Revert^2 "Add microfuchsia apex that runs in AVF on bootup"
4ae215a64209cfbb0ae4fb2d484a0fb4fa4afc53
The old change is PS1.
The fix involves using libc::c_char and casting to a u8 on x86
architectures.
Test: m com.android.microfuchsia for arm and x86
Change-Id: Ideccd80b4f6a812c1638b31a7b4ad666a5a411b7
diff --git a/microfuchsia/README.md b/microfuchsia/README.md
new file mode 100644
index 0000000..82de725
--- /dev/null
+++ b/microfuchsia/README.md
@@ -0,0 +1,30 @@
+# Microfuchsia
+
+Microfuchsia is an experimental solution for running trusted applications on
+pkvm using the Android Virtualization Framework (AVF).
+
+# How to use
+
+Add the `com.android.microfuchsia` apex to your product.
+
+```
+PRODUCT_PACKAGES += com.android.microfuchsia
+```
+
+Define and add a `com.android.microfuchsia.images` apex to hold the images.
+
+```
+PRODUCT_PACKAGES += com.android.microfuchsia.images
+```
+
+This apex must have a prebuilt `fuchsia.zbi` in `/etc/fuchsia.zbi` and a boot
+shim in `/etc/linux-arm64-boot-shim.bin`.
+
+# Using the console
+
+This command will open the console for the first VM running in AVF, and can be
+used to connect to the microfuchsia console.
+
+```
+adb shell -t /apex/com.android.virt/bin/vm console
+```
diff --git a/microfuchsia/apex/Android.bp b/microfuchsia/apex/Android.bp
new file mode 100644
index 0000000..eddda9f
--- /dev/null
+++ b/microfuchsia/apex/Android.bp
@@ -0,0 +1,55 @@
+// Copyright (C) 2024 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+apex {
+ name: "com.android.microfuchsia",
+ manifest: "manifest.json",
+ key: "com.android.microfuchsia.key",
+
+ // Allows us to specify a file_contexts in our own repository.
+ system_ext_specific: true,
+ file_contexts: "com.android.microfuchsia-file_contexts",
+
+ updatable: false,
+ future_updatable: false,
+ platform_apis: true,
+
+ binaries: [
+ // A daemon that starts on bootup that launches microfuchsia in AVF.
+ "microfuchsiad",
+ ],
+
+ prebuilts: [
+ // An init script to launch the microfuchsiad daemon on bootup which
+ // launches the microfuchsia VM in AVF.
+ "com.android.microfuchsia.init.rc",
+ ],
+}
+
+apex_key {
+ name: "com.android.microfuchsia.key",
+ public_key: "com.android.microfuchsia.avbpubkey",
+ private_key: "com.android.microfuchsia.pem",
+}
+
+prebuilt_etc {
+ name: "com.android.microfuchsia.init.rc",
+ src: "microfuchsia.rc",
+ filename: "init.rc",
+ installable: false,
+}
diff --git a/microfuchsia/apex/com.android.microfuchsia-file_contexts b/microfuchsia/apex/com.android.microfuchsia-file_contexts
new file mode 100644
