Merge changes from topic "libmemoffset_nostd" into main
* changes:
libfdt: Make get_property_by_offset() less unsafe
libfdt: Move FFI for DT properties to Libfdt*
libfdt: Add setprop_placeholder & Improve trimprop
libfdt: Make Libfdt::string() actually safe
libfdt: Move string functions to Libfdt
libfdt: Move phandle functions and 0-cost Phandle
diff --git a/Android.bp b/Android.bp
index 696a963..03bea5a 100644
--- a/Android.bp
+++ b/Android.bp
@@ -62,6 +62,27 @@
},
}
+soong_config_module_type {
+ name: "avf_flag_aware_cc_defaults",
+ module_type: "cc_defaults",
+ config_namespace: "ANDROID",
+ bool_variables: [
+ "release_avf_enable_virt_cpufreq",
+ ],
+ properties: [
+ "cflags",
+ ],
+}
+
+avf_flag_aware_cc_defaults {
+ name: "avf_build_flags_cc",
+ soong_config_variables: {
+ release_avf_enable_virt_cpufreq: {
+ cflags: ["-DAVF_ENABLE_VIRT_CPUFREQ=1"],
+ },
+ },
+}
+
genrule_defaults {
name: "dts_to_dtb",
tools: ["dtc"],
diff --git a/apex/Android.bp b/apex/Android.bp
index 7cc0414..ba42c88 100644
--- a/apex/Android.bp
+++ b/apex/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/apex/empty-payload-apk/Android.bp b/apex/empty-payload-apk/Android.bp
index 8bd138f..72ec392 100644
--- a/apex/empty-payload-apk/Android.bp
+++ b/apex/empty-payload-apk/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
@@ -17,6 +18,7 @@
cc_library {
name: "MicrodroidEmptyPayloadJniLib",
+ defaults: ["avf_build_flags_cc"],
srcs: ["empty_binary.cpp"],
shared_libs: ["libvm_payload#current"],
installable: true,
diff --git a/apex/permissions/Android.bp b/apex/permissions/Android.bp
index 0c925ce..38fd9a1 100644
--- a/apex/permissions/Android.bp
+++ b/apex/permissions/Android.bp
@@ -14,6 +14,7 @@
// limitations under the License.
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/apkdmverity/Android.bp b/apkdmverity/Android.bp
index 0cb8ca1..40c5f72 100644
--- a/apkdmverity/Android.bp
+++ b/apkdmverity/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/authfs/Android.bp b/authfs/Android.bp
index 8ac600d..8dc6d86 100644
--- a/authfs/Android.bp
+++ b/authfs/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/authfs/aidl/Android.bp b/authfs/aidl/Android.bp
index 9504037..277a964 100644
--- a/authfs/aidl/Android.bp
+++ b/authfs/aidl/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/authfs/fd_server/Android.bp b/authfs/fd_server/Android.bp
index b02c104..9a16d04 100644
--- a/authfs/fd_server/Android.bp
+++ b/authfs/fd_server/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/authfs/fd_server/src/aidl.rs b/authfs/fd_server/src/aidl.rs
index ada3ffb..8edd899 100644
--- a/authfs/fd_server/src/aidl.rs
+++ b/authfs/fd_server/src/aidl.rs
@@ -375,6 +375,10 @@
}
}
+// FFI types like `c_long` vary on 32/64-bit, and the check is only needed on
+// 64-bit conversions. Fixing this lint makes the code less readable.
+#[allow(unknown_lints)]
+#[allow(clippy::unnecessary_fallible_conversions)]
fn try_into_fs_stat(st: Statvfs) -> Result<FsStat, std::num::TryFromIntError> {
Ok(FsStat {
blockSize: st.block_size().try_into()?,
diff --git a/authfs/service/Android.bp b/authfs/service/Android.bp
index 2101a36..b4d3b09 100644
--- a/authfs/service/Android.bp
+++ b/authfs/service/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/authfs/src/fsverity/metadata/Android.bp b/authfs/src/fsverity/metadata/Android.bp
index c874c2b..c468b7d 100644
--- a/authfs/src/fsverity/metadata/Android.bp
+++ b/authfs/src/fsverity/metadata/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/authfs/tests/benchmarks/Android.bp b/authfs/tests/benchmarks/Android.bp
index cea5a81..5820cb4 100644
--- a/authfs/tests/benchmarks/Android.bp
+++ b/authfs/tests/benchmarks/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
@@ -28,6 +29,7 @@
cc_binary {
name: "measure_io",
+ defaults: ["avf_build_flags_cc"],
srcs: [
"src/measure_io.cpp",
],
diff --git a/authfs/tests/common/Android.bp b/authfs/tests/common/Android.bp
index bba329e..60d2df3 100644
--- a/authfs/tests/common/Android.bp
+++ b/authfs/tests/common/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/authfs/tests/common/src/open_then_run.rs b/authfs/tests/common/src/open_then_run.rs
index 6d828e4..a976784 100644
--- a/authfs/tests/common/src/open_then_run.rs
+++ b/authfs/tests/common/src/open_then_run.rs
@@ -161,7 +161,7 @@
android_logger::init_once(
android_logger::Config::default()
.with_tag("open_then_run")
- .with_min_level(log::Level::Debug),
+ .with_max_level(log::LevelFilter::Debug),
);
if let Err(e) = try_main() {
diff --git a/authfs/tests/hosttests/Android.bp b/authfs/tests/hosttests/Android.bp
index 83ef853..1e95e10 100644
--- a/authfs/tests/hosttests/Android.bp
+++ b/authfs/tests/hosttests/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/compos/Android.bp b/compos/Android.bp
index b840506..bf57e27 100644
--- a/compos/Android.bp
+++ b/compos/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/compos/aidl/Android.bp b/compos/aidl/Android.bp
index 7036511..1660837 100644
--- a/compos/aidl/Android.bp
+++ b/compos/aidl/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/compos/apex/Android.bp b/compos/apex/Android.bp
index 55cc446..8b1ba27 100644
--- a/compos/apex/Android.bp
+++ b/compos/apex/Android.bp
@@ -12,6 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/compos/apex/composd.rc b/compos/apex/composd.rc
index df04642..55f3737 100644
--- a/compos/apex/composd.rc
+++ b/compos/apex/composd.rc
@@ -19,10 +19,7 @@
interface aidl android.system.composd
disabled
oneshot
- # Explicitly specify empty capabilities, otherwise composd will inherit all
- # the capabilities from init.
- # Note: whether a process can use capabilities is controlled by SELinux, so
- # inheriting all the capabilities from init is not a security issue.
- # However, for defense-in-depth and just for the sake of bookkeeping it's
- # better to explicitly state that composd doesn't need any capabilities.
- capabilities
+ # We need SYS_NICE in order to allow the crosvm child process to use it.
+ # (b/322197421). composd itself never uses it (and isn't allowed to by
+ # SELinux).
+ capabilities SYS_NICE
diff --git a/compos/apk/Android.bp b/compos/apk/Android.bp
index c6192b9..a06a5a4 100644
--- a/compos/apk/Android.bp
+++ b/compos/apk/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/compos/benchmark/Android.bp b/compos/benchmark/Android.bp
index 93927a2..96d35b4 100644
--- a/compos/benchmark/Android.bp
+++ b/compos/benchmark/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/compos/common/Android.bp b/compos/common/Android.bp
index 01ab7c9..32bdf8a 100644
--- a/compos/common/Android.bp
+++ b/compos/common/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/compos/compos_key_helper/Android.bp b/compos/compos_key_helper/Android.bp
index f8dc783..7d27525 100644
--- a/compos/compos_key_helper/Android.bp
+++ b/compos/compos_key_helper/Android.bp
@@ -1,9 +1,11 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
cc_defaults {
name: "compos_key_defaults",
+ defaults: ["avf_build_flags_cc"],
apex_available: ["com.android.compos"],
shared_libs: [
diff --git a/compos/composd/Android.bp b/compos/composd/Android.bp
index b0294dd..96d4da7 100644
--- a/compos/composd/Android.bp
+++ b/compos/composd/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/compos/composd/aidl/Android.bp b/compos/composd/aidl/Android.bp
index 56b0b60..20e3679 100644
--- a/compos/composd/aidl/Android.bp
+++ b/compos/composd/aidl/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/compos/composd/native/Android.bp b/compos/composd/native/Android.bp
index f35517f..a0923ef 100644
--- a/compos/composd/native/Android.bp
+++ b/compos/composd/native/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/compos/composd_cmd/Android.bp b/compos/composd_cmd/Android.bp
index 4d3ed5f..8b7a909 100644
--- a/compos/composd_cmd/Android.bp
+++ b/compos/composd_cmd/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/compos/service/Android.bp b/compos/service/Android.bp
index 3dcf8be..478ea3b 100644
--- a/compos/service/Android.bp
+++ b/compos/service/Android.bp
@@ -13,6 +13,7 @@
// limitations under the License.
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/compos/tests/Android.bp b/compos/tests/Android.bp
index 511ecd0..1213a16 100644
--- a/compos/tests/Android.bp
+++ b/compos/tests/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/compos/verify/Android.bp b/compos/verify/Android.bp
index f4d8695..6fba1fd 100644
--- a/compos/verify/Android.bp
+++ b/compos/verify/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/compos/verify/native/Android.bp b/compos/verify/native/Android.bp
index 438d93a..ac2fcfb 100644
--- a/compos/verify/native/Android.bp
+++ b/compos/verify/native/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
@@ -24,6 +25,7 @@
cc_library_static {
name: "libcompos_verify_native_cpp",
+ defaults: ["avf_build_flags_cc"],
srcs: ["verify_native.cpp"],
static_libs: ["libcompos_key"],
shared_libs: [
diff --git a/demo/Android.bp b/demo/Android.bp
index a291ee1..90e302a 100644
--- a/demo/Android.bp
+++ b/demo/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/demo_native/Android.bp b/demo_native/Android.bp
index 901f829..facb2bb 100644
--- a/demo_native/Android.bp
+++ b/demo_native/Android.bp
@@ -1,9 +1,11 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
cc_binary {
name: "vm_demo_native",
+ defaults: ["avf_build_flags_cc"],
srcs: ["main.cpp"],
static_libs: [
"libbase",
diff --git a/encryptedstore/Android.bp b/encryptedstore/Android.bp
index aa46c35..225eedd 100644
--- a/encryptedstore/Android.bp
+++ b/encryptedstore/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/javalib/Android.bp b/javalib/Android.bp
index e3cb2e3..680d59b 100644
--- a/javalib/Android.bp
+++ b/javalib/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/javalib/api/test-current.txt b/javalib/api/test-current.txt
index 958005f..5aff93f 100644
--- a/javalib/api/test-current.txt
+++ b/javalib/api/test-current.txt
@@ -7,12 +7,14 @@
}
public final class VirtualMachineConfig {
+ method @FlaggedApi("RELEASE_AVF_ENABLE_MULTI_TENANT_MICRODROID_VM") @NonNull public java.util.List<java.lang.String> getExtraApks();
method @FlaggedApi("RELEASE_AVF_ENABLE_VENDOR_MODULES") @Nullable public String getOs();
method @Nullable public String getPayloadConfigPath();
method public boolean isVmConsoleInputSupported();
}
public static final class VirtualMachineConfig.Builder {
+ method @FlaggedApi("RELEASE_AVF_ENABLE_MULTI_TENANT_MICRODROID_VM") @NonNull public android.system.virtualmachine.VirtualMachineConfig.Builder addExtraApk(@NonNull String);
method @FlaggedApi("RELEASE_AVF_ENABLE_VENDOR_MODULES") @NonNull public android.system.virtualmachine.VirtualMachineConfig.Builder setOs(@NonNull String);
method @NonNull @RequiresPermission(android.system.virtualmachine.VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION) public android.system.virtualmachine.VirtualMachineConfig.Builder setPayloadConfigPath(@NonNull String);
method @FlaggedApi("RELEASE_AVF_ENABLE_VENDOR_MODULES") @NonNull @RequiresPermission(android.system.virtualmachine.VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION) public android.system.virtualmachine.VirtualMachineConfig.Builder setVendorDiskImage(@NonNull java.io.File);
diff --git a/javalib/jni/Android.bp b/javalib/jni/Android.bp
index e82b2ce..24dece2 100644
--- a/javalib/jni/Android.bp
+++ b/javalib/jni/Android.bp
@@ -1,9 +1,11 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
cc_library_shared {
name: "libvirtualizationservice_jni",
+ defaults: ["avf_build_flags_cc"],
srcs: [
"android_system_virtualmachine_VirtualizationService.cpp",
],
@@ -19,6 +21,7 @@
cc_library_shared {
name: "libvirtualmachine_jni",
+ defaults: ["avf_build_flags_cc"],
srcs: [
"android_system_virtualmachine_VirtualMachine.cpp",
],
diff --git a/javalib/src/android/system/virtualmachine/VirtualMachine.java b/javalib/src/android/system/virtualmachine/VirtualMachine.java
index 16f9631..5025e88 100644
--- a/javalib/src/android/system/virtualmachine/VirtualMachine.java
+++ b/javalib/src/android/system/virtualmachine/VirtualMachine.java
@@ -54,6 +54,8 @@
import android.annotation.WorkerThread;
import android.content.ComponentCallbacks2;
import android.content.Context;
+import android.content.pm.ApplicationInfo;
+import android.content.pm.PackageManager;
import android.content.res.Configuration;
import android.os.Binder;
import android.os.IBinder;
@@ -76,7 +78,6 @@
import java.io.File;
import java.io.FileInputStream;
-import java.io.FileOutputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
@@ -807,10 +808,30 @@
createVmInputPipes();
}
+ VirtualMachineConfig vmConfig = getConfig();
VirtualMachineAppConfig appConfig =
- getConfig().toVsConfig(mContext.getPackageManager());
+ vmConfig.toVsConfig(mContext.getPackageManager());
appConfig.name = mName;
+ if (!vmConfig.getExtraApks().isEmpty()) {
+ // Extra APKs were specified directly, rather than via config file.
