compos/composd/src/instance_starter.rs - android_packages_modules_Virtualization - Gitiles

 /*
  * Copyright (C) 2021 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 //! Responsible for validating and starting an existing instance of the CompOS VM, or creating and
 //! starting a new instance if necessary.

 use android_system_virtualizationservice::aidl::android::system::virtualizationservice::{
     IVirtualizationService::IVirtualizationService, PartitionType::PartitionType,
 };
 use anyhow::{anyhow, Context, Result};
 use binder::{LazyServiceGuard, ParcelFileDescriptor, Strong};
 use compos_aidl_interface::aidl::com::android::compos::ICompOsService::ICompOsService;
 use compos_common::compos_client::{ComposClient, VmParameters};
 use compos_common::{
     COMPOS_DATA_ROOT, IDSIG_FILE, IDSIG_MANIFEST_APK_FILE, IDSIG_MANIFEST_EXT_APK_FILE,
     INSTANCE_ID_FILE, INSTANCE_IMAGE_FILE,
 };
 use log::info;
 use std::fs;
 use std::path::{Path, PathBuf};
 use std::sync::Arc;

 pub struct CompOsInstance {
     service: Strong<dyn ICompOsService>,
     #[allow(dead_code)] // Keeps VirtualizationService & the VM alive
     vm_instance: ComposClient,
     #[allow(dead_code)] // Keeps composd process alive
     lazy_service_guard: LazyServiceGuard,
     // Keep this alive as long as we are
     instance_tracker: Arc<()>,
 }

 impl CompOsInstance {
     pub fn get_service(&self) -> Strong<dyn ICompOsService> {
         self.service.clone()
     }

     /// Returns an Arc that this instance holds a strong reference to as long as it exists. This
     /// can be used to determine when the instance has been dropped.
     pub fn get_instance_tracker(&self) -> &Arc<()> {
         &self.instance_tracker
     }

     /// Attempt to shut down the VM cleanly, giving time for any relevant logs to be written.
     pub fn shutdown(self) -> LazyServiceGuard {
         self.vm_instance.shutdown(self.service);
         // Return the guard to the caller, since we might be terminated at any point after it is
         // dropped, and there might still be things to do.
         self.lazy_service_guard
     }
 }

 pub struct InstanceStarter {
     instance_name: String,
     instance_root: PathBuf,
     instance_id_file: PathBuf,
     instance_image: PathBuf,
     idsig: PathBuf,
     idsig_manifest_apk: PathBuf,
     idsig_manifest_ext_apk: PathBuf,
     vm_parameters: VmParameters,
 }

 impl InstanceStarter {
     pub fn new(instance_name: &str, vm_parameters: VmParameters) -> Self {
         let instance_root = Path::new(COMPOS_DATA_ROOT).join(instance_name);
         let instance_root_path = instance_root.as_path();
         let instance_id_file = instance_root_path.join(INSTANCE_ID_FILE);
         let instance_image = instance_root_path.join(INSTANCE_IMAGE_FILE);
         let idsig = instance_root_path.join(IDSIG_FILE);
         let idsig_manifest_apk = instance_root_path.join(IDSIG_MANIFEST_APK_FILE);
         let idsig_manifest_ext_apk = instance_root_path.join(IDSIG_MANIFEST_EXT_APK_FILE);
         Self {
             instance_name: instance_name.to_owned(),
             instance_root,
             instance_id_file,
             instance_image,
             idsig,
             idsig_manifest_apk,
             idsig_manifest_ext_apk,
             vm_parameters,
         }
     }

     pub fn start_new_instance(
         &self,
         virtualization_service: &dyn IVirtualizationService,
     ) -> Result<CompOsInstance> {
         info!("Creating {} CompOs instance", self.instance_name);

         fs::create_dir_all(&self.instance_root)?;

         // Overwrite any existing instance - it's unlikely to be valid with the current set
         // of APEXes, and finding out it isn't is much more expensive than creating a new one.
         self.create_instance_image(virtualization_service)?;
         // TODO(b/294177871): Ping VS to delete the old instance's secret.
         if cfg!(llpvm_changes) {
             self.allocate_instance_id(virtualization_service)?;
         }
         // Delete existing idsig files. Ignore error in case idsig doesn't exist.
         let _ignored1 = fs::remove_file(&self.idsig);
         let _ignored2 = fs::remove_file(&self.idsig_manifest_apk);
         let _ignored3 = fs::remove_file(&self.idsig_manifest_ext_apk);

         let instance = self.start_vm(virtualization_service)?;