index 0000000..13d7286
--- /dev/null
+++ b/microfuchsia/apex/com.android.microfuchsia-file_contexts
@@ -0,0 +1,2 @@
+(/.*)? u:object_r:system_file:s0
+/bin/microfuchsiad u:object_r:microfuchsiad_exec:s0
diff --git a/microfuchsia/apex/com.android.microfuchsia.avbpubkey b/microfuchsia/apex/com.android.microfuchsia.avbpubkey
new file mode 100644
index 0000000..10d4b88
--- /dev/null
+++ b/microfuchsia/apex/com.android.microfuchsia.avbpubkey
Binary files differ
diff --git a/microfuchsia/apex/com.android.microfuchsia.pem b/microfuchsia/apex/com.android.microfuchsia.pem
new file mode 100644
index 0000000..541fa80
--- /dev/null
+++ b/microfuchsia/apex/com.android.microfuchsia.pem
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQAIBADANBgkqhkiG9w0BAQEFAASCCSowggkmAgEAAoICAQCr8qQ+s57kXmB6
+m51lEcX7edl3l5jc1gQxmgopb4ddY0fXm4f0xj9El/Ye4J9lNpf9e1sTJuaytQZR
+lz/I/Kyla6erb37zw18kI1OyTY7PWoeNyNUehLEHqIoeDaj1S3xvb3BiRcncBpLt
+KT/Lunxu4C9sL8kAg9egH/zhOPvm37dqWxJq7CJC/TxSC4sizH6pxjx8AigVCDP3
+i4rwtgUxEdO4CKKm0bK+izUIGRXta3AToL6PKeki0r8E3HhpjNbcpTMpC57TtIgt
+39VSsk5azqSFeEUuBqZdI2Sqgsdxyh3CC4n7MzRduKtrlYAM94Mf2VNQINQ2dG/i
+AhH6Azd8WizGv5MHUeBqn/wHXQ699q19rQj5fFy1vFpw2ptSmkDP3xDsKZsfpYQl
+2FzYoEKIPli7uKOXu5Wa8N+a32SVF8nKbbvPCojklVmOC2IWOxolxI5BlvuMy8aJ
++Ly743dRHu6hEKIHZLRcVCHiixwjlZ8Wqweq5WaxMAKAlvQ4FY0xMoRMeij9WpJ/
+rBYE7qQE2GRm7h9D16nqoJvTeoucsQ50sg5U5aR00aH4xQacK4v6UnkQ5yU8ssPV
+oCIcLbAZ+i0ZRULSom7Lmeu+Lb4kb0+GhP31M3UjGMmyTZYtxbaHwkMK+W4ja6/X
+M4O5+cruvEAxkNQhRUTVBNDKo7YKewIDAQABAoIB/2taktvoSXagy0ZsN1i4QA6X
+hQRQd0q+/t9OeAm8GEe2NKSTS88HTM5cEiOKb/pBRk58izWUlB9UkR1f0UiAeUoj
+wgtxu/wgKXE78oWK5smPPBLJ0PBnkspf79vTq37QImDGCDn9rd+G5d+BttL7xl9z
+Q33IV+ElGlBe/a5LEFCVB27fwsqpo2Uvtk7YkNtT0cEt2OrpGHKz1xOMNrMS8dWG
+dn6a5ZzsT9enZ598CgoG33K3FEKjaBYrKMK1jnhX9njMAPp0xt+8AfSiS2MrmsAX
+REtl9nXwsO3LAI7KGBEd9SEHE0mYLpmqiAbOJaSdjsB+b1sXzrww9lRP9pP3GNcC
+dLF+MOZMFiT+mltSNOmVgPM5nV8njFruqcGOssyq8UJVl/aoIc5CNTsRgiudxOjy
+1kS2VPw4zeoQqyt3lFoZQR/PfrJEXsOJJqJngS8cUmuAAKEWZb0ZjtMFcUrXfFH1
+IXyOl1eQysvQQQynnVc4Xsg67FkqO4OEfxO2Ia9WzGmBV1DfCAK52iLbh2dNxPxg
+5SwkOuzmsztDNHAXMZZZJgwQJ7j4mc1ftfilaNUJn6PDguakclpMKVzP72Hg62TY
+ieQzSo1aKmd4fGMmVe0vCcAur2VnbmKjrblxigg4Gf7S794WJccVsZyGEcasEryA
+OP6M+jHA8EaZQT7DGxUCggEBAO/gqOobZV1b5WyX2WLi+v+Hyd8ZaCpCEeW+NPHd
+Bhh+LffoSrQ4LT4qLfHOaplarA8qcf/Tws4PUgB0yAd/OkwjCBsKSnaa/5368elv
+MOVFhZlg+jn7NXfNh3KvyZ7c/Usg/Hh6w6IleY8mvCj25A8aqb4xqEEHIh6AgYu7
+1bcqmKvEh3zVgkVCNFqDMQvA2F86qo4kW4QCeH4uCH749ynbwO6xungHJdEvEYLv
+hr9r7KXYD6m+redF8UQZE2y35o+MHgzmX1u7ak427D11Uq7OkP3U1xxyPgZ5hURX
+nHKJStGQ1xKZvBQ7aZGKPFTE+7GZJBuwO7NGhFAtOGWWOwcCggEBALeBLjMVTVo+
