Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / c206b9b3d3b0e2ac02ce211568a81e5c2251e4b8^! / . / virtualizationmanager / src
commitc206b9b3d3b0e2ac02ce211568a81e5c2251e4b8[log] [tgz]
authorAlice Wang <aliceywang@google.com>Mon Aug 28 14:13:51 2023 +0000
committerAlice Wang <aliceywang@google.com>Wed Aug 30 14:50:01 2023 +0000
tree0e545171e0e0e4ff60ac4a01274458b4ff3c22b9
parent6b8ab309ae3a1fbb0af8b1d73a32672dffbafc33 [diff]
[service-vm] Persist the service VM instance image in VS

This cl persists the instance image of the service VM across
different VMs and manages it within the target
virtualizationservice.

Bug: 278858244
Test: Runs the ServiceVmClientApp in VM
Test: atest MicrodroidHostTests
Change-Id: Ic0a2205bae236a933d3ddd807bd124ebaaa18f8d

diff --git a/virtualizationmanager/src/aidl.rs b/virtualizationmanager/src/aidl.rs
index 97151d7..f5f2718 100644
--- a/virtualizationmanager/src/aidl.rs
+++ b/virtualizationmanager/src/aidl.rs

@@ -380,8 +380,8 @@
 
         // Check if partition images are labeled incorrectly. This is to prevent random images
         // which are not protected by the Android Verified Boot (e.g. bits downloaded by apps) from
-        // being loaded in a pVM. This applies to everything in the raw config, and everything but
-        // the non-executable, generated partitions in the app config.
+        // being loaded in a pVM. This applies to everything but the instance image in the raw config,
+        // and everything but the non-executable, generated partitions in the app config.
         config
             .disks
             .iter()
@@ -390,7 +390,7 @@
                 if is_app_config {
                     !is_safe_app_partition(&partition.label)
                 } else {
-                    true // all partitions are checked
+                    !is_safe_raw_partition(&partition.label)
                 }
             })
             .try_for_each(check_label_for_partition)
@@ -769,6 +769,11 @@
         || label.starts_with("extra-idsig-")
 }
 
+/// Returns whether a partition with the given label is safe for a raw config VM.
+fn is_safe_raw_partition(label: &str) -> bool {
+    label == "vm-instance"
+}
+
 /// Check that a file SELinux label is acceptable.
 ///
 /// We only want to allow code in a VM to be sourced from places that apps, and the
@@ -1214,22 +1219,7 @@
     }
 
     fn requestCertificate(&self, csr: &[u8]) -> binder::Result<Vec<u8>> {
-        let cid = self.cid;
-        let Some(vm) = self.state.lock().unwrap().get_vm(cid) else {
-            error!("requestCertificate is called from an unknown CID {cid}");
-            return Err(anyhow!("cannot find a VM with CID {}", cid))
-                .or_service_specific_exception(-1);
-        };
-        let instance_img_path = vm.temporary_directory.join("rkpvm_instance.img");
-        let instance_img = OpenOptions::new()
-            .create(true)
-            .read(true)
-            .write(true)
-            .open(instance_img_path)
-            .context("Failed to create rkpvm_instance.img file")
-            .with_log()
-            .or_service_specific_exception(-1)?;
-        GLOBAL_SERVICE.requestCertificate(csr, &ParcelFileDescriptor::new(instance_img))
+        GLOBAL_SERVICE.requestCertificate(csr)
     }
 }