         // Retrieve the VM's attestation chain as a BCC and save it in the instance directory.
         let bcc = instance.service.getAttestationChain().context("Getting attestation chain")?;
         fs::write(self.instance_root.join("bcc"), bcc).context("Writing BCC")?;

         Ok(instance)
     }

     fn start_vm(
         &self,
         virtualization_service: &dyn IVirtualizationService,
     ) -> Result<CompOsInstance> {
         let instance_id: [u8; 64] = if cfg!(llpvm_changes) {
             fs::read(&self.instance_id_file)?
                 .try_into()
                 .map_err(|_| anyhow!("Failed to get instance_id"))?
         } else {
             [0u8; 64]
         };

         let instance_image = fs::OpenOptions::new()
             .read(true)
             .write(true)
             .open(&self.instance_image)
             .context("Failed to open instance image")?;
         let vm_instance = ComposClient::start(
             virtualization_service,
             instance_id,
             instance_image,
             &self.idsig,
             &self.idsig_manifest_apk,
             &self.idsig_manifest_ext_apk,
             &self.vm_parameters,
         )
         .context("Starting VM")?;
         let service = vm_instance.connect_service().context("Connecting to CompOS")?;
         Ok(CompOsInstance {
             vm_instance,
             service,
             lazy_service_guard: Default::default(),
             instance_tracker: Default::default(),
         })
     }

     fn create_instance_image(
         &self,
         virtualization_service: &dyn IVirtualizationService,
     ) -> Result<()> {
         let instance_image = fs::OpenOptions::new()
             .create(true)
             .truncate(true)
             .read(true)
             .write(true)
             .open(&self.instance_image)
             .context("Creating instance image file")?;
         let instance_image = ParcelFileDescriptor::new(instance_image);
         // TODO: Where does this number come from?
         let size = 10 * 1024 * 1024;
         virtualization_service
             .initializeWritablePartition(&instance_image, size, PartitionType::ANDROID_VM_INSTANCE)
             .context("Writing instance image file")?;
         Ok(())
     }

     fn allocate_instance_id(
         &self,
         virtualization_service: &dyn IVirtualizationService,
     ) -> Result<()> {
         let id = virtualization_service.allocateInstanceId().context("Allocating Instance Id")?;
         fs::write(&self.instance_id_file, id)?;
         Ok(())
     }
 }
	/*
	* Copyright (C) 2021 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	//! Responsible for validating and starting an existing instance of the CompOS VM, or creating and
	//! starting a new instance if necessary.

	use android_system_virtualizationservice::aidl::android::system::virtualizationservice::{
	IVirtualizationService::IVirtualizationService, PartitionType::PartitionType,
	};
	use anyhow::{anyhow, Context, Result};
	use binder::{LazyServiceGuard, ParcelFileDescriptor, Strong};
	use compos_aidl_interface::aidl::com::android::compos::ICompOsService::ICompOsService;
	use compos_common::compos_client::{ComposClient, VmParameters};
	use compos_common::{
	COMPOS_DATA_ROOT, IDSIG_FILE, IDSIG_MANIFEST_APK_FILE, IDSIG_MANIFEST_EXT_APK_FILE,
	INSTANCE_ID_FILE, INSTANCE_IMAGE_FILE,
	};
	use log::info;
	use std::fs;
	use std::path::{Path, PathBuf};
	use std::sync::Arc;

	pub struct CompOsInstance {
	service: Strong<dyn ICompOsService>,
	#[allow(dead_code)] // Keeps VirtualizationService & the VM alive
	vm_instance: ComposClient,
	#[allow(dead_code)] // Keeps composd process alive
	lazy_service_guard: LazyServiceGuard,
	// Keep this alive as long as we are
	instance_tracker: Arc<()>,
	}

	impl CompOsInstance {
	pub fn get_service(&self) -> Strong<dyn ICompOsService> {
	self.service.clone()
	}

	/// Returns an Arc that this instance holds a strong reference to as long as it exists. This
	/// can be used to determine when the instance has been dropped.
	pub fn get_instance_tracker(&self) -> &Arc<()> {
	&self.instance_tracker
	}