+8OqnJ2zbCYHTbcP0fBFdXFQLg+XhOxpVCQjDP59pJZC0vyH4BkCpnrSGTJRYuZz6
+MA4uptjU07P9bRBM3mK0c6pb71S2bMIzV5PxiwXvRKVzIAcXY4f2KgIQM6STRaT6
+r50gNTYak+CsdqQqPTqIpii3O9ddp9JEB1sZNys36GKuNm2a86dZO7gV5n5NBPJJ
+AHnSYIhPF3JD9EqlSeAmWOtW2vDc7Kogkf4SdaYFIX2FYIffFEOOUjlaIL5Xgf7P
+iFF8/Tu9WiExyA+sD8yLG2pNdS66eBXVEdCBC44uDDVU4awYgpi34ZJTgay1yj0o
+tloYeexpM+0CggEAHA8Zcxj1SHBha8xvX0PRvGYz1Obx6k+ELG2NX+VMuzy3P9Jq
+Op5/nE/uw+QzT/DtQ3DhmN06YkQkgW0noMjfFtzaK9+OSkVjNSWPepDJFWiGciSH
+4JRj8rmV6HJrkSukbU9UePtTOvpLN9V+GQSYNLQXuumwFrsw4ISDosa7/wr6hM0e
+VBndfSB7Y0MJT6ilJq6EGNBj7BMl6QyVbdTNhJXyAXnEqBmd8NQipkBCcM29BsE5
+Q8/MI8top2CPhx4T2CK5uSSRbveDPdbq112L6Gq9RxPIfclXPAam8hGVeUhZ+h2J
+KuHUwEEa3i1fVUMdde7F7H823IeZHo/LkwZ5rQKCAQA4qfYnJgPNwzPHcbg13+ku
+oqf5Y2xQPGD/PtMK0CLc/bcdcpUZ13EXHwkKJzlfDEGKgxHwmPkv5P2j03oH6Kg6
+ox3jc6kUF57D00GzCeXJjesULvj76ydqY4NXTTyZxkSwgGpB/ov55sMFpOVpgIl7
+TiYQiU6A3aNZXUNoPG5O+ly/H6kuekQS/LKn47orSd2r+W9EPuoxGqO/+lt+m9Wk
+niE4T5PhWFYKzbYrvDyESCxspSyZCGqQBPiK3DK4raDsPs1vmTv2AAWbDBpyMQU8
+zM93L21tfuMHT0XJGSFttG6c0MxNqiBw83YAG01wdQ99jLW1LCl3+zNb3MUBYHb9
+AoIBAGWTZQOQLMVDH5ljzty/HnW3J9ZPPhF+x3B5L98eiYD96tJ6UVsU9Cok6WKu
+V7q7SdwI4pI3mdiuD7ljHMHXiSmF8zPmpG1TpZ1yFNKBQyhIkA/Pffe2wc3ua6Kj
+baXi9jWfLDCQoa8fZ/dzlaUuqN23YuCSwUrLpJ/3o/xgTG085vD3ycbcYvw715PK
+B/9YspIMDQkf2yvOuDwXCjI3IFIGwBGLHoHt+Giqz3z68z54z5qaFi092yNeAewQ
+hhUl1mh6VVanYiERqAgvYUxHuEyD211UYGwMxRHUdiqbtALexZjOB1hLxLnWRtdS
+wa28hvmts5NyMy819GfPGqdRa14=
+-----END PRIVATE KEY-----
diff --git a/microfuchsia/apex/manifest.json b/microfuchsia/apex/manifest.json
new file mode 100644
index 0000000..b7ea23b
--- /dev/null
+++ b/microfuchsia/apex/manifest.json
@@ -0,0 +1,4 @@
+{
+ "name": "com.android.microfuchsia",
+ "version": 1
+}
diff --git a/microfuchsia/apex/microfuchsia.rc b/microfuchsia/apex/microfuchsia.rc
new file mode 100644
index 0000000..2b19ed3
--- /dev/null
+++ b/microfuchsia/apex/microfuchsia.rc
@@ -0,0 +1,22 @@
+# Copyright (C) 2024 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+service microfuchsiad /apex/com.android.microfuchsia/bin/microfuchsiad
+ class main
+ user root
+ group system
+ # We need SYS_NICE in order to allow the crosvm child process to use it.
+ # (b/322197421). composd itself never uses it (and isn't allowed to by
+ # SELinux).
+ capabilities SYS_NICE
diff --git a/microfuchsia/microfuchsiad/Android.bp b/microfuchsia/microfuchsiad/Android.bp
new file mode 100644
index 0000000..ddf360d
--- /dev/null
+++ b/microfuchsia/microfuchsiad/Android.bp
@@ -0,0 +1,25 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+// A daemon that launches microfuchsia in AVF.
