Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / c659013189ea3d911b46be4fce9c5c44b5764191^2..c659013189ea3d911b46be4fce9c5c44b5764191 / .
commitc659013189ea3d911b46be4fce9c5c44b5764191[log] [tgz]
authorTreehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>Tue Mar 05 10:26:29 2024 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Tue Mar 05 10:26:29 2024 +0000
tree3d220bb7f3a5f0d39646864962b9b7e30d8f3b64
parent7239a7391e6d11d67b9ec27d604f7a25094babe7 [diff]
parent30ccacba5ac3a353aaa691bd250c19e9cb21996b [diff]
Merge "Add daily reconciliation" into main
diff --git a/microdroid_manager/src/vm_secret.rs b/microdroid_manager/src/vm_secret.rs
index 91f5abd..7b65491 100644
--- a/microdroid_manager/src/vm_secret.rs
+++ b/microdroid_manager/src/vm_secret.rs

@@ -14,7 +14,7 @@
 
 //! Class for encapsulating & managing represent VM secrets.
 
-use anyhow::{anyhow, ensure, Result};
+use anyhow::{anyhow, ensure, Context, Result};
 use android_system_virtualmachineservice::aidl::android::system::virtualmachineservice::IVirtualMachineService::IVirtualMachineService;
 use android_hardware_security_secretkeeper::aidl::android::hardware::security::secretkeeper::ISecretkeeper::ISecretkeeper;
 use secretkeeper_comm::data_types::request::Request;
@@ -92,30 +92,41 @@
     ) -> Result<Self> {
         ensure!(dice_artifacts.bcc().is_some(), "Dice chain missing");
 
-        let Some(sk_service) = is_sk_supported(vm_service)? else {
+        let Some(sk_service) =
+            is_sk_supported(vm_service).context("Failed to check if Secretkeeper is supported")?
+        else {
             // Use V1 secrets if Secretkeeper is not supported.
             return Ok(Self::V1 { dice_artifacts });
         };
 
-        let explicit_dice =
-            OwnedDiceArtifactsWithExplicitKey::from_owned_artifacts(dice_artifacts)?;
+        let explicit_dice = OwnedDiceArtifactsWithExplicitKey::from_owned_artifacts(dice_artifacts)
+            .context("Failed to get Dice artifacts in explicit key format")?;
         // For pVM, skp_secret are stored in Secretkeeper. For non-protected it is all 0s.
         let mut skp_secret = Zeroizing::new([0u8; SECRET_SIZE]);
         if super::is_strict_boot() {
-            let mut session =
-                SkSession::new(sk_service, &explicit_dice, Some(get_secretkeeper_identity()?))?;
-            let id = super::get_instance_id()?.ok_or(anyhow!("Missing instance_id"))?;
+            let mut session = SkSession::new(
+                sk_service,
+                &explicit_dice,
+                Some(get_secretkeeper_identity().context("Failed to get secretkeeper identity")?),
+            )
+            .context("Failed to setup a Secretkeeper session")?;
+            let id = super::get_instance_id()
+                .context("Failed to get instance-id")?
+                .ok_or(anyhow!("Missing instance-id"))?;
             let explicit_dice_chain = explicit_dice
                 .explicit_key_dice_chain()
                 .ok_or(anyhow!("Missing explicit dice chain, this is unusual"))?;
-            let policy = sealing_policy(explicit_dice_chain).map_err(anyhow_err)?;
+            let policy = sealing_policy(explicit_dice_chain)
+                .map_err(|e| anyhow!("Failed to build a sealing_policy: {e}"))?;
             if super::is_new_instance() {
                 // New instance -> create a secret & store in Secretkeeper.
                 *skp_secret = rand::random();
-                store_secret(&mut session, id, skp_secret.clone(), policy)?;
+                store_secret(&mut session, id, skp_secret.clone(), policy)
+                    .context("Failed to store secret in Secretkeeper")?;
             } else {
                 // Subsequent run of the pVM -> get the secret stored in Secretkeeper.
-                *skp_secret = get_secret(&mut session, id, Some(policy))?;
+                *skp_secret = get_secret(&mut session, id, Some(policy))
+                    .context("Failed to get secret from Secretkeeper")?;
             }
         }
         Ok(Self::V2 {

diff --git a/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java b/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java
index ba02067..acd6f2c 100644
--- a/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java
+++ b/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java

@@ -127,12 +127,21 @@
         }
     }
 
+    public MicrodroidBenchmarks() throws IOException {
+        // See b/325745564#comment28. Calling this method here ensures that threads spawned for
+        // @Test methods are with the desired task profile. If this is called in @Before, the task
+        // profile may not be set to the test threads because they may be spanwed prior to the
+        // execution of the @Before method (though the test methods will be executed after the
+        // @Before method).  With this, children of this benchmark process (virtmgr and crosvm) also
+        // run in the desired task profile.
+        setMaxPerformanceTaskProfile();
+    }
+
     @Before
     public void setup() throws IOException {
         grantPermission(VirtualMachine.MANAGE_VIRTUAL_MACHINE_PERMISSION);
         grantPermission(VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION);
         prepareTestSetup(mProtectedVm, mGki);
-        setMaxPerformanceTaskProfile();
         mInstrumentation = getInstrumentation();
     }