+ // We've already populated the file names for the extra APKs and IDSigs
+ // (via setupExtraApks). But we also need to open the APK files and add
+ // fds for them to the payload config.
+ // This isn't needed when the extra APKs are specified in a config file - then
+ // Virtualization Manager opens them itself.
+ List<ParcelFileDescriptor> extraApkFiles = new ArrayList<>(mExtraApks.size());
+ for (ExtraApkSpec extraApk : mExtraApks) {
+ try {
+ extraApkFiles.add(
+ ParcelFileDescriptor.open(extraApk.apk, MODE_READ_ONLY));
+ } catch (FileNotFoundException e) {
+ throw new VirtualMachineException("Failed to open extra APK", e);
+ }
+ }
+ appConfig.payload.getPayloadConfig().extraApks = extraApkFiles;
+ }
+
try {
createIdSigs(service, appConfig);
} catch (FileNotFoundException e) {
@@ -1239,6 +1260,46 @@
return result.toString();
}
+ /**
+ * Reads the payload config inside the application, parses extra APK information, and then
+ * creates corresponding idsig file paths.
+ */
+ private static List<ExtraApkSpec> setupExtraApks(
+ @NonNull Context context, @NonNull VirtualMachineConfig config, @NonNull File vmDir)
+ throws VirtualMachineException {
+ String configPath = config.getPayloadConfigPath();
+ List<String> extraApks = config.getExtraApks();
+ if (configPath != null) {
+ return setupExtraApksFromConfigFile(context, vmDir, configPath);
+ } else if (!extraApks.isEmpty()) {
+ return setupExtraApksFromList(context, vmDir, extraApks);
+ } else {
+ return Collections.emptyList();
+ }
+ }
+
+ private static List<ExtraApkSpec> setupExtraApksFromConfigFile(
+ Context context, File vmDir, String configPath) throws VirtualMachineException {
+ try (ZipFile zipFile = new ZipFile(context.getPackageCodePath())) {
+ InputStream inputStream = zipFile.getInputStream(zipFile.getEntry(configPath));
+ List<String> apkList =
+ parseExtraApkListFromPayloadConfig(
+ new JsonReader(new InputStreamReader(inputStream)));
+
+ List<ExtraApkSpec> extraApks = new ArrayList<>(apkList.size());
+ for (int i = 0; i < apkList.size(); ++i) {
+ extraApks.add(
+ new ExtraApkSpec(
+ new File(apkList.get(i)),
+ new File(vmDir, EXTRA_IDSIG_FILE_PREFIX + i)));
+ }
+
+ return extraApks;
+ } catch (IOException e) {
+ throw new VirtualMachineException("Couldn't parse extra apks from the vm config", e);
+ }
+ }
+
private static List<String> parseExtraApkListFromPayloadConfig(JsonReader reader)
throws VirtualMachineException {
/*
@@ -1275,36 +1336,28 @@
}
}
- /**
- * Reads the payload config inside the application, parses extra APK information, and then
- * creates corresponding idsig file paths.
- */
- private static List<ExtraApkSpec> setupExtraApks(
- @NonNull Context context, @NonNull VirtualMachineConfig config, @NonNull File vmDir)
- throws VirtualMachineException {
- String configPath = config.getPayloadConfigPath();
- if (configPath == null) {
- return Collections.emptyList();
- }
- try (ZipFile zipFile = new ZipFile(context.getPackageCodePath())) {
- InputStream inputStream =
- zipFile.getInputStream(zipFile.getEntry(configPath));
- List<String> apkList =
- parseExtraApkListFromPayloadConfig(
- new JsonReader(new InputStreamReader(inputStream)));
-
- List<ExtraApkSpec> extraApks = new ArrayList<>();
- for (int i = 0; i < apkList.size(); ++i) {
- extraApks.add(
- new ExtraApkSpec(
- new File(apkList.get(i)),
- new File(vmDir, EXTRA_IDSIG_FILE_PREFIX + i)));
+ private static List<ExtraApkSpec> setupExtraApksFromList(
+ Context context, File vmDir, List<String> extraApkInfo) throws VirtualMachineException {
+ int count = extraApkInfo.size();
+ List<ExtraApkSpec> extraApks = new ArrayList<>(count);
+ for (int i = 0; i < count; i++) {
+ String packageName = extraApkInfo.get(i);
+ ApplicationInfo appInfo;
+ try {
+ appInfo =
+ context.getPackageManager()
+ .getApplicationInfo(
+ packageName, PackageManager.ApplicationInfoFlags.of(0));
+ } catch (PackageManager.NameNotFoundException e) {
+ throw new VirtualMachineException("Extra APK package not found", e);
}
- return Collections.unmodifiableList(extraApks);
- } catch (IOException e) {
- throw new VirtualMachineException("Couldn't parse extra apks from the vm config", e);
+ extraApks.add(
+ new ExtraApkSpec(
+ new File(appInfo.sourceDir),
+ new File(vmDir, EXTRA_IDSIG_FILE_PREFIX + i)));
}
+ return extraApks;
}
private void importInstanceFrom(@NonNull ParcelFileDescriptor instanceFd)
diff --git a/javalib/src/android/system/virtualmachine/VirtualMachineConfig.java b/javalib/src/android/system/virtualmachine/VirtualMachineConfig.java
index e8ef195..9688789 100644
--- a/javalib/src/android/system/virtualmachine/VirtualMachineConfig.java
+++ b/javalib/src/android/system/virtualmachine/VirtualMachineConfig.java
@@ -49,7 +49,10 @@
import java.io.OutputStream;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
+import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collections;
+import java.util.List;
import java.util.Objects;
import java.util.zip.ZipFile;
@@ -67,7 +70,7 @@
private static String[] EMPTY_STRING_ARRAY = {};
// These define the schema of the config file persisted on disk.
- private static final int VERSION = 7;
+ private static final int VERSION = 8;
private static final String KEY_VERSION = "version";
private static final String KEY_PACKAGENAME = "packageName";
private static final String KEY_APKPATH = "apkPath";
@@ -82,6 +85,7 @@
private static final String KEY_VM_CONSOLE_INPUT_SUPPORTED = "vmConsoleInputSupported";
private static final String KEY_VENDOR_DISK_IMAGE_PATH = "vendorDiskImagePath";
private static final String KEY_OS = "os";
+ private static final String KEY_EXTRA_APKS = "extraApks";
/** @hide */
@Retention(RetentionPolicy.SOURCE)
@@ -140,6 +144,8 @@
/** Absolute path to the APK file containing the VM payload. */
@Nullable private final String mApkPath;
+ private final List<String> mExtraApks;
+
@DebugLevel private final int mDebugLevel;
/**
@@ -181,6 +187,7 @@
private VirtualMachineConfig(
@Nullable String packageName,
@Nullable String apkPath,
+ List<String> extraApks,
@Nullable String payloadConfigPath,
@Nullable String payloadBinaryName,
@DebugLevel int debugLevel,
@@ -195,6 +202,11 @@
// This is only called from Builder.build(); the builder handles parameter validation.
mPackageName = packageName;
mApkPath = apkPath;
+ mExtraApks =
+ extraApks.isEmpty()
+ ? Collections.emptyList()
+ : Collections.unmodifiableList(
+ Arrays.asList(extraApks.toArray(new String[0])));
mPayloadConfigPath = payloadConfigPath;
mPayloadBinaryName = payloadBinaryName;
mDebugLevel = debugLevel;
@@ -292,6 +304,13 @@
builder.setOs(os);
}
+ String[] extraApks = b.getStringArray(KEY_EXTRA_APKS);
+ if (extraApks != null) {
+ for (String extraApk : extraApks) {
+ builder.addExtraApk(extraApk);
+ }
+ }
+
return builder.build();
}
@@ -331,6 +350,10 @@
b.putString(KEY_VENDOR_DISK_IMAGE_PATH, mVendorDiskImage.getAbsolutePath());
}
b.putString(KEY_OS, mOs);
+ if (!mExtraApks.isEmpty()) {
+ String[] extraApks = mExtraApks.toArray(new String[0]);
+ b.putStringArray(KEY_EXTRA_APKS, extraApks);
+ }
b.writeToStream(output);
}
@@ -347,6 +370,19 @@
}
/**
+ * Returns the package names of any extra APKs that have been requested for the VM. They are
+ * returned in the order in which they were added via {@link Builder#addExtraApk}.
+ *
+ * @hide
+ */
+ @TestApi
+ @FlaggedApi("RELEASE_AVF_ENABLE_MULTI_TENANT_MICRODROID_VM")
+ @NonNull
+ public List<String> getExtraApks() {
+ return mExtraApks;
+ }
+
+ /**
* Returns the path within the APK to the payload config file that defines software aspects of
* the VM.
*
@@ -495,7 +531,8 @@
&& Objects.equals(this.mPayloadConfigPath, other.mPayloadConfigPath)
&& Objects.equals(this.mPayloadBinaryName, other.mPayloadBinaryName)
&& Objects.equals(this.mPackageName, other.mPackageName)
- && Objects.equals(this.mOs, other.mOs);
+ && Objects.equals(this.mOs, other.mOs)
+ && Objects.equals(this.mExtraApks, other.mExtraApks);
}
/**
@@ -623,6 +660,7 @@
@Nullable private final String mPackageName;
@Nullable private String mApkPath;
+ private final List<String> mExtraApks = new ArrayList<>();
@Nullable private String mPayloadConfigPath;
@Nullable private String mPayloadBinaryName;
@DebugLevel private int mDebugLevel = DEBUG_LEVEL_NONE;
@@ -683,6 +721,10 @@
throw new IllegalStateException(
"setPayloadConfigPath and setOs may not both be called");
}
+ if (!mExtraApks.isEmpty()) {
+ throw new IllegalStateException(
+ "setPayloadConfigPath and addExtraApk may not both be called");
+ }
} else {
if (mPayloadConfigPath != null) {
throw new IllegalStateException(
@@ -710,6 +752,7 @@
return new VirtualMachineConfig(
packageName,
apkPath,
+ mExtraApks,
mPayloadConfigPath,
mPayloadBinaryName,
mDebugLevel,
@@ -742,6 +785,21 @@
}
/**
+ * Specify the package name of an extra APK to be included in the VM. Each extra APK is
+ * mounted, in unzipped form, inside the VM, allowing access to the code and/or data within
+ * it. The VM entry point must be in the main APK.
+ *
+ * @hide
+ */
+ @TestApi
+ @FlaggedApi("RELEASE_AVF_ENABLE_MULTI_TENANT_MICRODROID_VM")
+ @NonNull
+ public Builder addExtraApk(@NonNull String packageName) {
+ mExtraApks.add(requireNonNull(packageName, "extra APK package name must not be null"));
+ return this;
+ }
+
+ /**
* Sets the path within the APK to the payload config file that defines software aspects of
* the VM. The file is a JSON file; see
* packages/modules/Virtualization/microdroid/payload/config/src/lib.rs for the format.
diff --git a/javalib/src/android/system/virtualmachine/VirtualMachineManager.java b/javalib/src/android/system/virtualmachine/VirtualMachineManager.java
index 2802659..1250bd1 100644
--- a/javalib/src/android/system/virtualmachine/VirtualMachineManager.java
+++ b/javalib/src/android/system/virtualmachine/VirtualMachineManager.java
@@ -92,13 +92,19 @@
})
public @interface Capability {}
- /* The implementation supports creating protected VMs, whose memory is inaccessible to the
- * host OS.
+ /**
+ * The implementation supports creating protected VMs, whose memory is inaccessible to the host
+ * OS.
+ *
+ * @see VirtualMachineConfig.Builder#setProtectedVm
*/
public static final int CAPABILITY_PROTECTED_VM = 1;
- /* The implementation supports creating non-protected VMs, whose memory is accessible to the
+ /**
+ * The implementation supports creating non-protected VMs, whose memory is accessible to the
* host OS.
+ *
+ * @see VirtualMachineConfig.Builder#setProtectedVm
*/
public static final int CAPABILITY_NON_PROTECTED_VM = 2;
@@ -120,6 +126,7 @@
*/
@TestApi
public static final String FEATURE_DICE_CHANGES = IVirtualizationService.FEATURE_DICE_CHANGES;
+
/**
* Feature to run payload as non-root user.