+rust_binary {
+ name: "microfuchsiad",
+ srcs: ["src/main.rs"],
+ edition: "2021",
+ prefer_rlib: true,
+ defaults: ["avf_build_flags_rust"],
+ rustlibs: [
+ "android.system.microfuchsiad-rust",
+ "android.system.virtualizationservice-rust",
+ "libandroid_logger",
+ "libanyhow",
+ "libbinder_rs",
+ "liblog_rust",
+ "liblibc",
+ "libvmclient",
+ ],
+ apex_available: [
+ "com.android.microfuchsia",
+ ],
+}
diff --git a/microfuchsia/microfuchsiad/aidl/Android.bp b/microfuchsia/microfuchsiad/aidl/Android.bp
new file mode 100644
index 0000000..02bb7c6
--- /dev/null
+++ b/microfuchsia/microfuchsiad/aidl/Android.bp
@@ -0,0 +1,24 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+aidl_interface {
+ name: "android.system.microfuchsiad",
+ srcs: ["android/system/microfuchsiad/*.aidl"],
+ // TODO: Make this stable when the APEX becomes updatable.
+ unstable: true,
+ backend: {
+ java: {
+ enabled: false,
+ },
+ ndk: {
+ enabled: false,
+ },
+ rust: {
+ enabled: true,
+ apex_available: [
+ "com.android.microfuchsia",
+ ],
+ },
+ },
+}
diff --git a/microfuchsia/microfuchsiad/aidl/android/system/microfuchsiad/IMicrofuchsiaService.aidl b/microfuchsia/microfuchsiad/aidl/android/system/microfuchsiad/IMicrofuchsiaService.aidl
new file mode 100644
index 0000000..a04ae2b
--- /dev/null
+++ b/microfuchsia/microfuchsiad/aidl/android/system/microfuchsiad/IMicrofuchsiaService.aidl
@@ -0,0 +1,21 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.system.microfuchsiad;
+
+// This service exists as a placeholder in case we want to communicate with the
+// daemon in the future.
+interface IMicrofuchsiaService {
+}
diff --git a/microfuchsia/microfuchsiad/src/instance_manager.rs b/microfuchsia/microfuchsiad/src/instance_manager.rs
new file mode 100644
index 0000000..5082e50
--- /dev/null
+++ b/microfuchsia/microfuchsiad/src/instance_manager.rs
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! Manages running instances of the Microfuchsia VM.
+//! At most one instance should be running at a time.
+
+use crate::instance_starter::{InstanceStarter, MicrofuchsiaInstance};
+use android_system_virtualizationservice::aidl::android::system::virtualizationservice;
+use anyhow::{bail, Result};
+use binder::Strong;
+use virtualizationservice::IVirtualizationService::IVirtualizationService;
+
+pub struct InstanceManager {
+ service: Strong<dyn IVirtualizationService>,
+ started: bool,
+}
+
+impl InstanceManager {
+ pub fn new(service: Strong<dyn IVirtualizationService>) -> Self {
+ Self { service, started: false }
+ }
+
+ pub fn start_instance(&mut self) -> Result<MicrofuchsiaInstance> {
+ if self.started {
+ bail!("Cannot start multiple microfuchsia instances");
+ }
+
+ let instance_starter = InstanceStarter::new("Microfuchsia", 0);
+ let instance = instance_starter.start_new_instance(&*self.service);
+
+ if instance.is_ok() {
+ self.started = true;
+ }
+ instance
+ }
+}
diff --git a/microfuchsia/microfuchsiad/src/instance_starter.rs b/microfuchsia/microfuchsiad/src/instance_starter.rs
new file mode 100644
index 0000000..15fcc06
--- /dev/null
+++ b/microfuchsia/microfuchsiad/src/instance_starter.rs
@@ -0,0 +1,168 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! Responsible for starting an instance of the Microfuchsia VM.
