- check_privilege
- setup_network
- setenforce 0
- chmod 666 /dev/tun
- setprop ro.crosvm.network.setup.done 1
-}
-
-function check_privilege() {
- if [ "$(id -u)" -ne 0 ]; then
- echo "Run 'adb root' first"
- return 1
- fi
-}
-
-setup_if_necessary
-^D
-
-adb root; adb shell /data/local/tmp/setup_network.sh
-```
-
-Then, finally tap the VmLauncherApp app from the launcher UI. You will see
+Finally, tap the VmLauncherApp app from the launcher UI. You will see
Ferrochrome booting!
If it doesn’t work well, try
diff --git a/java/service/src/com/android/system/virtualmachine/VirtualizationSystemService.java b/java/service/src/com/android/system/virtualmachine/VirtualizationSystemService.java
index 970f780..f1d89d9 100644
--- a/java/service/src/com/android/system/virtualmachine/VirtualizationSystemService.java
+++ b/java/service/src/com/android/system/virtualmachine/VirtualizationSystemService.java
@@ -21,6 +21,9 @@
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
+import android.net.TetheringManager;
+import android.net.TetheringManager.StartTetheringCallback;
+import android.net.TetheringManager.TetheringRequest;
import android.os.Handler;
import android.os.IBinder;
import android.os.ServiceManager;
@@ -155,10 +158,37 @@
}
}
- private static final class TetheringService extends IVmTethering.Stub {
+ private final class TetheringService extends IVmTethering.Stub {
+ private final TetheringManager tm = getContext().getSystemService(TetheringManager.class);
+
@Override
- public void enableVmTethering() throws UnsupportedOperationException {
- throw new UnsupportedOperationException("VM tethering is not supported yet");
+ public void enableVmTethering() {
+ final TetheringRequest tr =
+ new TetheringRequest.Builder(TetheringManager.TETHERING_VIRTUAL)
+ .setConnectivityScope(TetheringManager.CONNECTIVITY_SCOPE_GLOBAL)
+ .build();
+
+ StartTetheringCallback startTetheringCallback =
+ new StartTetheringCallback() {
+ @Override
+ public void onTetheringStarted() {
+ Log.i(TAG, "VM tethering started successfully");
+ }
+
+ @Override
+ public void onTetheringFailed(int resultCode) {
+ Log.e(
+ TAG,
+ "VM tethering failed. Result Code: "
+ + Integer.toString(resultCode));
+ }
+ };
+ tm.startTethering(tr, c -> c.run() /* executor */, startTetheringCallback);
+ }
+
+ @Override
+ public void disableVmTethering() {
+ tm.stopTethering(TetheringManager.TETHERING_VIRTUAL);
}
}
}
diff --git a/virtualizationmanager/src/crosvm.rs b/virtualizationmanager/src/crosvm.rs
index ee5f5cd..47ef91a 100644
--- a/virtualizationmanager/src/crosvm.rs
+++ b/virtualizationmanager/src/crosvm.rs
@@ -1087,15 +1087,6 @@
}
}
- if cfg!(paravirtualized_devices) {
- // TODO(b/340376951): Remove this after tap in CrosvmConfig is connected to tethering.
- if rustutils::system_properties::read_bool("ro.crosvm.network.setup.done", false)
- .unwrap_or(false)
- {
- command.arg("--net").arg("tap-name=crosvm_tap");
- }
- }
-
if cfg!(network) {
if let Some(tap) = &config.tap {
let tap_fd = tap.as_raw_fd();
diff --git a/virtualizationservice/aidl/android/system/vmtethering/IVmTethering.aidl b/virtualizationservice/aidl/android/system/vmtethering/IVmTethering.aidl
index 732a515..0743ffa 100644
--- a/virtualizationservice/aidl/android/system/vmtethering/IVmTethering.aidl
+++ b/virtualizationservice/aidl/android/system/vmtethering/IVmTethering.aidl
@@ -21,4 +21,9 @@
* Start VM tethering to provide external network to VM.
*/
void enableVmTethering();
+
+ /**
+ * Terminate VM tethering that providing external network to VM.
