[service-vm] Start a bare-metal service VM from a client app
This cl mainly sets up the general pipeline to trigger the
bare-metal VM from a client app. The real implementation of the
API will be adjusted in the future.
Test: Runs the RkpvmClientApp in VM
Bug: 241428822
Change-Id: I92cef7033db9a2d8cf4ad1fec22fee8c93b1cef6
diff --git a/service_vm/client_apk/Android.bp b/service_vm/client_apk/Android.bp
new file mode 100644
index 0000000..e5084d4
--- /dev/null
+++ b/service_vm/client_apk/Android.bp
@@ -0,0 +1,37 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_app {
+ name: "ServiceVmClientApp",
+ installable: true,
+ jni_libs: ["libservice_vm_client"],
+ jni_uses_platform_apis: true,
+ use_embedded_native_libs: true,
+ sdk_version: "system_current",
+ compile_multilib: "first",
+ apex_available: ["com.android.virt"],
+}
+
+rust_defaults {
+ name: "service_vm_client_defaults",
+ crate_name: "service_vm_client",
+ srcs: ["src/main.rs"],
+ prefer_rlib: true,
+ rustlibs: [
+ "libandroid_logger",
+ "libanyhow",
+ "liblog_rust",
+ "libvm_payload_bindgen",
+ ],
+}
+
+rust_ffi {
+ name: "libservice_vm_client",
+ defaults: ["service_vm_client_defaults"],
+ // TODO(b/250854486): Remove the sanitize section once the bug is fixed.
+ sanitize: {
+ address: false,
+ hwaddress: false,
+ },
+}
diff --git a/service_vm/client_apk/AndroidManifest.xml b/service_vm/client_apk/AndroidManifest.xml
new file mode 100644
index 0000000..b3598fc
--- /dev/null
+++ b/service_vm/client_apk/AndroidManifest.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (C) 2023 The Android Open Source Project
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="com.android.virt.service_vm.client">
+ <uses-permission android:name="android.permission.MANAGE_VIRTUAL_MACHINE" />
+ <uses-permission android:name="android.permission.USE_CUSTOM_VIRTUAL_MACHINE" />
+
+ <application android:hasCode="false"/>
+</manifest>
diff --git a/service_vm/client_apk/assets/config.json b/service_vm/client_apk/assets/config.json
new file mode 100644
index 0000000..02749fe
--- /dev/null
+++ b/service_vm/client_apk/assets/config.json
@@ -0,0 +1,10 @@
+{
+ "os": {
+ "name": "microdroid"
+ },
+ "task": {
+ "type": "microdroid_launcher",
+ "command": "libservice_vm_client.so"
+ },
+ "export_tombstones": true
+ }
\ No newline at end of file
diff --git a/service_vm/client_apk/src/main.rs b/service_vm/client_apk/src/main.rs
new file mode 100644
index 0000000..1f8db96
--- /dev/null
+++ b/service_vm/client_apk/src/main.rs
@@ -0,0 +1,71 @@
+// Copyright 2023, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Main executable of Service VM client.
+
+use anyhow::Result;
+use log::{error, info};
+use std::{ffi::c_void, panic};
+use vm_payload_bindgen::AVmPayload_requestCertificate;
+
+/// Entry point of the Service VM client.
+#[allow(non_snake_case)]
+#[no_mangle]
+pub extern "C" fn AVmPayload_main() {
+ android_logger::init_once(
+ android_logger::Config::default()
+ .with_tag("service_vm_client")
+ .with_min_level(log::Level::Debug),
+ );
+ // Redirect panic messages to logcat.
+ panic::set_hook(Box::new(|panic_info| {
+ error!("{}", panic_info);
+ }));
+ if let Err(e) = try_main() {
+ error!("failed with {:?}", e);
+ std::process::exit(1);
+ }
+}
+
+fn try_main() -> Result<()> {
+ info!("Welcome to Service VM Client!");
+ let csr = b"Hello from Service VM";
+ let certificate = request_certificate(csr);
+ info!("Certificate: {:?}", certificate);
+ Ok(())
+}
+
+fn request_certificate(csr: &[u8]) -> Vec<u8> {
+ // SAFETY: It is safe as we only request the size of the certificate in this call.
+ let certificate_size = unsafe {
+ AVmPayload_requestCertificate(
+ csr.as_ptr() as *const c_void,
+ csr.len(),
+ [].as_mut_ptr() as *mut c_void,
+ 0,
+ )
+ };
+ let mut certificate = vec![0u8; certificate_size];
+ // SAFETY: It is safe as we only write the data into the given buffer within the buffer
+ // size in this call.
+ unsafe {
+ AVmPayload_requestCertificate(
+ csr.as_ptr() as *const c_void,
+ csr.len(),
+ certificate.as_mut_ptr() as *mut c_void,
+ certificate.len(),
+ );
+ };
+ certificate
+}