*
diff --git a/launcher/Android.bp b/launcher/Android.bp
index 6c6417f..9835fc9 100644
--- a/launcher/Android.bp
+++ b/launcher/Android.bp
@@ -1,9 +1,11 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
cc_binary {
name: "microdroid_launcher",
+ defaults: ["avf_build_flags_cc"],
srcs: ["main.cpp"],
shared_libs: [
"libbase",
diff --git a/libs/apexutil/Android.bp b/libs/apexutil/Android.bp
index beff58d..410c3cf 100644
--- a/libs/apexutil/Android.bp
+++ b/libs/apexutil/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/libs/apkmanifest/Android.bp b/libs/apkmanifest/Android.bp
index e6fcbef..54c4f6c 100644
--- a/libs/apkmanifest/Android.bp
+++ b/libs/apkmanifest/Android.bp
@@ -4,6 +4,7 @@
cc_library_shared {
name: "libapkmanifest_native",
+ defaults: ["avf_build_flags_cc"],
srcs: ["native/*.cpp"],
shared_libs: [
"libandroidfw",
diff --git a/libs/apkverify/Android.bp b/libs/apkverify/Android.bp
index 4c5a622..e39c46d 100644
--- a/libs/apkverify/Android.bp
+++ b/libs/apkverify/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/libs/apkverify/tests/apkverify_test.rs b/libs/apkverify/tests/apkverify_test.rs
index 441b708..96fad5f 100644
--- a/libs/apkverify/tests/apkverify_test.rs
+++ b/libs/apkverify/tests/apkverify_test.rs
@@ -37,7 +37,7 @@
android_logger::init_once(
android_logger::Config::default()
.with_tag("apkverify_test")
- .with_min_level(log::Level::Info),
+ .with_max_level(log::LevelFilter::Info),
);
info!("Test starting");
}
diff --git a/libs/apkzip/Android.bp b/libs/apkzip/Android.bp
index dc35b5e..f3622b1 100644
--- a/libs/apkzip/Android.bp
+++ b/libs/apkzip/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/libs/avflog/Android.bp b/libs/avflog/Android.bp
index 695a6c6..7e8daef 100644
--- a/libs/avflog/Android.bp
+++ b/libs/avflog/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/libs/bssl/Android.bp b/libs/bssl/Android.bp
index 2bb5ba5..b023e87 100644
--- a/libs/bssl/Android.bp
+++ b/libs/bssl/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/libs/bssl/error/Android.bp b/libs/bssl/error/Android.bp
index 000e385..ebdbc0a 100644
--- a/libs/bssl/error/Android.bp
+++ b/libs/bssl/error/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/libs/capabilities/Android.bp b/libs/capabilities/Android.bp
index 55112e1..2799926 100644
--- a/libs/capabilities/Android.bp
+++ b/libs/capabilities/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/libs/cstr/Android.bp b/libs/cstr/Android.bp
index 4ea87df..88f43a0 100644
--- a/libs/cstr/Android.bp
+++ b/libs/cstr/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/libs/devicemapper/Android.bp b/libs/devicemapper/Android.bp
index 5332469..5c74162 100644
--- a/libs/devicemapper/Android.bp
+++ b/libs/devicemapper/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/libs/dice/open_dice/Android.bp b/libs/dice/open_dice/Android.bp
index 79d0b96..9481f5d 100644
--- a/libs/dice/open_dice/Android.bp
+++ b/libs/dice/open_dice/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_visibility: [":__subpackages__"],
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/libs/dice/sample_inputs/Android.bp b/libs/dice/sample_inputs/Android.bp
index 013038c..e5d35a7 100644
--- a/libs/dice/sample_inputs/Android.bp
+++ b/libs/dice/sample_inputs/Android.bp
@@ -13,6 +13,7 @@
// limitations under the License.
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/libs/libfdt/Android.bp b/libs/libfdt/Android.bp
index b5f7471..6a7f7f2 100644
--- a/libs/libfdt/Android.bp
+++ b/libs/libfdt/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/libs/vbmeta/Android.bp b/libs/vbmeta/Android.bp
index 4fb6ae4..48f9e51 100644
--- a/libs/vbmeta/Android.bp
+++ b/libs/vbmeta/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/microdroid/Android.bp b/microdroid/Android.bp
index 233754a..e2d7af4 100644
--- a/microdroid/Android.bp
+++ b/microdroid/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/microdroid/init_debug_policy/Android.bp b/microdroid/init_debug_policy/Android.bp
index 2a87ac9..320417d 100644
--- a/microdroid/init_debug_policy/Android.bp
+++ b/microdroid/init_debug_policy/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/microdroid/initrd/Android.bp b/microdroid/initrd/Android.bp
index ec971fa..6f1c9a1 100644
--- a/microdroid/initrd/Android.bp
+++ b/microdroid/initrd/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/microdroid/kdump/Android.bp b/microdroid/kdump/Android.bp
index b9a18fe..5d129f4 100644
--- a/microdroid/kdump/Android.bp
+++ b/microdroid/kdump/Android.bp
@@ -1,9 +1,11 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
cc_binary {
name: "microdroid_kexec",
+ defaults: ["avf_build_flags_cc"],
stem: "kexec_load",
srcs: ["kexec.c"],
installable: false,
@@ -13,6 +15,7 @@
cc_binary {
name: "microdroid_crashdump",
+ defaults: ["avf_build_flags_cc"],
stem: "crashdump",
srcs: ["crashdump.c"],
static_executable: true,
diff --git a/microdroid/kdump/kernel/Android.bp b/microdroid/kdump/kernel/Android.bp
index 0705875..9d241b4 100644
--- a/microdroid/kdump/kernel/Android.bp
+++ b/microdroid/kdump/kernel/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["microdroid_crashdump_kernel_license"],
}
diff --git a/microdroid/kernel/arm64/Android.bp b/microdroid/kernel/arm64/Android.bp
index 0975993..e014509 100644
--- a/microdroid/kernel/arm64/Android.bp
+++ b/microdroid/kernel/arm64/Android.bp
@@ -13,6 +13,7 @@
// limitations under the License.
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["microdroid_kernel_prebuilts_6.1_arm64_license"],
}
diff --git a/microdroid/kernel/x86_64/Android.bp b/microdroid/kernel/x86_64/Android.bp
index b3041cd..f7161de 100644
--- a/microdroid/kernel/x86_64/Android.bp
+++ b/microdroid/kernel/x86_64/Android.bp
@@ -13,6 +13,7 @@
// limitations under the License.
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["microdroid_kernel_prebuilts_6.1_x86_64_license"],
}
diff --git a/microdroid/payload/Android.bp b/microdroid/payload/Android.bp
index 4814a64..e67a6d5 100644
--- a/microdroid/payload/Android.bp
+++ b/microdroid/payload/Android.bp
@@ -1,9 +1,11 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
cc_defaults {
name: "microdroid_metadata_default",
+ defaults: ["avf_build_flags_cc"],
host_supported: true,
srcs: [
"metadata.proto",
diff --git a/microdroid/payload/config/Android.bp b/microdroid/payload/config/Android.bp
index 4c72b97..7abee15 100644
--- a/microdroid/payload/config/Android.bp
+++ b/microdroid/payload/config/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/microdroid/payload/metadata/Android.bp b/microdroid/payload/metadata/Android.bp
index cd182fc..be87fb8 100644
--- a/microdroid/payload/metadata/Android.bp
+++ b/microdroid/payload/metadata/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/microdroid_manager/Android.bp b/microdroid_manager/Android.bp
index 81bb409..0174ce4 100644
--- a/microdroid_manager/Android.bp
+++ b/microdroid_manager/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/microdroid_manager/aidl/Android.bp b/microdroid_manager/aidl/Android.bp
index 353e9cc..be035df 100644
--- a/microdroid_manager/aidl/Android.bp
+++ b/microdroid_manager/aidl/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/pvmfw/Android.bp b/pvmfw/Android.bp
index b7b17e4..110d46a 100644
--- a/pvmfw/Android.bp
+++ b/pvmfw/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
@@ -294,6 +295,7 @@
// numbers defined in the ARM DT binding headers
cc_object {
name: "pvmfw_platform.dts.preprocessed",
+ defaults: ["avf_build_flags_cc"],
header_libs: ["arm_dt_bindings_headers"],
host_supported: true,
srcs: [":pvmfw_platform.dts.renamed"],
diff --git a/pvmfw/avb/Android.bp b/pvmfw/avb/Android.bp
index 6101a0c..3bb8354 100644
--- a/pvmfw/avb/Android.bp
+++ b/pvmfw/avb/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/pvmfw/avb/fuzz/Android.bp b/pvmfw/avb/fuzz/Android.bp
index e970eed..fe3af0f 100644
--- a/pvmfw/avb/fuzz/Android.bp
+++ b/pvmfw/avb/fuzz/Android.bp
@@ -13,6 +13,7 @@
// limitations under the License.
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/pvmfw/src/fdt.rs b/pvmfw/src/fdt.rs
index 1e37572..ac52be9 100644
--- a/pvmfw/src/fdt.rs
+++ b/pvmfw/src/fdt.rs
@@ -40,12 +40,14 @@
use log::error;
use log::info;
use log::warn;
+use static_assertions::const_assert;
use tinyvec::ArrayVec;
use vmbase::fdt::SwiotlbInfo;
use vmbase::layout::{crosvm::MEM_START, MAX_VIRT_ADDR};
use vmbase::memory::SIZE_4KB;
use vmbase::util::flatten;
use vmbase::util::RangeExt as _;
+use zerocopy::AsBytes as _;
/// An enumeration of errors that can occur during the FDT validation.
#[derive(Clone, Debug)]
@@ -163,39 +165,47 @@
}
fn patch_memory_range(fdt: &mut Fdt, memory_range: &Range<usize>) -> libfdt::Result<()> {
- let size = memory_range.len() as u64;
+ let addr = u64::try_from(MEM_START).unwrap();
+ let size = u64::try_from(memory_range.len()).unwrap();
fdt.node_mut(cstr!("/memory"))?
.ok_or(FdtError::NotFound)?
- .setprop_inplace(cstr!("reg"), flatten(&[MEM_START.to_be_bytes(), size.to_be_bytes()]))
+ .setprop_inplace(cstr!("reg"), [addr.to_be(), size.to_be()].as_bytes())
}
-/// Read the number of CPUs from DT
-fn read_num_cpus_from(fdt: &Fdt) -> libfdt::Result<usize> {
- Ok(fdt.compatible_nodes(cstr!("arm,arm-v8"))?.count())
-}
+#[derive(Debug, Default)]
+struct CpuInfo {}
-/// Validate number of CPUs
-fn validate_num_cpus(num_cpus: usize) -> Result<(), FdtValidationError> {
- if num_cpus == 0 || DeviceTreeInfo::gic_patched_size(num_cpus).is_none() {
- Err(FdtValidationError::InvalidCpuCount(num_cpus))
- } else {
- Ok(())
+fn read_cpu_info_from(fdt: &Fdt) -> libfdt::Result<ArrayVec<[CpuInfo; DeviceTreeInfo::MAX_CPUS]>> {
+ let mut cpus = ArrayVec::new();
+
+ let mut cpu_nodes = fdt.compatible_nodes(cstr!("arm,arm-v8"))?;
+ for _cpu in cpu_nodes.by_ref().take(cpus.capacity()) {
+ let info = CpuInfo {};
+ cpus.push(info);
}
+ if cpu_nodes.next().is_some() {
+ warn!("DT has more than {} CPU nodes: discarding extra nodes.", cpus.capacity());
+ }
+
+ Ok(cpus)
}
-/// Patch DT by keeping `num_cpus` number of arm,arm-v8 compatible nodes, and pruning the rest.
-fn patch_num_cpus(fdt: &mut Fdt, num_cpus: usize) -> libfdt::Result<()> {
- let cpu = cstr!("arm,arm-v8");
- let mut next = fdt.root_mut()?.next_compatible(cpu)?;
- for _ in 0..num_cpus {
- next = if let Some(current) = next {
- current.next_compatible(cpu)?
- } else {
- return Err(FdtError::NoSpace);
- };
+fn validate_cpu_info(cpus: &[CpuInfo]) -> Result<(), FdtValidationError> {
+ if cpus.is_empty() {
+ return Err(FdtValidationError::InvalidCpuCount(0));
+ }
+
+ Ok(())
+}
+
+fn patch_cpus(fdt: &mut Fdt, cpus: &[CpuInfo]) -> libfdt::Result<()> {
+ const COMPAT: &CStr = cstr!("arm,arm-v8");
+ let mut next = fdt.root_mut()?.next_compatible(COMPAT)?;
+ for _cpu in cpus {
+ next = next.ok_or(FdtError::NoSpace)?.next_compatible(COMPAT)?;
}
while let Some(current) = next {
- next = current.delete_and_next_compatible(cpu)?;
+ next = current.delete_and_next_compatible(COMPAT)?;
}
Ok(())
}
@@ -485,11 +495,17 @@
}
fn read_serial_info_from(fdt: &Fdt) -> libfdt::Result<SerialInfo> {
- let mut addrs: ArrayVec<[u64; SerialInfo::MAX_SERIALS]> = Default::default();
- for node in fdt.compatible_nodes(cstr!("ns16550a"))?.take(SerialInfo::MAX_SERIALS) {
+ let mut addrs = ArrayVec::new();
+
+ let mut serial_nodes = fdt.compatible_nodes(cstr!("ns16550a"))?;
+ for node in serial_nodes.by_ref().take(addrs.capacity()) {
let reg = node.first_reg()?;
addrs.push(reg.addr);
}
+ if serial_nodes.next().is_some() {
+ warn!("DT has more than {} UART nodes: discarding extra nodes.", addrs.capacity());
+ }
+
Ok(SerialInfo { addrs })
}
@@ -570,7 +586,8 @@
let mut range1 = ranges.next().ok_or(FdtError::NotFound)?;
let addr = range0.addr;
- // `validate_num_cpus()` checked that this wouldn't panic
+ // `read_cpu_info_from()` guarantees that we have at most MAX_CPUS.
