Merge "Update kernel to builds 11868669" into main
diff --git a/service_vm/README.md b/service_vm/README.md
index ca03c1d..b45b3ae 100644
--- a/service_vm/README.md
+++ b/service_vm/README.md
@@ -5,18 +5,35 @@
following requirements:
- Only one instance of the Service VM is allowed to run at any given time.
-- The *secret* contained within the instance image of the Service VM remains
- unchanged during updates of both the client VMs and the Service VM.
+- The instance ID of the Service VM remains unchanged during updates of
+ both the client VMs and the Service VM.
-The secret is an encrypted random array that can only be decrypted by
-[pVM Firmware][pvmfw]. It is incorporated into the [CDI values][cdi] calculation
-of each VM loaded by pVM Firmware to ensure consistent CDI values for the VM
+The instance ID is incorporated into the [CDI values][cdi] calculation of
+each VM loaded by pVM Firmware to ensure consistent CDI values for the VM
across all reboots.
[cdi]: https://android.googlesource.com/platform/external/open-dice/+/main/docs/specification.md#CDI-Values
-[pvmfw]: https://android.googlesource.com/platform/packages/modules/Virtualization/+/main/pvmfw/README.md
-## RKP VM (Remote Key Provisioning Virtual Machine)
+## Architecture
+
+[Rialto](../rialto) is used as the bare-metal kernel for the Service VM. It
+shares some low-level setup, such as memory management and virtio device
+parsing, with pvmfw. The common setup code is grouped in [vmbase/](../vmbase).
+
+## Functionality
+
+The main functionality of the Service VM is to process requests from the host
+and provide responses for each request. The requests and responses are
+serialized in CBOR format and transmitted over a virtio-vsock device.
+
+- [./comm](./comm) contains the definitions for the requests and responses.
+- [./requests](./requests) contains the library that processes the requests.
+- [./manager](./manager) manages the Service VM session, ensuring that only
+ one Service VM is active at any given time. The
+ [virtualizationservice](../virtualizationservice) process owns and manages
+ the Service VM instance.
+
+### RKP VM (Remote Key Provisioning Virtual Machine)
Currently, the Service VM only supports VM remote attestation, and in that
context we refer to it as the RKP VM. The RKP VM undergoes validation by the
diff --git a/virtualizationmanager/src/aidl.rs b/virtualizationmanager/src/aidl.rs
index 796ae21..aeee6f7 100644
--- a/virtualizationmanager/src/aidl.rs
+++ b/virtualizationmanager/src/aidl.rs
@@ -1049,7 +1049,7 @@
return Ok(());
}
let perm_svc: Strong<dyn IPermissionController::IPermissionController> =
- binder::get_interface("permission")?;
+ binder::wait_for_interface("permission")?;
if perm_svc.checkPermission(perm, calling_pid, calling_uid as i32)? {
Ok(())
} else {
diff --git a/virtualizationservice/src/aidl.rs b/virtualizationservice/src/aidl.rs
index 5dbfe22..5e71245 100644
--- a/virtualizationservice/src/aidl.rs
+++ b/virtualizationservice/src/aidl.rs
@@ -875,7 +875,7 @@
return Ok(());
}
let perm_svc: Strong<dyn IPermissionController::IPermissionController> =
- binder::get_interface("permission")?;
+ binder::wait_for_interface("permission")?;
if perm_svc.checkPermission(perm, calling_pid, calling_uid as i32)? {
Ok(())
} else {