Merge "Reland "[apkverify] Skip DSA SHA256 during apk verification""
diff --git a/compos/aidl/com/android/compos/ICompOsService.aidl b/compos/aidl/com/android/compos/ICompOsService.aidl
index 4df22da..9b45e13 100644
--- a/compos/aidl/com/android/compos/ICompOsService.aidl
+++ b/compos/aidl/com/android/compos/ICompOsService.aidl
@@ -44,12 +44,14 @@
/**
* Run odrefresh in the VM context.
*
- * The execution is based on the VM's APEX mounts, files on Android's /system (by accessing
- * through systemDirFd over AuthFS), and *CLASSPATH derived in the VM, to generate the same
- * odrefresh output artifacts to the output directory (through outputDirFd).
+ * The execution is based on the VM's APEX mounts, files on Android's /system and optionally
+ * /system_ext (by accessing through systemDirFd and systemExtDirFd over AuthFS), and
+ * *CLASSPATH derived in the VM, to generate the same odrefresh output artifacts to the output
+ * directory (through outputDirFd).
*
* @param compilationMode The type of compilation to be performed
* @param systemDirFd An fd referring to /system
+ * @param systemExtDirFd An optional fd referring to /system_ext. Negative number means none.
* @param outputDirFd An fd referring to the output directory, ART_APEX_DATA
* @param stagingDirFd An fd referring to the staging directory, e.g. ART_APEX_DATA/staging
* @param targetDirName The sub-directory of the output directory to which artifacts are to be
@@ -58,8 +60,8 @@
* @param systemServerCompilerFilter The compiler filter used to compile system server
* @return odrefresh exit code
*/
- byte odrefresh(CompilationMode compilation_mode, int systemDirFd, int outputDirFd,
- int stagingDirFd, String targetDirName, String zygoteArch,
+ byte odrefresh(CompilationMode compilation_mode, int systemDirFd, int systemExtDirFd,
+ int outputDirFd, int stagingDirFd, String targetDirName, String zygoteArch,
String systemServerCompilerFilter);
/**
diff --git a/compos/composd/src/odrefresh_task.rs b/compos/composd/src/odrefresh_task.rs
index a07a7f9..9276fb1 100644
--- a/compos/composd/src/odrefresh_task.rs
+++ b/compos/composd/src/odrefresh_task.rs
@@ -162,8 +162,7 @@
let staging_dir_raw_fd = staging_dir_fd.as_raw_fd();
// Get the /system_ext FD differently because it may not exist.
- // TODO(245761690): pass system_ext_dir_raw_fd to service.odrefresh(...)
- let (_system_ext_dir_raw_fd, ro_dir_fds) =
+ let (system_ext_dir_raw_fd, ro_dir_fds) =
if let Ok(system_ext_dir_fd) = open_dir(Path::new("/system_ext")) {
(system_ext_dir_fd.as_raw_fd(), vec![system_dir_fd, system_ext_dir_fd])
} else {
@@ -184,6 +183,7 @@
let exit_code = service.odrefresh(
compilation_mode,
system_dir_raw_fd,
+ system_ext_dir_raw_fd,
output_dir_raw_fd,
staging_dir_raw_fd,
target_dir_name,
diff --git a/compos/src/compilation.rs b/compos/src/compilation.rs
index ab228e1..d165599 100644
--- a/compos/src/compilation.rs
+++ b/compos/src/compilation.rs
@@ -41,6 +41,7 @@
pub struct OdrefreshContext<'a> {
compilation_mode: CompilationMode,
system_dir_fd: i32,
+ system_ext_dir_fd: Option<i32>,
output_dir_fd: i32,
staging_dir_fd: i32,
target_dir_name: &'a str,
@@ -49,9 +50,11 @@
}
impl<'a> OdrefreshContext<'a> {
+ #[allow(clippy::too_many_arguments)]
pub fn new(
compilation_mode: CompilationMode,
system_dir_fd: i32,
+ system_ext_dir_fd: Option<i32>,
output_dir_fd: i32,
staging_dir_fd: i32,
target_dir_name: &'a str,
@@ -88,6 +91,7 @@
Ok(Self {
compilation_mode,
system_dir_fd,
+ system_ext_dir_fd,
output_dir_fd,
staging_dir_fd,
target_dir_name,
@@ -108,14 +112,25 @@
{
// Mount authfs (via authfs_service). The authfs instance unmounts once the `authfs` variable
// is out of scope.