+ const_assert!(DeviceTreeInfo::gic_patched_size(DeviceTreeInfo::MAX_CPUS).is_some());
let size = u64::try_from(DeviceTreeInfo::gic_patched_size(num_cpus).unwrap()).unwrap();
// range1 is just below range0
@@ -603,17 +620,11 @@
*v = v.to_be();
}
- // SAFETY: array size is the same
- let value = unsafe {
- core::mem::transmute::<
- [u32; NUM_INTERRUPTS * CELLS_PER_INTERRUPT],
- [u8; NUM_INTERRUPTS * CELLS_PER_INTERRUPT * size_of::<u32>()],
- >(value.into_inner())
- };
+ let value = value.into_inner();
let mut node =
fdt.root_mut()?.next_compatible(cstr!("arm,armv8-timer"))?.ok_or(FdtError::NotFound)?;
- node.setprop_inplace(cstr!("interrupts"), value.as_slice())
+ node.setprop_inplace(cstr!("interrupts"), value.as_bytes())
}
#[derive(Debug)]
@@ -622,7 +633,7 @@
pub initrd_range: Option<Range<usize>>,
pub memory_range: Range<usize>,
bootargs: Option<CString>,
- num_cpus: usize,
+ cpus: ArrayVec<[CpuInfo; DeviceTreeInfo::MAX_CPUS]>,
pci_info: PciInfo,
serial_info: SerialInfo,
pub swiotlb_info: SwiotlbInfo,
@@ -631,7 +642,9 @@
}
impl DeviceTreeInfo {
- fn gic_patched_size(num_cpus: usize) -> Option<usize> {
+ const MAX_CPUS: usize = 16;
+
+ const fn gic_patched_size(num_cpus: usize) -> Option<usize> {
const GIC_REDIST_SIZE_PER_CPU: usize = 32 * SIZE_4KB;
GIC_REDIST_SIZE_PER_CPU.checked_mul(num_cpus)
@@ -729,12 +742,12 @@
RebootReason::InvalidFdt
})?;
- let num_cpus = read_num_cpus_from(fdt).map_err(|e| {
- error!("Failed to read num cpus from DT: {e}");
+ let cpus = read_cpu_info_from(fdt).map_err(|e| {
+ error!("Failed to read CPU info from DT: {e}");
RebootReason::InvalidFdt
})?;
- validate_num_cpus(num_cpus).map_err(|e| {
- error!("Failed to validate num cpus from DT: {e}");
+ validate_cpu_info(&cpus).map_err(|e| {
+ error!("Failed to validate CPU info from DT: {e}");
RebootReason::InvalidFdt
})?;
@@ -782,7 +795,7 @@
initrd_range,
memory_range,
bootargs,
- num_cpus,
+ cpus,
pci_info,
serial_info,
swiotlb_info,
@@ -808,7 +821,7 @@
RebootReason::InvalidFdt
})?;
}
- patch_num_cpus(fdt, info.num_cpus).map_err(|e| {
+ patch_cpus(fdt, &info.cpus).map_err(|e| {
error!("Failed to patch cpus to DT: {e}");
RebootReason::InvalidFdt
})?;
@@ -824,11 +837,11 @@
error!("Failed to patch swiotlb info to DT: {e}");
RebootReason::InvalidFdt
})?;
- patch_gic(fdt, info.num_cpus).map_err(|e| {
+ patch_gic(fdt, info.cpus.len()).map_err(|e| {
error!("Failed to patch gic info to DT: {e}");
RebootReason::InvalidFdt
})?;
- patch_timer(fdt, info.num_cpus).map_err(|e| {
+ patch_timer(fdt, info.cpus.len()).map_err(|e| {
error!("Failed to patch timer info to DT: {e}");
RebootReason::InvalidFdt
})?;
diff --git a/rialto/Android.bp b/rialto/Android.bp
index c102c89..d7aac35 100644
--- a/rialto/Android.bp
+++ b/rialto/Android.bp
@@ -133,11 +133,11 @@
"libandroid_logger",
"libanyhow",
"libbssl_avf_nostd",
- "libciborium",
"libclient_vm_csr",
"libcoset",
"liblibc",
"liblog_rust",
+ "libhwtrust",
"libservice_vm_comm",
"libservice_vm_fake_chain",
"libservice_vm_manager",
diff --git a/rialto/src/main.rs b/rialto/src/main.rs
index e705562..ad9b776 100644
--- a/rialto/src/main.rs
+++ b/rialto/src/main.rs
@@ -37,7 +37,7 @@
use hyp::{get_mem_sharer, get_mmio_guard};
use libfdt::FdtError;
use log::{debug, error, info};
-use service_vm_comm::{RequestProcessingError, Response, ServiceVmRequest, VmType};
+use service_vm_comm::{ServiceVmRequest, VmType};
use service_vm_fake_chain::service_vm;
use service_vm_requests::process_request;
use virtio_drivers::{
@@ -177,15 +177,7 @@
let mut vsock_stream = VsockStream::new(socket_device, host_addr())?;
while let ServiceVmRequest::Process(req) = vsock_stream.read_request()? {
- let mut response = process_request(req, bcc_handover.as_ref());
- // TODO(b/185878400): We don't want to issue a certificate to pVM when the client VM
- // attestation is unfinished. The following code should be removed once the
- // verification is completed.
- if vm_type() == VmType::ProtectedVm
- && matches!(response, Response::RequestClientVmAttestation(_))
- {
- response = Response::Err(RequestProcessingError::OperationUnimplemented);
- }
+ let response = process_request(req, bcc_handover.as_ref());
vsock_stream.write_response(&response)?;
vsock_stream.flush()?;
}
diff --git a/rialto/tests/test.rs b/rialto/tests/test.rs
index c918db5..8899875 100644
--- a/rialto/tests/test.rs
+++ b/rialto/tests/test.rs
@@ -23,9 +23,9 @@
};
use anyhow::{bail, Context, Result};
use bssl_avf::{sha256, EcKey, PKey};
-use ciborium::value::Value;
use client_vm_csr::generate_attestation_key_and_csr;
use coset::{CborSerializable, CoseMac0, CoseSign};
+use hwtrust::{rkp, session::Session};
use log::info;
use service_vm_comm::{
ClientVmAttestationParams, Csr, CsrPayload, EcdsaP256KeyPair, GenerateCertificateRequestParams,
@@ -37,7 +37,6 @@
use service_vm_manager::ServiceVm;
use std::fs;
use std::fs::File;
-use std::io;
use std::panic;
use std::path::PathBuf;
use std::str::FromStr;
@@ -272,22 +271,16 @@
Ok(())
}
-/// TODO(b/300625792): Check the CSR with libhwtrust once the CSR is complete.
fn check_csr(csr: Vec<u8>) -> Result<()> {
- let mut reader = io::Cursor::new(csr);
- let csr: Value = ciborium::from_reader(&mut reader)?;
- match csr {
- Value::Array(arr) => {
- assert_eq!(4, arr.len());
- }
- _ => bail!("Incorrect CSR format: {csr:?}"),
- }
+ let _csr = rkp::Csr::from_cbor(&Session::default(), &csr[..]).context("Failed to parse CSR")?;
Ok(())
}
fn start_service_vm(vm_type: VmType) -> Result<ServiceVm> {
android_logger::init_once(
- android_logger::Config::default().with_tag("rialto").with_min_level(log::Level::Debug),
+ android_logger::Config::default()
+ .with_tag("rialto")
+ .with_max_level(log::LevelFilter::Debug),
);
// Redirect panic messages to logcat.
panic::set_hook(Box::new(|panic_info| {
diff --git a/service_vm/client_vm_csr/Android.bp b/service_vm/client_vm_csr/Android.bp
index 8d738d8..e2ac573 100644
--- a/service_vm/client_vm_csr/Android.bp
+++ b/service_vm/client_vm_csr/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/service_vm/comm/Android.bp b/service_vm/comm/Android.bp
index bf923a4..23ff202 100644
--- a/service_vm/comm/Android.bp
+++ b/service_vm/comm/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/service_vm/test_apk/Android.bp b/service_vm/demo_apk/Android.bp
similarity index 63%
rename from service_vm/test_apk/Android.bp
rename to service_vm/demo_apk/Android.bp
index 4da3f81..5644819 100644
--- a/service_vm/test_apk/Android.bp
+++ b/service_vm/demo_apk/Android.bp
@@ -1,11 +1,12 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
android_app {
- name: "ServiceVmClientTestApp",
+ name: "VmAttestationDemoApp",
installable: true,
- jni_libs: ["libservice_vm_client"],
+ jni_libs: ["libvm_attestation_payload"],
jni_uses_platform_apis: true,
use_embedded_native_libs: true,
sdk_version: "system_current",
@@ -14,8 +15,8 @@
}
rust_defaults {
- name: "service_vm_client_defaults",
- crate_name: "service_vm_client",
+ name: "vm_attestation_payload_defaults",
+ crate_name: "vm_attestation_payload",
defaults: ["avf_build_flags_rust"],
srcs: ["src/main.rs"],
prefer_rlib: true,
@@ -28,6 +29,6 @@
}
rust_ffi {
- name: "libservice_vm_client",
- defaults: ["service_vm_client_defaults"],
+ name: "libvm_attestation_payload",
+ defaults: ["vm_attestation_payload_defaults"],
}
diff --git a/service_vm/test_apk/AndroidManifest.xml b/service_vm/demo_apk/AndroidManifest.xml
similarity index 94%
rename from service_vm/test_apk/AndroidManifest.xml
rename to service_vm/demo_apk/AndroidManifest.xml
index b3598fc..228195d 100644
--- a/service_vm/test_apk/AndroidManifest.xml
+++ b/service_vm/demo_apk/AndroidManifest.xml
@@ -13,7 +13,7 @@
limitations under the License.
-->
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
- package="com.android.virt.service_vm.client">
+ package="com.android.virt.vm_attestation.demo">
<uses-permission android:name="android.permission.MANAGE_VIRTUAL_MACHINE" />
<uses-permission android:name="android.permission.USE_CUSTOM_VIRTUAL_MACHINE" />
diff --git a/service_vm/demo_apk/README.md b/service_vm/demo_apk/README.md
new file mode 100644
index 0000000..551d47b
--- /dev/null
+++ b/service_vm/demo_apk/README.md
@@ -0,0 +1,53 @@
+# VmAttestationDemoApp
+
+## Overview
+
+The *VmAttestationDemoApp* is an Android application that provides a practical
+demonstration of how to interact with the VM Attestation APIs. This app focuses
+on the payload of the Android app and the payload performs two main tasks:
+requesting attestation and validating the attestation result.
+
+## Building
+
+To build the VmAttestationDemoApp, use the following command:
+
+```
+m VmAttestationDemoApp
+```
+
+## Installing
+
+To install the app on your device, execute the following command:
+
+```
+adb install $ANDROID_PRODUCT_OUT/system/app/VmAttestationDemoApp/VmAttestationDemoApp.apk
+```
+
+## Running
+
+Before running the app, make sure that the device has an internet connection and
+that the remote provisioning host is not empty. You can use the following
+command to check the remote provisioning host:
+
+```
+$ adb shell getprop remote_provisioning.hostname
+remoteprovisioning.googleapis.com
+```
+
+Once you have confirmed the remote provisioning host, you can run the app using
+the following command:
+
+```
+TEST_ROOT=/data/local/tmp/virt && adb shell /apex/com.android.virt/bin/vm run-app \
+ --config-path assets/config.json --debug full \
+ $(adb shell pm path com.android.virt.vm_attestation.demo | cut -c 9-) \
+ $TEST_ROOT/VmAttestationDemoApp.apk.idsig \
+ $TEST_ROOT/instance.vm_attestation.debug.img --protected
+```
+
+Please note that remote attestation is only available for protected VMs.
+Therefore, ensure that the VM is launched in protected mode using the
+`--protected` flag.
+
+If everything is set up correctly, you should be able to see the attestation
+result printed out in the VM logs.
diff --git a/service_vm/test_apk/assets/config.json b/service_vm/demo_apk/assets/config.json
similarity index 74%
rename from service_vm/test_apk/assets/config.json
rename to service_vm/demo_apk/assets/config.json
index 02749fe..1684696 100644
--- a/service_vm/test_apk/assets/config.json
+++ b/service_vm/demo_apk/assets/config.json
@@ -4,7 +4,7 @@
},
"task": {
"type": "microdroid_launcher",
- "command": "libservice_vm_client.so"
+ "command": "libvm_attestation_payload.so"
},
"export_tombstones": true
}
\ No newline at end of file
diff --git a/service_vm/test_apk/src/main.rs b/service_vm/demo_apk/src/main.rs
similarity index 98%
rename from service_vm/test_apk/src/main.rs
rename to service_vm/demo_apk/src/main.rs
index ba65aca..0d1efb0 100644
--- a/service_vm/test_apk/src/main.rs
+++ b/service_vm/demo_apk/src/main.rs
@@ -36,7 +36,7 @@
android_logger::init_once(
android_logger::Config::default()
.with_tag("service_vm_client")
- .with_min_level(log::Level::Debug),
+ .with_max_level(log::LevelFilter::Debug),
);
// Redirect panic messages to logcat.
panic::set_hook(Box::new(|panic_info| {
@@ -224,6 +224,6 @@
// static string.
let message = unsafe { AVmAttestationResult_resultToString(status) };
// SAFETY: The pointer returned by `AVmAttestationResult_resultToString` is guaranteed to
- // point to a valid C String.
+ // point to a valid C String that lives forever.
unsafe { CStr::from_ptr(message) }
}
diff --git a/service_vm/fake_chain/Android.bp b/service_vm/fake_chain/Android.bp
index 2bc7b4e..7735aac 100644
--- a/service_vm/fake_chain/Android.bp
+++ b/service_vm/fake_chain/Android.bp
@@ -13,6 +13,7 @@
// limitations under the License.