+
+use android_system_virtualizationservice::aidl::android::system::virtualizationservice::{
+ CpuTopology::CpuTopology, IVirtualizationService::IVirtualizationService,
+ VirtualMachineConfig::VirtualMachineConfig, VirtualMachineRawConfig::VirtualMachineRawConfig,
+};
+use anyhow::{ensure, Context, Result};
+use binder::{LazyServiceGuard, ParcelFileDescriptor};
+use log::info;
+use std::ffi::CStr;
+use std::fs::File;
+use std::os::fd::FromRawFd;
+use vmclient::VmInstance;
+
+pub struct MicrofuchsiaInstance {
+ _vm_instance: VmInstance,
+ _lazy_service_guard: LazyServiceGuard,
+ _pty: Pty,
+}
+
+pub struct InstanceStarter {
+ instance_name: String,
+ instance_id: u8,
+}
+
+impl InstanceStarter {
+ pub fn new(instance_name: &str, instance_id: u8) -> Self {
+ Self { instance_name: instance_name.to_owned(), instance_id }
+ }
+
+ pub fn start_new_instance(
+ &self,
+ virtualization_service: &dyn IVirtualizationService,
+ ) -> Result<MicrofuchsiaInstance> {
+ info!("Creating {} instance", self.instance_name);
+
+ // Always use instance id 0, because we will only ever have one instance.
+ let mut instance_id = [0u8; 64];
+ instance_id[0] = self.instance_id;
+
+ // Open the kernel and initrd files from the microfuchsia.images apex.
+ let kernel_fd =
+ File::open("/apex/com.android.microfuchsia.images/etc/linux-arm64-boot-shim.bin")
+ .context("Failed to open the boot-shim")?;
+ let initrd_fd = File::open("/apex/com.android.microfuchsia.images/etc/fuchsia.zbi")
+ .context("Failed to open the fuchsia ZBI")?;
+ let kernel = Some(ParcelFileDescriptor::new(kernel_fd));
+ let initrd = Some(ParcelFileDescriptor::new(initrd_fd));
+
+ // Prepare a pty for console input/output.
+ let pty = openpty()?;
+ let console_in = Some(pty.leader.try_clone().context("cloning pty")?);
+ let console_out = Some(pty.leader.try_clone().context("cloning pty")?);
+
+ let config = VirtualMachineConfig::RawConfig(VirtualMachineRawConfig {
+ name: "Microfuchsia".into(),
+ instanceId: instance_id,
+ kernel,
+ initrd,
+ params: None,
+ bootloader: None,
+ disks: vec![],
+ protectedVm: false,
+ memoryMib: 256,
+ cpuTopology: CpuTopology::ONE_CPU,
+ platformVersion: "1.0.0".into(),
+ // Fuchsia uses serial for console by default.
+ consoleInputDevice: Some("ttyS0".into()),
+ ..Default::default()
+ });
+ let vm_instance = VmInstance::create(
+ virtualization_service,
+ &config,
+ console_out,
+ console_in,
+ /* log= */ None,
+ None,
+ )
+ .context("Failed to create VM")?;
+ vm_instance
+ .vm
+ .setHostConsoleName(&pty.follower_name)
+ .context("Setting host console name")?;
+ vm_instance.start().context("Starting VM")?;
+
+ Ok(MicrofuchsiaInstance {
+ _vm_instance: vm_instance,
+ _lazy_service_guard: Default::default(),
+ _pty: pty,
+ })
+ }
+}
+
+struct Pty {
+ leader: File,
+ follower_name: String,
+}
+
+/// Opens a pseudoterminal (pty), configures it to be a raw terminal, and returns the file pair.
+fn openpty() -> Result<Pty> {
+ // Create a pty pair.
+ let mut leader: libc::c_int = -1;
+ let mut _follower: libc::c_int = -1;
+ let mut follower_name: Vec<libc::c_char> = vec![0; 32];
+
+ // SAFETY: calling openpty with valid+initialized variables is safe.
+ // The two null pointers are valid inputs for openpty.
+ unsafe {
+ ensure!(
+ libc::openpty(
+ &mut leader,
+ &mut _follower,
+ follower_name.as_mut_ptr(),
+ std::ptr::null_mut(),
+ std::ptr::null_mut(),
+ ) == 0,
+ "failed to openpty"
+ );
+ }
+
+ // SAFETY: calling these libc functions with valid+initialized variables is safe.
+ unsafe {
+ // Fetch the termios attributes.