+ */
+ void disableVmTethering();
}
diff --git a/virtualizationservice/src/aidl.rs b/virtualizationservice/src/aidl.rs
index c0e1cc7..af80998 100644
--- a/virtualizationservice/src/aidl.rs
+++ b/virtualizationservice/src/aidl.rs
@@ -518,7 +518,7 @@
Ok(())
}
- fn createTapInterface(&self, iface_name_suffix: &str) -> binder::Result<ParcelFileDescriptor> {
+ fn createTapInterface(&self, _iface_name_suffix: &str) -> binder::Result<ParcelFileDescriptor> {
check_internet_permission()?;
check_use_custom_virtual_machine()?;
if !cfg!(network) {
@@ -528,18 +528,14 @@
))
.with_log();
}
- let tap_fd = NETWORK_SERVICE.createTapInterface(iface_name_suffix)?;
+ // TODO(340377643): Use iface_name_suffix after introducing bridge interface, not fixed
+ // value.
+ let tap_fd = NETWORK_SERVICE.createTapInterface("fixed")?;
// TODO(340377643): Due to lack of implementation of creating bridge interface, tethering is
// enabled for TAP interface instead of bridge interface. After introducing creation of
// bridge interface in AVF, we should modify it.
- if let Err(e) = TETHERING_SERVICE.enableVmTethering() {
- if e.exception_code() == ExceptionCode::UNSUPPORTED_OPERATION {
- warn!("{}", e.get_description());
- } else {
- return Err(e);
- }
- }
+ TETHERING_SERVICE.enableVmTethering()?;
Ok(tap_fd)
}
@@ -554,6 +550,10 @@
))
.with_log();
}
+
+ // TODO(340377643): Disabling tethering should be for bridge interface, not TAP interface.
+ TETHERING_SERVICE.disableVmTethering()?;
+
NETWORK_SERVICE.deleteTapInterface(tap_fd)
}
}
diff --git a/vmlauncher_app/AndroidManifest.xml b/vmlauncher_app/AndroidManifest.xml
index 48e3200..ecfef86 100644
--- a/vmlauncher_app/AndroidManifest.xml
+++ b/vmlauncher_app/AndroidManifest.xml
@@ -7,8 +7,7 @@
<uses-permission android:name="android.permission.INTERNET" />
<uses-feature android:name="android.software.virtualization_framework" android:required="true" />
<application
- android:label="VmLauncherApp"
- android:networkSecurityConfig="@xml/network_security_config">
+ android:label="VmLauncherApp">
<activity android:name=".MainActivity"
android:screenOrientation="landscape"
android:configChanges="orientation|screenSize|keyboard|keyboardHidden|navigation|uiMode"
diff --git a/vmlauncher_app/java/com/android/virtualization/vmlauncher/MainActivity.java b/vmlauncher_app/java/com/android/virtualization/vmlauncher/MainActivity.java
index 33e4755..a103dd0 100644
--- a/vmlauncher_app/java/com/android/virtualization/vmlauncher/MainActivity.java
+++ b/vmlauncher_app/java/com/android/virtualization/vmlauncher/MainActivity.java
@@ -83,6 +83,7 @@
configBuilder.setCpuTopology(CPU_TOPOLOGY_MATCH_HOST);
configBuilder.setProtectedVm(false);
+ configBuilder.setNetworkSupported(true);
if (DEBUG) {
configBuilder.setDebugLevel(VirtualMachineConfig.DEBUG_LEVEL_FULL);
configBuilder.setVmOutputCaptured(true);
diff --git a/vmlauncher_app/res/xml/network_security_config.xml b/vmlauncher_app/res/xml/network_security_config.xml
deleted file mode 100644
index f27fa56..0000000
--- a/vmlauncher_app/res/xml/network_security_config.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
- ~ Copyright (C) 2024 The Android Open Source Project
- ~
- ~ Licensed under the Apache License, Version 2.0 (the "License");
- ~ you may not use this file except in compliance with the License.
- ~ You may obtain a copy of the License at
- ~
- ~ http://www.apache.org/licenses/LICENSE-2.0
- ~
- ~ Unless required by applicable law or agreed to in writing, software
- ~ distributed under the License is distributed on an "AS IS" BASIS,
- ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ~ See the License for the specific language governing permissions and
- ~ limitations under the License.
- -->
-
-<network-security-config>
- <domain-config cleartextTrafficPermitted="true">
- <domain includeSubdomains="true">localhost</domain>
- </domain-config>
-</network-security-config>