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/service_vm/kernel/Android.bp b/service_vm/kernel/Android.bp
index 79158e6..3817495 100644
--- a/service_vm/kernel/Android.bp
+++ b/service_vm/kernel/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/service_vm/manager/Android.bp b/service_vm/manager/Android.bp
index 6469212..6e186a5 100644
--- a/service_vm/manager/Android.bp
+++ b/service_vm/manager/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/service_vm/requests/Android.bp b/service_vm/requests/Android.bp
index 57da012..5a49207 100644
--- a/service_vm/requests/Android.bp
+++ b/service_vm/requests/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/service_vm/requests/src/rkp.rs b/service_vm/requests/src/rkp.rs
index 9901a92..569ab01 100644
--- a/service_vm/requests/src/rkp.rs
+++ b/service_vm/requests/src/rkp.rs
@@ -76,13 +76,10 @@
public_keys.push(public_key.to_cbor_value()?);
}
// Builds `CsrPayload`.
- // TODO(b/299256925): The device information is currently empty as we do not
- // have sufficient details to include.
- let device_info = Value::Map(Vec::new());
let csr_payload = cbor!([
Value::Integer(CSR_PAYLOAD_SCHEMA_V3.into()),
Value::Text(String::from(CERTIFICATE_TYPE)),
- device_info,
+ device_info(),
Value::Array(public_keys),
])?;
let csr_payload = cbor_util::serialize(&csr_payload)?;
@@ -107,6 +104,22 @@
Ok(cbor_util::serialize(&auth_req)?)
}
+/// Generates the device info required by the RKP server as a temporary placeholder.
+/// More details in b/301592917.
+fn device_info() -> Value {
+ cbor!({"brand" => "aosp-avf",
+ "manufacturer" => "aosp-avf",
+ "product" => "avf",
+ "model" => "avf",
+ "device" => "avf",
+ "vbmeta_digest" => Value::Bytes(vec![0u8; 0]),
+ "system_patch_level" => 202402,
+ "boot_patch_level" => 20240202,
+ "vendor_patch_level" => 20240202,
+ "fused" => 1})
+ .unwrap()
+}
+
fn derive_hmac_key(dice_artifacts: &dyn DiceArtifacts) -> Result<Zeroizing<[u8; HMAC_KEY_LENGTH]>> {
let mut key = Zeroizing::new([0u8; HMAC_KEY_LENGTH]);
kdf(dice_artifacts.cdi_seal(), &HMAC_KEY_SALT, HMAC_KEY_INFO, key.as_mut()).map_err(|e| {
diff --git a/tests/benchmark/Android.bp b/tests/benchmark/Android.bp
index 31fe0f6..c31c929 100644
--- a/tests/benchmark/Android.bp
+++ b/tests/benchmark/Android.bp
@@ -34,6 +34,7 @@
cc_library_shared {
name: "MicrodroidBenchmarkNativeLib",
+ defaults: ["avf_build_flags_cc"],
srcs: ["src/native/*.cpp"],
local_include_dirs: ["src/native/include"],
static_libs: [
diff --git a/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java b/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java
index b9faa85..e9c84fb 100644
--- a/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java
+++ b/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java
@@ -49,6 +49,7 @@
import org.junit.After;
import org.junit.Before;
+import org.junit.Ignore;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.Timeout;
@@ -276,6 +277,10 @@
(builder) -> builder);
}
+ // TODO(b/323768068): Enable this test when we can inject vendor digest for test purpose.
+ // After introducing VM reference DT, non-pVM cannot trust test_microdroid_vendor_image.img
+ // as well, because it doesn't pass the hashtree digest of testing image into VM.
+ @Ignore
@Test
public void testMicrodroidDebugBootTime_withVendorPartition() throws Exception {
assume().withMessage("Cuttlefish doesn't support device tree under" + " /proc/device-tree")
@@ -286,11 +291,6 @@
assume().withMessage("Boot with vendor partition is failing in HWASAN enabled Microdroid.")
.that(isHwasan())
.isFalse();
- assume().withMessage(
- "Skip test for protected VM, pvmfw config data doesn't contain any"
- + " information of test images, such as root digest.")
- .that(mProtectedVm)
- .isFalse();
assumeFeatureEnabled(VirtualMachineManager.FEATURE_VENDOR_MODULES);
File vendorDiskImage =
diff --git a/tests/benchmark/src/jni/Android.bp b/tests/benchmark/src/jni/Android.bp
index c2e1b7c..06de3e5 100644
--- a/tests/benchmark/src/jni/Android.bp
+++ b/tests/benchmark/src/jni/Android.bp
@@ -5,6 +5,7 @@
cc_library_shared {
name: "libiovsock_host_jni",
+ defaults: ["avf_build_flags_cc"],
srcs: ["io_vsock_host_jni.cpp"],
header_libs: ["jni_headers"],
shared_libs: ["libbase"],
diff --git a/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java b/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java
index 7a5d69b..2cd4577 100644
--- a/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java
+++ b/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java
@@ -90,7 +90,7 @@
private static final String SHELL_PACKAGE_NAME = "com.android.shell";
private static final String VIRT_APEX = "/apex/com.android.virt/";
- private static final int MIN_MEM_ARM64 = 160;
+ private static final int MIN_MEM_ARM64 = 170;
private static final int MIN_MEM_X86_64 = 196;
private static final int BOOT_COMPLETE_TIMEOUT = 30000; // 30 seconds
diff --git a/tests/testapk/Android.bp b/tests/testapk/Android.bp
index 10bbfb4..86172b0 100644
--- a/tests/testapk/Android.bp
+++ b/tests/testapk/Android.bp
@@ -68,6 +68,7 @@
// (MicrodroidTestApp) can start a payload defined in the another app (MicrodroidVmShareApp).
cc_defaults {
name: "MicrodroidTestNativeLibDefaults",
+ defaults: ["avf_build_flags_cc"],
srcs: ["src/native/testbinary.cpp"],
stl: "libc++_static",
header_libs: ["vm_payload_restricted_headers"],
@@ -99,12 +100,14 @@
cc_library_shared {
name: "MicrodroidTestNativeLibSub",
+ defaults: ["avf_build_flags_cc"],
srcs: ["src/native/testlib.cpp"],
stl: "libc++_static",
}
cc_library_shared {
name: "MicrodroidIdleNativeLib",
+ defaults: ["avf_build_flags_cc"],
srcs: ["src/native/idlebinary.cpp"],
header_libs: ["vm_payload_headers"],
stl: "libc++_static",
@@ -113,6 +116,7 @@
// An empty payload missing AVmPayload_main
cc_library_shared {
name: "MicrodroidEmptyNativeLib",
+ defaults: ["avf_build_flags_cc"],
srcs: ["src/native/emptybinary.cpp"],
stl: "none",
}
@@ -120,6 +124,7 @@
// A payload that exits immediately on start
cc_library_shared {
name: "MicrodroidExitNativeLib",
+ defaults: ["avf_build_flags_cc"],
srcs: ["src/native/exitbinary.cpp"],
header_libs: ["vm_payload_headers"],
stl: "libc++_static",
@@ -128,6 +133,7 @@
// A payload which tries to link against libselinux, one of private libraries
cc_library_shared {
name: "MicrodroidPrivateLinkingNativeLib",
+ defaults: ["avf_build_flags_cc"],
srcs: ["src/native/idlebinary.cpp"],
header_libs: ["vm_payload_headers"],
// HACK: linking against "libselinux" will embed libselinux.so into the apk
@@ -139,6 +145,7 @@
// A payload that crashes immediately on start
cc_library_shared {
name: "MicrodroidCrashNativeLib",
+ defaults: ["avf_build_flags_cc"],
srcs: ["src/native/crashbinary.cpp"],
header_libs: ["vm_payload_headers"],
stl: "libc++_static",
diff --git a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
index df6280d..1dd0309 100644
--- a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
+++ b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
@@ -142,7 +142,6 @@
@Before
public void setup() {
- grantPermission(VirtualMachine.MANAGE_VIRTUAL_MACHINE_PERMISSION);
prepareTestSetup(mProtectedVm, mGki);
// USE_CUSTOM_VIRTUAL_MACHINE permission has protection level signature|development, meaning
// that it will be automatically granted when test apk is installed. We have some tests
@@ -155,13 +154,12 @@
@After
public void tearDown() {
- revokePermission(VirtualMachine.MANAGE_VIRTUAL_MACHINE_PERMISSION);
revokePermission(VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION);
}
private static final long ONE_MEBI = 1024 * 1024;
- private static final long MIN_MEM_ARM64 = 160 * ONE_MEBI;
+ private static final long MIN_MEM_ARM64 = 170 * ONE_MEBI;
private static final long MIN_MEM_X86_64 = 196 * ONE_MEBI;
private static final String EXAMPLE_STRING = "Literally any string!! :)";
@@ -229,32 +227,6 @@
testResults.assertNoException();
assertThat(testResults.mAddInteger).isEqualTo(37 + 73);
}
-
- @Test
- @CddTest(
- requirements = {
- "9.17/C-1-1",
- "9.17/C-1-2",
- "9.17/C-1-4",
- })
- public void createVmRequiresPermission() {
- assumeSupportedDevice();
-
- revokePermission(VirtualMachine.MANAGE_VIRTUAL_MACHINE_PERMISSION);
-
- VirtualMachineConfig config =
- newVmConfigBuilderWithPayloadBinary("MicrodroidTestNativeLib.so")
- .setMemoryBytes(minMemoryRequired())
- .build();
-
- SecurityException e =
- assertThrows(
- SecurityException.class,
- () -> forceCreateNewVirtualMachine("test_vm_requires_permission", config));
- assertThat(e).hasMessageThat()
- .contains("android.permission.MANAGE_VIRTUAL_MACHINE permission");
- }
-
@Test
@CddTest(requirements = {"9.17/C-1-1"})
public void autoCloseVm() throws Exception {
@@ -481,29 +453,32 @@
// Minimal has as little as specified as possible; everything that can be is defaulted.
VirtualMachineConfig.Builder minimalBuilder =
new VirtualMachineConfig.Builder(getContext())
- .setPayloadBinaryName("binary.so")
+ .setPayloadConfigPath("config/path")
.setProtectedVm(isProtectedVm());
VirtualMachineConfig minimal = minimalBuilder.build();
assertThat(minimal.getApkPath()).isNull();
+ assertThat(minimal.getExtraApks()).isEmpty();
assertThat(minimal.getDebugLevel()).isEqualTo(DEBUG_LEVEL_NONE);
assertThat(minimal.getMemoryBytes()).isEqualTo(0);
assertThat(minimal.getCpuTopology()).isEqualTo(CPU_TOPOLOGY_ONE_CPU);
- assertThat(minimal.getPayloadBinaryName()).isEqualTo("binary.so");
- assertThat(minimal.getPayloadConfigPath()).isNull();
+ assertThat(minimal.getPayloadBinaryName()).isNull();
+ assertThat(minimal.getPayloadConfigPath()).isEqualTo("config/path");
assertThat(minimal.isProtectedVm()).isEqualTo(isProtectedVm());
assertThat(minimal.isEncryptedStorageEnabled()).isFalse();
assertThat(minimal.getEncryptedStorageBytes()).isEqualTo(0);
assertThat(minimal.isVmOutputCaptured()).isEqualTo(false);
- assertThat(minimal.getOs()).isEqualTo("microdroid");
+ assertThat(minimal.getOs()).isNull();
// Maximal has everything that can be set to some non-default value. (And has different
// values than minimal for the required fields.)
VirtualMachineConfig.Builder maximalBuilder =
new VirtualMachineConfig.Builder(getContext())
.setProtectedVm(mProtectedVm)
- .setPayloadConfigPath("config/path")
+ .setPayloadBinaryName("binary.so")
.setApkPath("/apk/path")
+ .addExtraApk("package.name1:split")
+ .addExtraApk("package.name2")
.setDebugLevel(DEBUG_LEVEL_FULL)
.setMemoryBytes(42)
.setCpuTopology(CPU_TOPOLOGY_MATCH_HOST)
@@ -512,25 +487,28 @@
VirtualMachineConfig maximal = maximalBuilder.build();
assertThat(maximal.getApkPath()).isEqualTo("/apk/path");
+ assertThat(maximal.getExtraApks())
+ .containsExactly("package.name1:split", "package.name2")
+ .inOrder();
assertThat(maximal.getDebugLevel()).isEqualTo(DEBUG_LEVEL_FULL);
assertThat(maximal.getMemoryBytes()).isEqualTo(42);
assertThat(maximal.getCpuTopology()).isEqualTo(CPU_TOPOLOGY_MATCH_HOST);
- assertThat(maximal.getPayloadBinaryName()).isNull();
- assertThat(maximal.getPayloadConfigPath()).isEqualTo("config/path");
+ assertThat(maximal.getPayloadBinaryName()).isEqualTo("binary.so");
+ assertThat(maximal.getPayloadConfigPath()).isNull();
assertThat(maximal.isProtectedVm()).isEqualTo(isProtectedVm());
assertThat(maximal.isEncryptedStorageEnabled()).isTrue();
assertThat(maximal.getEncryptedStorageBytes()).isEqualTo(1_000_000);
assertThat(maximal.isVmOutputCaptured()).isEqualTo(true);
- assertThat(maximal.getOs()).isNull();
+ assertThat(maximal.getOs()).isEqualTo("microdroid");
assertThat(minimal.isCompatibleWith(maximal)).isFalse();
assertThat(minimal.isCompatibleWith(minimal)).isTrue();
assertThat(maximal.isCompatibleWith(maximal)).isTrue();
- VirtualMachineConfig os = minimalBuilder.setOs("microdroid_gki-android14-6.1").build();
+ VirtualMachineConfig os = maximalBuilder.setOs("microdroid_gki-android14-6.1").build();
assertThat(os.getPayloadBinaryName()).isEqualTo("binary.so");
assertThat(os.getOs()).isEqualTo("microdroid_gki-android14-6.1");
- assertThat(os.isCompatibleWith(minimal)).isFalse();
+ assertThat(os.isCompatibleWith(maximal)).isFalse();
}
@Test
@@ -542,6 +520,7 @@
// All your null are belong to me.
assertThrows(NullPointerException.class, () -> new VirtualMachineConfig.Builder(null));
assertThrows(NullPointerException.class, () -> builder.setApkPath(null));
+ assertThrows(NullPointerException.class, () -> builder.addExtraApk(null));
assertThrows(NullPointerException.class, () -> builder.setPayloadConfigPath(null));
assertThrows(NullPointerException.class, () -> builder.setPayloadBinaryName(null));
assertThrows(NullPointerException.class, () -> builder.setVendorDiskImage(null));
@@ -607,6 +586,7 @@
.isTrue();
// Changes that must be incompatible, since they must change the VM identity.