+ let mut attr = libc::termios {
+ c_iflag: 0,
+ c_oflag: 0,
+ c_cflag: 0,
+ c_lflag: 0,
+ c_line: 0,
+ c_cc: [0u8; 19],
+ };
+ ensure!(libc::tcgetattr(leader, &mut attr) == 0, "failed to get termios attributes");
+
+ // Force it to be a raw pty and re-set it.
+ libc::cfmakeraw(&mut attr);
+ ensure!(
+ libc::tcsetattr(leader, libc::TCSANOW, &attr) == 0,
+ "failed to set termios attributes"
+ );
+ }
+
+ // Construct the return value.
+ // SAFETY: The file descriptors are valid because openpty returned without error (above).
+ let leader = unsafe { File::from_raw_fd(leader) };
+ let follower_name: Vec<u8> = follower_name.iter_mut().map(|x| *x as _).collect();
+ let follower_name = CStr::from_bytes_until_nul(&follower_name)
+ .context("pty filename missing NUL")?
+ .to_str()
+ .context("pty filename invalid utf8")?
+ .to_string();
+ Ok(Pty { leader, follower_name })
+}
diff --git a/microfuchsia/microfuchsiad/src/main.rs b/microfuchsia/microfuchsiad/src/main.rs
new file mode 100644
index 0000000..ec290cc
--- /dev/null
+++ b/microfuchsia/microfuchsiad/src/main.rs
@@ -0,0 +1,62 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! A daemon that can be launched on bootup that runs microfuchsia in AVF.
+//! An on-demand binder service is also prepared in case we want to communicate with the daemon in
+//! the future.
+
+mod instance_manager;
+mod instance_starter;
+mod service;
+
+use crate::instance_manager::InstanceManager;
+use anyhow::{Context, Result};
+use binder::{register_lazy_service, ProcessState};
+use log::{error, info};
+
+#[allow(clippy::eq_op)]
+fn try_main() -> Result<()> {
+ let debuggable = env!("TARGET_BUILD_VARIANT") != "user";
+ let log_level = if debuggable { log::LevelFilter::Debug } else { log::LevelFilter::Info };
+ android_logger::init_once(
+ android_logger::Config::default().with_tag("microfuchsiad").with_max_level(log_level),
+ );
+
+ ProcessState::start_thread_pool();
+
+ let virtmgr =
+ vmclient::VirtualizationService::new().context("Failed to spawn VirtualizationService")?;
+ let virtualization_service =
+ virtmgr.connect().context("Failed to connect to VirtualizationService")?;
+
+ let instance_manager = InstanceManager::new(virtualization_service);
+ let service = service::new_binder(instance_manager);
+ register_lazy_service("android.system.microfuchsiad", service.as_binder())
+ .context("Registering microfuchsiad service")?;
+
+ info!("Registered services, joining threadpool");
+ ProcessState::join_thread_pool();
+
+ info!("Exiting");
+ Ok(())
+}
+
+fn main() {
+ if let Err(e) = try_main() {
+ error!("{:?}", e);
+ std::process::exit(1)
+ }
+}
diff --git a/microfuchsia/microfuchsiad/src/service.rs b/microfuchsia/microfuchsiad/src/service.rs
new file mode 100644
index 0000000..a2112b1
--- /dev/null
+++ b/microfuchsia/microfuchsiad/src/service.rs
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! Implementation of IMicrofuchsiaService that runs microfuchsia in AVF when
+//! created.
+
+use crate::instance_manager::InstanceManager;
+use crate::instance_starter::MicrofuchsiaInstance;
+use android_system_microfuchsiad::aidl::android::system::microfuchsiad::IMicrofuchsiaService::{
+ BnMicrofuchsiaService, IMicrofuchsiaService,
+};
+use anyhow::Context;
+use binder::{self, BinderFeatures, Interface, Strong};
+
+#[allow(unused)]
+pub struct MicrofuchsiaService {
+ instance_manager: InstanceManager,
+ microfuchsia: MicrofuchsiaInstance,
+}
+
+pub fn new_binder(mut instance_manager: InstanceManager) -> Strong<dyn IMicrofuchsiaService> {
+ let microfuchsia = instance_manager.start_instance().context("Starting Microfuchsia").unwrap();
+ let service = MicrofuchsiaService { instance_manager, microfuchsia };
+ BnMicrofuchsiaService::new_binder(service, BinderFeatures::default())
+}
+
+impl Interface for MicrofuchsiaService {}
+
+impl IMicrofuchsiaService for MicrofuchsiaService {}