Disable Secretkeeper for CompOS
The isolated compilation VM doesn't need to be updated (it only runs
twice with identical inputs). Mark it as such, so it doesn't use
Secretkeeper.
Bug: 331417880
Test: Manual - trigger isolated compilation, see VM work
Change-Id: I74d90cc68cb38dbf42894165c97759823f3b2010
diff --git a/compos/common/compos_client.rs b/compos/common/compos_client.rs
index d0ca026..6914380 100644
--- a/compos/common/compos_client.rs
+++ b/compos/common/compos_client.rs
@@ -24,7 +24,10 @@
use android_system_virtualizationservice::aidl::android::system::virtualizationservice::{
CpuTopology::CpuTopology,
IVirtualizationService::IVirtualizationService,
- VirtualMachineAppConfig::{DebugLevel::DebugLevel, Payload::Payload, VirtualMachineAppConfig},
+ VirtualMachineAppConfig::{
+ CustomConfig::CustomConfig, DebugLevel::DebugLevel, Payload::Payload,
+ VirtualMachineAppConfig,
+ },
VirtualMachineConfig::VirtualMachineConfig,
};
use anyhow::{anyhow, bail, Context, Result};
@@ -116,6 +119,11 @@
VmCpuTopology::MatchHost => CpuTopology::MATCH_HOST,
};
+ // The CompOS VM doesn't need to be updatable (by design it should run exactly twice,
+ // with the same APKs and APEXes each time). And having it so causes some interesting
+ // circular dependencies when run at boot time by odsign: b/331417880.
+ let custom_config = Some(CustomConfig { wantUpdatable: false, ..Default::default() });
+
let config = VirtualMachineConfig::AppConfig(VirtualMachineAppConfig {
name: parameters.name.clone(),
apk: Some(apk_fd),
@@ -128,6 +136,7 @@
protectedVm: protected_vm,
memoryMib: parameters.memory_mib.unwrap_or(0), // 0 means use the default
cpuTopology: cpu_topology,
+ customConfig: custom_config,
..Default::default()
});