+ assertConfigCompatible(baseline, newBaselineBuilder().addExtraApk("foo")).isFalse();
assertConfigCompatible(baseline, newBaselineBuilder().setDebugLevel(DEBUG_LEVEL_FULL))
.isFalse();
assertConfigCompatible(baseline, newBaselineBuilder().setPayloadBinaryName("different"))
@@ -931,7 +911,34 @@
vm,
(ts, tr) -> {
tr.mExtraApkTestProp =
- ts.readProperty("debug.microdroid.test.extra_apk");
+ ts.readProperty(
+ "debug.microdroid.test.extra_apk_build_manifest");
+ });
+ assertThat(testResults.mExtraApkTestProp).isEqualTo("PASS");
+ }
+
+ @Test
+ @CddTest(requirements = {"9.17/C-1-1", "9.17/C-2-1"})
+ public void extraApkInVmConfig() throws Exception {
+ assumeSupportedDevice();
+ assumeFeatureEnabled(VirtualMachineManager.FEATURE_MULTI_TENANT);
+
+ grantPermission(VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION);
+ VirtualMachineConfig config =
+ newVmConfigBuilderWithPayloadBinary("MicrodroidTestNativeLib.so")
+ .setMemoryBytes(minMemoryRequired())
+ .setDebugLevel(DEBUG_LEVEL_FULL)
+ .addExtraApk(VM_SHARE_APP_PACKAGE_NAME)
+ .build();
+ VirtualMachine vm = forceCreateNewVirtualMachine("test_vm_extra_apk", config);
+
+ TestResults testResults =
+ runVmTestService(
+ TAG,
+ vm,
+ (ts, tr) -> {
+ tr.mExtraApkTestProp =
+ ts.readProperty("debug.microdroid.test.extra_apk_vm_share");
});
assertThat(testResults.mExtraApkTestProp).isEqualTo("PASS");
}
@@ -1159,18 +1166,6 @@
assertThrows(Exception.class, () -> launchVmAndGetCdis("test_vm"));
}
- @Test
- public void isFeatureEnabled_requiresManagePermission() throws Exception {
- revokePermission(VirtualMachine.MANAGE_VIRTUAL_MACHINE_PERMISSION);
-
- VirtualMachineManager vmm = getVirtualMachineManager();
- SecurityException e =
- assertThrows(SecurityException.class, () -> vmm.isFeatureEnabled("whatever"));
- assertThat(e)
- .hasMessageThat()
- .contains("android.permission.MANAGE_VIRTUAL_MACHINE permission");
- }
-
private static final UUID MICRODROID_PARTITION_UUID =
UUID.fromString("cf9afe9a-0662-11ec-a329-c32663a09d75");
private static final UUID PVM_FW_PARTITION_UUID =
@@ -2133,7 +2128,7 @@
.contains("android.permission.USE_CUSTOM_VIRTUAL_MACHINE permission");
}
- // TODO(b/323768068): Enable this test when we can inject vendor hashkey for test purpose.
+ // TODO(b/323768068): Enable this test when we can inject vendor digest for test purpose.
// After introducing VM reference DT, non-pVM cannot trust test_microdroid_vendor_image.img
// as well, because it doesn't pass the hashtree digest of testing image into VM.
@Ignore
diff --git a/tests/testapk/src/native/testbinary.cpp b/tests/testapk/src/native/testbinary.cpp
index c9b5e3a..1a75102 100644
--- a/tests/testapk/src/native/testbinary.cpp
+++ b/tests/testapk/src/native/testbinary.cpp
@@ -349,7 +349,7 @@
return {};
}
-Result<void> verify_apk() {
+Result<void> verify_build_manifest() {
const char* path = "/mnt/extra-apk/0/assets/build_manifest.pb";
std::string str;
@@ -364,6 +364,17 @@
return {};
}
+Result<void> verify_vm_share() {
+ const char* path = "/mnt/extra-apk/0/assets/vmshareapp.txt";
+
+ std::string str;
+ if (!android::base::ReadFileToString(path, &str)) {
+ return ErrnoError() << "failed to read vmshareapp.txt";
+ }
+
+ return {};
+}
+
} // Anonymous namespace
extern "C" int AVmPayload_main() {
@@ -372,8 +383,10 @@
// Make sure we can call into other shared libraries.
testlib_sub();
- // Extra apks may be missing; this is not a fatal error
- report_test("extra_apk", verify_apk());
+ // Report various things that aren't always fatal - these are checked in MicrodroidTests as
+ // appropriate.
+ report_test("extra_apk_build_manifest", verify_build_manifest());
+ report_test("extra_apk_vm_share", verify_vm_share());
__system_property_set("debug.microdroid.app.run", "true");
diff --git a/tests/vmshareapp/assets/vmshareapp.txt b/tests/vmshareapp/assets/vmshareapp.txt
new file mode 100644
index 0000000..02fdd71
--- /dev/null
+++ b/tests/vmshareapp/assets/vmshareapp.txt
@@ -0,0 +1 @@
+Marker file for the vmshareapp APK
diff --git a/virtualizationmanager/Android.bp b/virtualizationmanager/Android.bp
index 48b5cd1..39d296f 100644
--- a/virtualizationmanager/Android.bp
+++ b/virtualizationmanager/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/virtualizationmanager/fsfdt/Android.bp b/virtualizationmanager/fsfdt/Android.bp
index 3a42bf3..7199485 100644
--- a/virtualizationmanager/fsfdt/Android.bp
+++ b/virtualizationmanager/fsfdt/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
@@ -17,8 +18,8 @@
],
}
-rust_library_rlib {
- name: "libfsfdt",
+rust_defaults {
+ name: "libfsfdt_default",
crate_name: "fsfdt",
defaults: ["avf_build_flags_rust"],
edition: "2021",
@@ -30,3 +31,17 @@
],
apex_available: ["com.android.virt"],
}
+
+rust_library_rlib {
+ name: "libfsfdt",
+ defaults: ["libfsfdt_default"],
+}
+
+rust_test {
+ name: "libfsfdt_test",
+ defaults: ["libfsfdt_default"],
+ data: ["testdata/**/*"],
+ data_bins: ["dtc_static"],
+ rustlibs: ["libtempfile"],
+ compile_multilib: "first",
+}
diff --git a/virtualizationmanager/fsfdt/src/lib.rs b/virtualizationmanager/fsfdt/src/lib.rs
index a2ca519..549df04 100644
--- a/virtualizationmanager/fsfdt/src/lib.rs
+++ b/virtualizationmanager/fsfdt/src/lib.rs
@@ -98,3 +98,56 @@
Ok(())
}
}
+
+#[cfg(test)]
+mod test {
+ use super::*;
+ use std::io::Write;
+ use std::process::Command;
+ use tempfile::NamedTempFile;
+
+ const TEST_FS_FDT_ROOT_PATH: &str = "testdata/fs";
+ const BUF_SIZE_MAX: usize = 1024;
+
+ fn dts_from_fs(path: &Path) -> String {
+ let path = path.to_str().unwrap();
+ let res = Command::new("./dtc_static")
+ .args(["-f", "-s", "-I", "fs", "-O", "dts", path])
+ .output()
+ .unwrap();
+ assert!(res.status.success(), "{res:?}");
+ String::from_utf8(res.stdout).unwrap()
+ }
+
+ fn dts_from_dtb(path: &Path) -> String {
+ let path = path.to_str().unwrap();
+ let res = Command::new("./dtc_static")
+ .args(["-f", "-s", "-I", "dtb", "-O", "dts", path])
+ .output()
+ .unwrap();
+ assert!(res.status.success(), "{res:?}");
+ String::from_utf8(res.stdout).unwrap()
+ }
+
+ fn to_temp_file(fdt: &Fdt) -> Result<NamedTempFile> {
+ let mut file = NamedTempFile::new()?;
+ file.as_file_mut().write_all(fdt.as_slice())?;
+ file.as_file_mut().sync_all()?;
+
+ Ok(file)
+ }
+
+ #[test]
+ fn test_from_fs() {
+ let fs_path = Path::new(TEST_FS_FDT_ROOT_PATH);
+
+ let mut data = vec![0_u8; BUF_SIZE_MAX];
+ let fdt = Fdt::from_fs(fs_path, &mut data).unwrap();
+ let file = to_temp_file(fdt).unwrap();
+
+ let expected = dts_from_fs(fs_path);
+ let actual = dts_from_dtb(file.path());
+
+ assert_eq!(&expected, &actual);
+ }
+}
diff --git a/virtualizationmanager/fsfdt/testdata/fs/avf/reference/oem/stub b/virtualizationmanager/fsfdt/testdata/fs/avf/reference/oem/stub
new file mode 100644
index 0000000..2e73f18
--- /dev/null
+++ b/virtualizationmanager/fsfdt/testdata/fs/avf/reference/oem/stub
Binary files differ
diff --git a/virtualizationmanager/fsfdt/testdata/fs/avf/reference/vendor/empty b/virtualizationmanager/fsfdt/testdata/fs/avf/reference/vendor/empty
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/virtualizationmanager/fsfdt/testdata/fs/avf/reference/vendor/empty
diff --git a/virtualizationmanager/fsfdt/testdata/fs/avf/reference/vendor/vendor_extra_node/flag b/virtualizationmanager/fsfdt/testdata/fs/avf/reference/vendor/vendor_extra_node/flag
new file mode 100644
index 0000000..accba00
--- /dev/null
+++ b/virtualizationmanager/fsfdt/testdata/fs/avf/reference/vendor/vendor_extra_node/flag
Binary files differ
diff --git a/virtualizationmanager/fsfdt/testdata/fs/avf/reference/vendor_hashtree_descriptor_root_digest b/virtualizationmanager/fsfdt/testdata/fs/avf/reference/vendor_hashtree_descriptor_root_digest
new file mode 100644
index 0000000..e901bb1
--- /dev/null
+++ b/virtualizationmanager/fsfdt/testdata/fs/avf/reference/vendor_hashtree_descriptor_root_digest
Binary files differ
diff --git a/virtualizationmanager/fsfdt/testdata/fs/avf/reference/vendor_image_key b/virtualizationmanager/fsfdt/testdata/fs/avf/reference/vendor_image_key
new file mode 100644
index 0000000..4d02944
--- /dev/null
+++ b/virtualizationmanager/fsfdt/testdata/fs/avf/reference/vendor_image_key
Binary files differ
diff --git a/virtualizationmanager/src/aidl.rs b/virtualizationmanager/src/aidl.rs
index 602c670..771863b 100644
--- a/virtualizationmanager/src/aidl.rs
+++ b/virtualizationmanager/src/aidl.rs
@@ -1410,6 +1410,70 @@
}
}
+struct SecretkeeperProxy(Strong<dyn ISecretkeeper>);
+
+impl Interface for SecretkeeperProxy {}
+
+impl ISecretkeeper for SecretkeeperProxy {
+ fn processSecretManagementRequest(&self, req: &[u8]) -> binder::Result<Vec<u8>> {
+ // Pass the request to the channel, and read the response.