+
+ let mut input_dir_fd_annotations = vec![InputDirFdAnnotation {
+ fd: context.system_dir_fd,
+ // Use the 0th APK of the extra_apks in compos/apk/assets/vm_config*.json
+ manifestPath: "/mnt/extra-apk/0/assets/build_manifest.pb".to_string(),
+ prefix: "system/".to_string(),
+ }];
+ if let Some(fd) = context.system_ext_dir_fd {
+ input_dir_fd_annotations.push(InputDirFdAnnotation {
+ fd,
+ // Use the 1st APK of the extra_apks in compos/apk/assets/vm_config_system_ext_*.json
+ manifestPath: "/mnt/extra-apk/1/assets/build_manifest.pb".to_string(),
+ prefix: "system_ext/".to_string(),
+ });
+ }
+
let authfs_config = AuthFsConfig {
port: FD_SERVER_PORT,
- inputDirFdAnnotations: vec![InputDirFdAnnotation {
- fd: context.system_dir_fd,
- // 0 is the index of extra_apks in vm_config_extra_apk.json
- manifestPath: "/mnt/extra-apk/0/assets/build_manifest.pb".to_string(),
- prefix: "system/".to_string(),
- }],
+ inputDirFdAnnotations: input_dir_fd_annotations,
outputDirFdAnnotations: vec![
OutputDirFdAnnotation { fd: context.output_dir_fd },
OutputDirFdAnnotation { fd: context.staging_dir_fd },
@@ -134,6 +149,14 @@
odrefresh_vars.set("ANDROID_ROOT", path_to_str(&android_root)?);
debug!("ANDROID_ROOT={:?}", &android_root);
+ if let Some(fd) = context.system_ext_dir_fd {
+ let mut system_ext_root = mountpoint.clone();
+ system_ext_root.push(fd.to_string());
+ system_ext_root.push("system_ext");
+ odrefresh_vars.set("SYSTEM_EXT_ROOT", path_to_str(&system_ext_root)?);
+ debug!("SYSTEM_EXT_ROOT={:?}", &system_ext_root);
+ }
+
let art_apex_data = mountpoint.join(context.output_dir_fd.to_string());
odrefresh_vars.set("ART_APEX_DATA", path_to_str(&art_apex_data)?);
debug!("ART_APEX_DATA={:?}", &art_apex_data);
diff --git a/compos/src/compsvc.rs b/compos/src/compsvc.rs
index baf444e..7ce60cd 100644
--- a/compos/src/compsvc.rs
+++ b/compos/src/compsvc.rs
@@ -102,6 +102,7 @@
&self,
compilation_mode: CompilationMode,
system_dir_fd: i32,
+ system_ext_dir_fd: i32,
output_dir_fd: i32,
staging_dir_fd: i32,
target_dir_name: &str,
@@ -119,6 +120,7 @@
let context = to_binder_result(OdrefreshContext::new(
compilation_mode,
system_dir_fd,
+ if system_ext_dir_fd >= 0 { Some(system_ext_dir_fd) } else { None },
output_dir_fd,
staging_dir_fd,
target_dir_name,
diff --git a/docs/debug/ramdump.md b/docs/debug/ramdump.md
new file mode 100644
index 0000000..a0d9bf2
--- /dev/null
+++ b/docs/debug/ramdump.md
@@ -0,0 +1,159 @@
+# Doing RAM dump of a Microdroid VM and analyzing it
+
+A Microdroid VM creates a RAM dump of itself when the kernel panics. This
+document explains how the dump can be obtained and analyzed.
+
+## Force triggering a RAM dump
+
+RAM dump is created automatically when there's a kernel panic. However, for
+debugging purpose, you can forcibly trigger it via magic SysRq key.
+
+```shell
+$ adb shell /apex/com.android.virt/bin/vm run-app ... // run a Microdroid VM
+$ m vm_shell; vm_shell // connect to the VM
+# echo c > /proc/sysrq-trigger // force trigger a crash
+```
+
+Then you will see following message showing that crash is detected and the
+crashdump kernel is executed.