	/// Attempt to shut down the VM cleanly, giving time for any relevant logs to be written.
	pub fn shutdown(self) -> LazyServiceGuard {
	self.vm_instance.shutdown(self.service);
	// Return the guard to the caller, since we might be terminated at any point after it is
	// dropped, and there might still be things to do.
	self.lazy_service_guard
	}
	}

	pub struct InstanceStarter {
	instance_name: String,
	instance_root: PathBuf,
	instance_id_file: PathBuf,
	instance_image: PathBuf,
	idsig: PathBuf,
	idsig_manifest_apk: PathBuf,
	idsig_manifest_ext_apk: PathBuf,
	vm_parameters: VmParameters,
	}

	impl InstanceStarter {
	pub fn new(instance_name: &str, vm_parameters: VmParameters) -> Self {
	let instance_root = Path::new(COMPOS_DATA_ROOT).join(instance_name);
	let instance_root_path = instance_root.as_path();
	let instance_id_file = instance_root_path.join(INSTANCE_ID_FILE);
	let instance_image = instance_root_path.join(INSTANCE_IMAGE_FILE);
	let idsig = instance_root_path.join(IDSIG_FILE);
	let idsig_manifest_apk = instance_root_path.join(IDSIG_MANIFEST_APK_FILE);
	let idsig_manifest_ext_apk = instance_root_path.join(IDSIG_MANIFEST_EXT_APK_FILE);
	Self {
	instance_name: instance_name.to_owned(),
	instance_root,
	instance_id_file,
	instance_image,
	idsig,
	idsig_manifest_apk,
	idsig_manifest_ext_apk,
	vm_parameters,
	}
	}

	pub fn start_new_instance(
	&self,
	virtualization_service: &dyn IVirtualizationService,
	) -> Result<CompOsInstance> {
	info!("Creating {} CompOs instance", self.instance_name);

	fs::create_dir_all(&self.instance_root)?;

	// Overwrite any existing instance - it's unlikely to be valid with the current set
	// of APEXes, and finding out it isn't is much more expensive than creating a new one.
	self.create_instance_image(virtualization_service)?;
	// TODO(b/294177871): Ping VS to delete the old instance's secret.
	if cfg!(llpvm_changes) {
	self.allocate_instance_id(virtualization_service)?;
	}
	// Delete existing idsig files. Ignore error in case idsig doesn't exist.
	let _ignored1 = fs::remove_file(&self.idsig);
	let _ignored2 = fs::remove_file(&self.idsig_manifest_apk);
	let _ignored3 = fs::remove_file(&self.idsig_manifest_ext_apk);

	let instance = self.start_vm(virtualization_service)?;

	// Retrieve the VM's attestation chain as a BCC and save it in the instance directory.
	let bcc = instance.service.getAttestationChain().context("Getting attestation chain")?;
	fs::write(self.instance_root.join("bcc"), bcc).context("Writing BCC")?;

	Ok(instance)
	}

	fn start_vm(
	&self,
	virtualization_service: &dyn IVirtualizationService,
	) -> Result<CompOsInstance> {
	let instance_id: [u8; 64] = if cfg!(llpvm_changes) {
	fs::read(&self.instance_id_file)?
	.try_into()
	.map_err(\|_\| anyhow!("Failed to get instance_id"))?
	} else {
	[0u8; 64]
	};

	let instance_image = fs::OpenOptions::new()
	.read(true)
	.write(true)
	.open(&self.instance_image)
	.context("Failed to open instance image")?;
	let vm_instance = ComposClient::start(
	virtualization_service,
	instance_id,
	instance_image,
	&self.idsig,
	&self.idsig_manifest_apk,
	&self.idsig_manifest_ext_apk,
	&self.vm_parameters,
	)
	.context("Starting VM")?;
	let service = vm_instance.connect_service().context("Connecting to CompOS")?;
	Ok(CompOsInstance {
	vm_instance,
	service,
	lazy_service_guard: Default::default(),
	instance_tracker: Default::default(),
	})
	}

	fn create_instance_image(
	&self,
	virtualization_service: &dyn IVirtualizationService,
	) -> Result<()> {
	let instance_image = fs::OpenOptions::new()
	.create(true)
	.truncate(true)
	.read(true)
	.write(true)
	.open(&self.instance_image)
	.context("Creating instance image file")?;
	let instance_image = ParcelFileDescriptor::new(instance_image);
	// TODO: Where does this number come from?
	let size = 10 * 1024 * 1024;
	virtualization_service
	.initializeWritablePartition(&instance_image, size, PartitionType::ANDROID_VM_INSTANCE)
	.context("Writing instance image file")?;
	Ok(())
	}

	fn allocate_instance_id(
	&self,
	virtualization_service: &dyn IVirtualizationService,
	) -> Result<()> {
	let id = virtualization_service.allocateInstanceId().context("Allocating Instance Id")?;
	fs::write(&self.instance_id_file, id)?;
	Ok(())
	}
	}