+ self.0.processSecretManagementRequest(req)
+ }
+
+ fn getAuthGraphKe(&self) -> binder::Result<Strong<dyn IAuthGraphKeyExchange>> {
+ let ag = AuthGraphKeyExchangeProxy(self.0.getAuthGraphKe()?);
+ Ok(BnAuthGraphKeyExchange::new_binder(ag, BinderFeatures::default()))
+ }
+
+ fn deleteIds(&self, ids: &[SecretId]) -> binder::Result<()> {
+ self.0.deleteIds(ids)
+ }
+
+ fn deleteAll(&self) -> binder::Result<()> {
+ self.0.deleteAll()
+ }
+}
+
+struct AuthGraphKeyExchangeProxy(Strong<dyn IAuthGraphKeyExchange>);
+
+impl Interface for AuthGraphKeyExchangeProxy {}
+
+impl IAuthGraphKeyExchange for AuthGraphKeyExchangeProxy {
+ fn create(&self) -> binder::Result<SessionInitiationInfo> {
+ self.0.create()
+ }
+
+ fn init(
+ &self,
+ peer_pub_key: &PubKey,
+ peer_id: &Identity,
+ peer_nonce: &[u8],
+ peer_version: i32,
+ ) -> binder::Result<KeInitResult> {
+ self.0.init(peer_pub_key, peer_id, peer_nonce, peer_version)
+ }
+
+ fn finish(
+ &self,
+ peer_pub_key: &PubKey,
+ peer_id: &Identity,
+ peer_signature: &SessionIdSignature,
+ peer_nonce: &[u8],
+ peer_version: i32,
+ own_key: &Key,
+ ) -> binder::Result<SessionInfo> {
+ self.0.finish(peer_pub_key, peer_id, peer_signature, peer_nonce, peer_version, own_key)
+ }
+
+ fn authenticationComplete(
+ &self,
+ peer_signature: &SessionIdSignature,
+ shared_keys: &[AuthgraphArc; 2],
+ ) -> binder::Result<[AuthgraphArc; 2]> {
+ self.0.authenticationComplete(peer_signature, shared_keys)
+ }
+}
+
#[cfg(test)]
mod tests {
use super::*;
@@ -1626,67 +1690,3 @@
Ok(())
}
}
-
-struct SecretkeeperProxy(Strong<dyn ISecretkeeper>);
-
-impl Interface for SecretkeeperProxy {}
-
-impl ISecretkeeper for SecretkeeperProxy {
- fn processSecretManagementRequest(&self, req: &[u8]) -> binder::Result<Vec<u8>> {
- // Pass the request to the channel, and read the response.
- self.0.processSecretManagementRequest(req)
- }
-
- fn getAuthGraphKe(&self) -> binder::Result<Strong<dyn IAuthGraphKeyExchange>> {
- let ag = AuthGraphKeyExchangeProxy(self.0.getAuthGraphKe()?);
- Ok(BnAuthGraphKeyExchange::new_binder(ag, BinderFeatures::default()))
- }
-
- fn deleteIds(&self, ids: &[SecretId]) -> binder::Result<()> {
- self.0.deleteIds(ids)
- }
-
- fn deleteAll(&self) -> binder::Result<()> {
- self.0.deleteAll()
- }
-}
-
-struct AuthGraphKeyExchangeProxy(Strong<dyn IAuthGraphKeyExchange>);
-
-impl Interface for AuthGraphKeyExchangeProxy {}
-
-impl IAuthGraphKeyExchange for AuthGraphKeyExchangeProxy {
- fn create(&self) -> binder::Result<SessionInitiationInfo> {
- self.0.create()
- }
-
- fn init(
- &self,
- peer_pub_key: &PubKey,
- peer_id: &Identity,
- peer_nonce: &[u8],
- peer_version: i32,
- ) -> binder::Result<KeInitResult> {
- self.0.init(peer_pub_key, peer_id, peer_nonce, peer_version)
- }
-
- fn finish(
- &self,
- peer_pub_key: &PubKey,
- peer_id: &Identity,
- peer_signature: &SessionIdSignature,
- peer_nonce: &[u8],
- peer_version: i32,
- own_key: &Key,
- ) -> binder::Result<SessionInfo> {
- self.0.finish(peer_pub_key, peer_id, peer_signature, peer_nonce, peer_version, own_key)
- }
-
- fn authenticationComplete(
- &self,
- peer_signature: &SessionIdSignature,
- shared_keys: &[AuthgraphArc; 2],
- ) -> binder::Result<[AuthgraphArc; 2]> {
- self.0.authenticationComplete(peer_signature, shared_keys)
- }
-}
diff --git a/virtualizationservice/Android.bp b/virtualizationservice/Android.bp
index e0bb97f..71d9d4b 100644
--- a/virtualizationservice/Android.bp
+++ b/virtualizationservice/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/virtualizationservice/aidl/Android.bp b/virtualizationservice/aidl/Android.bp
index 8ca375a..7c9c4f7 100644
--- a/virtualizationservice/aidl/Android.bp
+++ b/virtualizationservice/aidl/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/virtualizationservice/vfio_handler/Android.bp b/virtualizationservice/vfio_handler/Android.bp
index 66fc2ee..b9d495b 100644
--- a/virtualizationservice/vfio_handler/Android.bp
+++ b/virtualizationservice/vfio_handler/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/vm/Android.bp b/vm/Android.bp
index 04aff5e..ff1b788 100644
--- a/vm/Android.bp
+++ b/vm/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}
diff --git a/vm_payload/Android.bp b/vm_payload/Android.bp
index 286612c..a745fd6 100644
--- a/vm_payload/Android.bp
+++ b/vm_payload/Android.bp
@@ -53,7 +53,7 @@
],
visibility: [
"//packages/modules/Virtualization/compos",
- "//packages/modules/Virtualization/service_vm/test_apk",
+ "//packages/modules/Virtualization/service_vm:__subpackages__",
],
shared_libs: [
"libvm_payload#current",
@@ -63,6 +63,7 @@
// Shared library for clients to link against.
cc_library_shared {
name: "libvm_payload",
+ defaults: ["avf_build_flags_cc"],
shared_libs: [
"libbinder_ndk",
"libbinder_rpc_unstable",
@@ -84,6 +85,7 @@
// declaration of AVmPayload_main().
cc_library_headers {
name: "vm_payload_headers",
+ defaults: ["avf_build_flags_cc"],
apex_available: ["com.android.compos"],
export_include_dirs: ["include"],
}
@@ -91,6 +93,7 @@
// Restricted headers for use by internal clients & associated tests.
cc_library_headers {
name: "vm_payload_restricted_headers",
+ defaults: ["avf_build_flags_cc"],
header_libs: ["vm_payload_headers"],
export_header_lib_headers: ["vm_payload_headers"],
export_include_dirs: ["include-restricted"],
diff --git a/vm_payload/src/api.rs b/vm_payload/src/api.rs
deleted file mode 100644
index 7978059..0000000
--- a/vm_payload/src/api.rs
+++ /dev/null
@@ -1,509 +0,0 @@
-// Copyright 2022, The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-//! This module handles the interaction with virtual machine payload service.
-
-use android_system_virtualization_payload::aidl::android::system::virtualization::payload:: IVmPayloadService::{
- IVmPayloadService, ENCRYPTEDSTORE_MOUNTPOINT, VM_APK_CONTENTS_PATH,
- VM_PAYLOAD_SERVICE_SOCKET_NAME, AttestationResult::AttestationResult,
-};
-use anyhow::{bail, ensure, Context, Result};
-use binder::{
- unstable_api::{new_spibinder, AIBinder},
- Strong, ExceptionCode,
-};
-use lazy_static::lazy_static;
-use log::{error, info, LevelFilter};
-use rpcbinder::{RpcServer, RpcSession};
-use openssl::{ec::EcKey, sha::sha256, ecdsa::EcdsaSig};
-use std::convert::Infallible;
-use std::ffi::{CString, CStr};
-use std::fmt::Debug;
-use std::os::raw::{c_char, c_void};
-use std::path::Path;
-use std::ptr::{self, NonNull};
-use std::sync::{
- atomic::{AtomicBool, Ordering},
- Mutex,
-};
-use vm_payload_status_bindgen::attestation_status_t;
-
-lazy_static! {
- static ref VM_APK_CONTENTS_PATH_C: CString =
- CString::new(VM_APK_CONTENTS_PATH).expect("CString::new failed");
- static ref PAYLOAD_CONNECTION: Mutex<Option<Strong<dyn IVmPayloadService>>> = Mutex::default();
- static ref VM_ENCRYPTED_STORAGE_PATH_C: CString =
- CString::new(ENCRYPTEDSTORE_MOUNTPOINT).expect("CString::new failed");
-}
-
-static ALREADY_NOTIFIED: AtomicBool = AtomicBool::new(false);
-
-/// Return a connection to the payload service in Microdroid Manager. Uses the existing connection
-/// if there is one, otherwise attempts to create a new one.
-fn get_vm_payload_service() -> Result<Strong<dyn IVmPayloadService>> {
- let mut connection = PAYLOAD_CONNECTION.lock().unwrap();
- if let Some(strong) = &*connection {
- Ok(strong.clone())
- } else {
- let new_connection: Strong<dyn IVmPayloadService> = RpcSession::new()
- .setup_unix_domain_client(VM_PAYLOAD_SERVICE_SOCKET_NAME)
- .context(format!("Failed to connect to service: {}", VM_PAYLOAD_SERVICE_SOCKET_NAME))?;
- *connection = Some(new_connection.clone());
- Ok(new_connection)
- }
-}
-
-/// Make sure our logging goes to logcat. It is harmless to call this more than once.
-fn initialize_logging() {
- android_logger::init_once(
- android_logger::Config::default().with_tag("vm_payload").with_max_level(LevelFilter::Info),
- );
-}
-
-/// In many cases clients can't do anything useful if API calls fail, and the failure
-/// generally indicates that the VM is exiting or otherwise doomed. So rather than
-/// returning a non-actionable error indication we just log the problem and abort
-/// the process.
-fn unwrap_or_abort<T, E: Debug>(result: Result<T, E>) -> T {
- result.unwrap_or_else(|e| {
- let msg = format!("{:?}", e);
- error!("{msg}");
- panic!("{msg}")
- })
-}
-
-/// Notifies the host that the payload is ready.
-/// Panics on failure.
-#[no_mangle]
-pub extern "C" fn AVmPayload_notifyPayloadReady() {
- initialize_logging();
-
- if !ALREADY_NOTIFIED.swap(true, Ordering::Relaxed) {
- unwrap_or_abort(try_notify_payload_ready());
-
- info!("Notified host payload ready successfully");
- }
-}
-
-/// Notifies the host that the payload is ready.
-/// Returns a `Result` containing error information if failed.
-fn try_notify_payload_ready() -> Result<()> {
- get_vm_payload_service()?.notifyPayloadReady().context("Cannot notify payload ready")
-}
-
-/// Runs a binder RPC server, serving the supplied binder service implementation on the given vsock
-/// port.
-///
-/// If and when the server is ready for connections (it is listening on the port), `on_ready` is
-/// called to allow appropriate action to be taken - e.g. to notify clients that they may now
-/// attempt to connect.
-///
-/// The current thread joins the binder thread pool to handle incoming messages.
-/// This function never returns.
-///
-/// Panics on error (including unexpected server exit).
-///
-/// # Safety
-///
-/// If present, the `on_ready` callback must be a valid function pointer, which will be called at
-/// most once, while this function is executing, with the `param` parameter.
-#[no_mangle]
-pub unsafe extern "C" fn AVmPayload_runVsockRpcServer(
- service: *mut AIBinder,
- port: u32,
- on_ready: Option<unsafe extern "C" fn(param: *mut c_void)>,
- param: *mut c_void,
-) -> Infallible {
- initialize_logging();
-
- // SAFETY: try_run_vsock_server has the same requirements as this function
- unwrap_or_abort(unsafe { try_run_vsock_server(service, port, on_ready, param) })
-}
-
-/// # Safety: Same as `AVmPayload_runVsockRpcServer`.
-unsafe fn try_run_vsock_server(
- service: *mut AIBinder,
- port: u32,
- on_ready: Option<unsafe extern "C" fn(param: *mut c_void)>,
- param: *mut c_void,
-) -> Result<Infallible> {
- // SAFETY: AIBinder returned has correct reference count, and the ownership can
- // safely be taken by new_spibinder.
- let service = unsafe { new_spibinder(service) };
- if let Some(service) = service {
- match RpcServer::new_vsock(service, libc::VMADDR_CID_HOST, port) {
- Ok(server) => {
- if let Some(on_ready) = on_ready {
- // SAFETY: We're calling the callback with the parameter specified within the
- // allowed lifetime.
- unsafe { on_ready(param) };
- }
- server.join();
- bail!("RpcServer unexpectedly terminated");
- }
- Err(err) => {
- bail!("Failed to start RpcServer: {:?}", err);
- }
- }
- } else {
- bail!("Failed to convert the given service from AIBinder to SpIBinder.");
- }
-}
-
-/// Get a secret that is uniquely bound to this VM instance.
-/// Panics on failure.
-///
-/// # Safety
-///
-/// Behavior is undefined if any of the following conditions are violated:
-///
-/// * `identifier` must be [valid] for reads of `identifier_size` bytes.
-/// * `secret` must be [valid] for writes of `size` bytes.
-///
-/// [valid]: ptr#safety
-#[no_mangle]
-pub unsafe extern "C" fn AVmPayload_getVmInstanceSecret(
- identifier: *const u8,
- identifier_size: usize,
- secret: *mut u8,
- size: usize,
-) {
- initialize_logging();
-
- // SAFETY: See the requirements on `identifier` above.
- let identifier = unsafe { std::slice::from_raw_parts(identifier, identifier_size) };
- let vm_secret = unwrap_or_abort(try_get_vm_instance_secret(identifier, size));
-
- // SAFETY: See the requirements on `secret` above; `vm_secret` is known to have length `size`,
- // and cannot overlap `secret` because we just allocated it.
- unsafe {
- ptr::copy_nonoverlapping(vm_secret.as_ptr(), secret, size);
- }
-}
-
-fn try_get_vm_instance_secret(identifier: &[u8], size: usize) -> Result<Vec<u8>> {
- let vm_secret = get_vm_payload_service()?
- .getVmInstanceSecret(identifier, i32::try_from(size)?)
- .context("Cannot get VM instance secret")?;
- ensure!(
- vm_secret.len() == size,
- "Returned secret has {} bytes, expected {}",
- vm_secret.len(),
- size
- );
- Ok(vm_secret)
-}
-
-/// Get the VM's attestation chain.