+
+```
+[ 14.949892][ T148] sysrq: Trigger a crash
+[ 14.952133][ T148] Kernel panic - not syncing: sysrq triggered crash
+[ 14.955309][ T148] CPU: 0 PID: 148 Comm: sh Kdump: loaded Not tainted 5.15.60-android14-5-04357-gbac79d727aea-ab9013362 #1
+[ 14.957803][ T148] Hardware name: linux,dummy-virt (DT)
+[ 14.959053][ T148] Call trace:
+[ 14.959809][ T148] dump_backtrace.cfi_jt+0x0/0x8
+[ 14.961019][ T148] dump_stack_lvl+0x68/0x98
+[ 14.962137][ T148] panic+0x160/0x3f4
+
+----------snip----------
+
+[ 14.998693][ T148] Starting crashdump kernel...
+[ 14.999411][ T148] Bye!
+Booting Linux on physical CPU 0x0000000000 [0x412fd050]
+Linux version 5.15.44+ (build-user@build-host) (Android (8508608, based on r450784e) clang version 14.0.7 (https://android.googlesource.com/toolchain/llvm-project 4c603efb0cca074e9238af8b4106c30add4418f6), LLD 14.0.7) #1 SMP PREEMPT Thu Jul 7 02:57:03 UTC 2022
+achine model: linux,dummy-virt
+earlycon: uart8250 at MMIO 0x00000000000003f8 (options '')
+printk: bootconsole [uart8250] enabled
+
+----------snip----------
+
+Run /bin/crashdump as init process
+Crashdump started
+Size is 98836480 bytes
+.....................................................................random: crng init done
+...............................done
+reboot: Restarting system with command 'kernel panic'
+```
+
+## Obtaining the RAM dump
+
+By default, RAM dumps are sent to tombstone. To see which tombstone file is for
+the RAM dump, look into the log.
+
+```shell
+$ adb logcat | grep SYSTEM_TOMBSTONE
+09-22 17:24:28.798 1335 1504 I BootReceiver: Copying /data/tombstones/tombstone_47 to DropBox (SYSTEM_TOMBSTONE)
+```
+
+In the above example, the RAM dump is saved as `/data/tombstones/tombstone_47`.
+You can download this using `adb pull`.
+
+```shell
+$ adb root && adb pull /data/tombstones/tombstone_47 ramdump && adb unroot
+```
+
+Alternatively, you can specify the path to where RAM dump is stored when
+launching the VM using the `--ramdump` option of the `vm` tool.
+
+```shell
+$ adb shelll /apex/com.android.virt/bin/vm run-app --ramdump /data/local/tmp/virt/ramdump ...
+```
+
+In the above example, the RAM dump is saved to `/data/local/tmp/virt/ramdump`.
+
+## Analyzing the RAM dump
+
+### Building the crash(8) tool
+
+You first need to build the crash(8) tool for the target architecture, which in most case is aarch64.
+
+Download the source code and build it as follows. This needs to be done only once.
+
+```shell
+$ wget https://github.com/crash-utility/crash/archive/refs/tags/8.0.1.tar.gz -O - | tar xzvf
+$ make -C crash-8.0.1 target=ARM64
+```
+
+### Obtaining vmlinux
+
+You also need the image of the kernel binary with debuggin enabled. The kernel
+binary should be the same as the actual kernel that you used in the Microdroid
+VM that crashed. To identify which kernel it was, look for the kernel version
+number in the logcat log.
+
+```
+[ 14.955309][ T148] CPU: 0 PID: 148 Comm: sh Kdump: loaded Not tainted 5.15.60-android14-5-04357-gbac79d727aea-ab9013362 #1
+```
+
+Here, the version number is
+`5.15.60-android14-5-04357-gbac79d727aea-ab9013362`. What is important here is
+the last component: `ab9013362`. The numbers after `ab` is the Android Build ID
+of the kernel.
+
+With the build ID, you can find the image from `ci.android.com` and download
+it. The direct link to the image is `https://ci.android.com/builds/submitted/9013362/kernel_microdroid_aarch64/latest/vmlinux`.
+
+DON'T forget to replace `9013362` with the actual build ID of the kernel you used.
+
+### Running crash(8) with the RAM dump and the kernel image
+
+```shell
+$ crash-8.0.1/crash ramdump vmlinux
+```
+
+You can now analyze the RAM dump using the various commands that crash(8) provides. For example, `bt <pid>` command shows the stack trace of a process.
+
+```
+crash> bt
+PID: 148 TASK: ffffff8001a2d880 CPU: 0 COMMAND: "sh"
+ #0 [ffffffc00926b9f0] machine_kexec at ffffffd48a852004
+ #1 [ffffffc00926bb90] __crash_kexec at ffffffd48a948008
+ #2 [ffffffc00926bc40] panic at ffffffd48a86e2a8
+ #3 [ffffffc00926bc90] sysrq_handle_crash.35db4764f472dc1c4a43f39b71f858ea at ffffffd48ad985c8
+ #4 [ffffffc00926bca0] __handle_sysrq at ffffffd48ad980e4
+ #5 [ffffffc00926bcf0] write_sysrq_trigger.35db4764f472dc1c4a43f39b71f858ea at ffffffd48ad994f0
+ #6 [ffffffc00926bd10] proc_reg_write.bc7c2a3e70d8726163739fbd131db16e at ffffffd48ab4d280
+ #7 [ffffffc00926bda0] vfs_write at ffffffd48aaaa1a4
+ #8 [ffffffc00926bdf0] ksys_write at ffffffd48aaaa5b0
+ #9 [ffffffc00926be30] __arm64_sys_write at ffffffd48aaaa644
+#10 [ffffffc00926be40] invoke_syscall at ffffffd48a84b55c
+#11 [ffffffc00926be60] do_el0_svc at ffffffd48a84b424
+#12 [ffffffc00926be80] el0_svc at ffffffd48b0a29e4
+#13 [ffffffc00926bea0] el0t_64_sync_handler at ffffffd48b0a2950
+#14 [ffffffc00926bfe0] el0t_64_sync at ffffffd48a811644
+ PC: 00000079d880b798 LR: 00000064b4afec8c SP: 0000007ff6ddb2e0
+ X29: 0000007ff6ddb360 X28: 0000007ff6ddb320 X27: 00000064b4b238e8
+ X26: 00000079d9c49000 X25: 0000000000000000 X24: b40000784870fda9
+ X23: 00000064b4b236f8 X22: 0000007ff6ddb340 X21: 0000007ff6ddb338
+ X20: b40000784870f618 X19: 0000000000000002 X18: 00000079daea4000
+ X17: 00000079d880b790 X16: 00000079d882dee0 X15: 0000000000000080
+ X14: 0000000000000000 X13: 0000008f00000160 X12: 000000004870f6ac
+ X11: 0000000000000008 X10: 000000000009c000 X9: b40000784870f618
+ X8: 0000000000000040 X7: 000000e70000000b X6: 0000020500000210
+ X5: 00000079d883a984 X4: ffffffffffffffff X3: ffffffffffffffff
+ X2: 0000000000000002 X1: b40000784870f618 X0: 0000000000000001
+ ORIG_X0: 0000000000000001 SYSCALLNO: 40 PSTATE: 00001000
+```
+
+Above shows that the shell process that executed `echo c > /proc/sysrq-trigger`
+actually triggered a crash in the kernel.
+
+For more commands of crash(8), refer to the man page, or embedded `help` command.
+
+
+
+
+
+
diff --git a/javalib/src/android/system/virtualmachine/VirtualMachine.java b/javalib/src/android/system/virtualmachine/VirtualMachine.java
index ae84c08..cc99006 100644
--- a/javalib/src/android/system/virtualmachine/VirtualMachine.java
+++ b/javalib/src/android/system/virtualmachine/VirtualMachine.java
@@ -273,7 +273,7 @@
throw new VirtualMachineException(e);
}
- VirtualMachine vm;
+ VirtualMachine vm = null;
synchronized (sInstancesLock) {
Map<String, WeakReference<VirtualMachine>> instancesMap;
if (sInstances.containsKey(context)) {
@@ -285,7 +285,8 @@
if (instancesMap.containsKey(name)) {
vm = instancesMap.get(name).get();
- } else {
+ }
+ if (vm == null) {
vm = new VirtualMachine(context, name, config);
instancesMap.put(name, new WeakReference<>(vm));
}