-/// Panics on failure.
-///
-/// # Safety
-///
-/// Behavior is undefined if any of the following conditions are violated:
-///
-/// * `data` must be [valid] for writes of `size` bytes, if size > 0.
-///
-/// [valid]: ptr#safety
-#[no_mangle]
-pub unsafe extern "C" fn AVmPayload_getDiceAttestationChain(data: *mut u8, size: usize) -> usize {
- initialize_logging();
-
- let chain = unwrap_or_abort(try_get_dice_attestation_chain());
- if size != 0 {
- // SAFETY: See the requirements on `data` above. The number of bytes copied doesn't exceed
- // the length of either buffer, and `chain` cannot overlap `data` because we just allocated
- // it. We allow data to be null, which is never valid, but only if size == 0 which is
- // checked above.
- unsafe { ptr::copy_nonoverlapping(chain.as_ptr(), data, std::cmp::min(chain.len(), size)) };
- }
- chain.len()
-}
-
-fn try_get_dice_attestation_chain() -> Result<Vec<u8>> {
- get_vm_payload_service()?.getDiceAttestationChain().context("Cannot get attestation chain")
-}
-
-/// Get the VM's attestation CDI.
-/// Panics on failure.
-///
-/// # Safety
-///
-/// Behavior is undefined if any of the following conditions are violated:
-///
-/// * `data` must be [valid] for writes of `size` bytes, if size > 0.
-///
-/// [valid]: ptr#safety
-#[no_mangle]
-pub unsafe extern "C" fn AVmPayload_getDiceAttestationCdi(data: *mut u8, size: usize) -> usize {
- initialize_logging();
-
- let cdi = unwrap_or_abort(try_get_dice_attestation_cdi());
- if size != 0 {
- // SAFETY: See the requirements on `data` above. The number of bytes copied doesn't exceed
- // the length of either buffer, and `cdi` cannot overlap `data` because we just allocated
- // it. We allow data to be null, which is never valid, but only if size == 0 which is
- // checked above.
- unsafe { ptr::copy_nonoverlapping(cdi.as_ptr(), data, std::cmp::min(cdi.len(), size)) };
- }
- cdi.len()
-}
-
-fn try_get_dice_attestation_cdi() -> Result<Vec<u8>> {
- get_vm_payload_service()?.getDiceAttestationCdi().context("Cannot get attestation CDI")
-}
-
-/// Requests the remote attestation of the client VM.
-///
-/// The challenge will be included in the certificate chain in the attestation result,
-/// serving as proof of the freshness of the result.
-///
-/// # Safety
-///
-/// Behavior is undefined if any of the following conditions are violated:
-///
-/// * `challenge` must be [valid] for reads of `challenge_size` bytes.
-/// * `res` must be [valid] to write the attestation result.
-/// * The region of memory beginning at `challenge` with `challenge_size` bytes must not
-/// overlap with the region of memory `res` points to.
-///
-/// [valid]: ptr#safety
-#[no_mangle]
-pub unsafe extern "C" fn AVmPayload_requestAttestation(
- challenge: *const u8,
- challenge_size: usize,
- res: &mut *mut AttestationResult,
-) -> attestation_status_t {
- initialize_logging();
- const MAX_CHALLENGE_SIZE: usize = 64;
- if challenge_size > MAX_CHALLENGE_SIZE {
- return attestation_status_t::ATTESTATION_ERROR_INVALID_CHALLENGE;
- }
- let challenge = if challenge_size == 0 {
- &[]
- } else {
- // SAFETY: The caller guarantees that `challenge` is valid for reads of
- // `challenge_size` bytes and `challenge_size` is not zero.
- unsafe { std::slice::from_raw_parts(challenge, challenge_size) }
- };
- let service = unwrap_or_abort(get_vm_payload_service());
- match service.requestAttestation(challenge) {
- Ok(attestation_res) => {
- *res = Box::into_raw(Box::new(attestation_res));
- attestation_status_t::ATTESTATION_OK
- }
- Err(e) => {
- error!("Remote attestation failed: {e:?}");
- binder_status_to_attestation_status(e)
- }
- }
-}
-
-fn binder_status_to_attestation_status(status: binder::Status) -> attestation_status_t {
- match status.exception_code() {
- ExceptionCode::UNSUPPORTED_OPERATION => attestation_status_t::ATTESTATION_ERROR_UNSUPPORTED,
- _ => attestation_status_t::ATTESTATION_ERROR_ATTESTATION_FAILED,
- }
-}
-
-/// Converts the return value from `AVmPayload_requestAttestation` to a text string
-/// representing the error code.
-#[no_mangle]
-pub extern "C" fn AVmAttestationResult_resultToString(
- status: attestation_status_t,
-) -> *const c_char {
- let message = match status {
- attestation_status_t::ATTESTATION_OK => {
- CStr::from_bytes_with_nul(b"The remote attestation completes successfully.\0").unwrap()
- }
- attestation_status_t::ATTESTATION_ERROR_INVALID_CHALLENGE => {
- CStr::from_bytes_with_nul(b"The challenge size is not between 0 and 64.\0").unwrap()
- }
- attestation_status_t::ATTESTATION_ERROR_ATTESTATION_FAILED => {
- CStr::from_bytes_with_nul(b"Failed to attest the VM. Please retry at a later time.\0")
- .unwrap()
- }
- attestation_status_t::ATTESTATION_ERROR_UNSUPPORTED => CStr::from_bytes_with_nul(
- b"Remote attestation is not supported in the current environment.\0",
- )
- .unwrap(),
- };
- message.as_ptr()
-}
-
-/// Reads the DER-encoded ECPrivateKey structure specified in [RFC 5915 s3] for the
-/// EC P-256 private key from the provided attestation result.
-///
-/// # Safety
-///
-/// Behavior is undefined if any of the following conditions are violated:
-///
-/// * `data` must be [valid] for writes of `size` bytes, if size > 0.
-/// * The region of memory beginning at `data` with `size` bytes must not overlap with the
-/// region of memory `res` points to.
-///
-/// [valid]: ptr#safety
-/// [RFC 5915 s3]: https://datatracker.ietf.org/doc/html/rfc5915#section-3
-#[no_mangle]
-pub unsafe extern "C" fn AVmAttestationResult_getPrivateKey(
- res: &AttestationResult,
- data: *mut u8,
- size: usize,
-) -> usize {
- let private_key = &res.privateKey;
- if size != 0 {
- let data = NonNull::new(data).expect("data must not be null when size > 0");
- // SAFETY: See the requirements on `data` above. The number of bytes copied doesn't exceed
- // the length of either buffer, and the caller ensures that `private_key` cannot overlap
- // `data`. We allow data to be null, which is never valid, but only if size == 0
- // which is checked above.
- unsafe {
- ptr::copy_nonoverlapping(
- private_key.as_ptr(),
- data.as_ptr(),
- std::cmp::min(private_key.len(), size),
- )
- };
- }
- private_key.len()
-}
-
-/// Signs the given message using ECDSA P-256, the message is first hashed with SHA-256 and
-/// then it is signed with the attested EC P-256 private key in the attestation result.
-///
-/// # Safety
-///
-/// Behavior is undefined if any of the following conditions are violated:
-///
-/// * `message` must be [valid] for reads of `message_size` bytes.
-/// * `data` must be [valid] for writes of `size` bytes, if size > 0.
-/// * The region of memory beginning at `data` with `size` bytes must not overlap with the
-/// region of memory `res` or `message` point to.
-///
-///
-/// [valid]: ptr#safety
-#[no_mangle]
-pub unsafe extern "C" fn AVmAttestationResult_sign(
- res: &AttestationResult,
- message: *const u8,
- message_size: usize,
- data: *mut u8,
- size: usize,
-) -> usize {
- if message_size == 0 {
- panic!("Message to be signed must not be empty.")
- }
- // SAFETY: See the requirements on `message` above.
- let message = unsafe { std::slice::from_raw_parts(message, message_size) };
- let signature = unwrap_or_abort(try_ecdsa_sign(message, &res.privateKey));
- if size != 0 {
- let data = NonNull::new(data).expect("data must not be null when size > 0");
- // SAFETY: See the requirements on `data` above. The number of bytes copied doesn't exceed
- // the length of either buffer, and the caller ensures that `signature` cannot overlap
- // `data`. We allow data to be null, which is never valid, but only if size == 0
- // which is checked above.
- unsafe {
- ptr::copy_nonoverlapping(
- signature.as_ptr(),
- data.as_ptr(),
- std::cmp::min(signature.len(), size),
- )
- };
- }
- signature.len()
-}
-
-fn try_ecdsa_sign(message: &[u8], der_encoded_ec_private_key: &[u8]) -> Result<Vec<u8>> {
- let private_key = EcKey::private_key_from_der(der_encoded_ec_private_key)?;
- let digest = sha256(message);
- let sig = EcdsaSig::sign(&digest, &private_key)?;
- Ok(sig.to_der()?)
-}
-
-/// Gets the number of certificates in the certificate chain.
-#[no_mangle]
-pub extern "C" fn AVmAttestationResult_getCertificateCount(res: &AttestationResult) -> usize {
- res.certificateChain.len()
-}
-
-/// Retrieves the certificate at the given `index` from the certificate chain in the provided
-/// attestation result.
-///
-/// # Safety
-///
-/// Behavior is undefined if any of the following conditions are violated:
-///
-/// * `data` must be [valid] for writes of `size` bytes, if size > 0.
-/// * `index` must be within the range of [0, number of certificates). The number of certificates
-/// can be obtained with `AVmAttestationResult_getCertificateCount`.
-/// * The region of memory beginning at `data` with `size` bytes must not overlap with the
-/// region of memory `res` points to.
-///
-/// [valid]: ptr#safety
-#[no_mangle]
-pub unsafe extern "C" fn AVmAttestationResult_getCertificateAt(
- res: &AttestationResult,
- index: usize,
- data: *mut u8,
- size: usize,
-) -> usize {
- let certificate =
- &res.certificateChain.get(index).expect("The index is out of bounds.").encodedCertificate;
- if size != 0 {
- let data = NonNull::new(data).expect("data must not be null when size > 0");
- // SAFETY: See the requirements on `data` above. The number of bytes copied doesn't exceed
- // the length of either buffer, and the caller ensures that `certificate` cannot overlap
- // `data`. We allow data to be null, which is never valid, but only if size == 0
- // which is checked above.
- unsafe {
- ptr::copy_nonoverlapping(
- certificate.as_ptr(),
- data.as_ptr(),
- std::cmp::min(certificate.len(), size),
- )
- };
- }
- certificate.len()
-}
-
-/// Frees all the data owned by given attestation result and result itself.
-///
-/// # Safety
-///
-/// Behavior is undefined if any of the following conditions are violated:
-///
-/// * `res` must point to a valid `AttestationResult` and has not been freed before.
-#[no_mangle]
-pub unsafe extern "C" fn AVmAttestationResult_free(res: *mut AttestationResult) {
- if !res.is_null() {
- // SAFETY: The result is only freed once is ensured by the caller.
- let res = unsafe { Box::from_raw(res) };
- drop(res)
- }
-}
-
-/// Gets the path to the APK contents.
-#[no_mangle]
-pub extern "C" fn AVmPayload_getApkContentsPath() -> *const c_char {
- VM_APK_CONTENTS_PATH_C.as_ptr()
-}
-
-/// Gets the path to the VM's encrypted storage.
-#[no_mangle]
-pub extern "C" fn AVmPayload_getEncryptedStoragePath() -> *const c_char {
- if Path::new(ENCRYPTEDSTORE_MOUNTPOINT).exists() {
- VM_ENCRYPTED_STORAGE_PATH_C.as_ptr()
- } else {
- ptr::null()
- }
-}
diff --git a/vm_payload/src/lib.rs b/vm_payload/src/lib.rs
index 9e10895..7978059 100644
--- a/vm_payload/src/lib.rs
+++ b/vm_payload/src/lib.rs
@@ -12,14 +12,498 @@
// See the License for the specific language governing permissions and
// limitations under the License.
-//! Library for payload to communicate with the Microdroid Manager.
+//! This module handles the interaction with virtual machine payload service.
-mod api;
-
-pub use api::{
- AVmAttestationResult_free, AVmAttestationResult_getCertificateAt,
- AVmAttestationResult_getCertificateCount, AVmAttestationResult_getPrivateKey,
- AVmAttestationResult_resultToString, AVmAttestationResult_sign,
- AVmPayload_getDiceAttestationCdi, AVmPayload_getDiceAttestationChain,
- AVmPayload_getVmInstanceSecret, AVmPayload_notifyPayloadReady, AVmPayload_requestAttestation,
+use android_system_virtualization_payload::aidl::android::system::virtualization::payload:: IVmPayloadService::{
+ IVmPayloadService, ENCRYPTEDSTORE_MOUNTPOINT, VM_APK_CONTENTS_PATH,
+ VM_PAYLOAD_SERVICE_SOCKET_NAME, AttestationResult::AttestationResult,
};
+use anyhow::{bail, ensure, Context, Result};
+use binder::{
+ unstable_api::{new_spibinder, AIBinder},
+ Strong, ExceptionCode,
+};
+use lazy_static::lazy_static;
+use log::{error, info, LevelFilter};
+use rpcbinder::{RpcServer, RpcSession};
+use openssl::{ec::EcKey, sha::sha256, ecdsa::EcdsaSig};
+use std::convert::Infallible;
+use std::ffi::{CString, CStr};
+use std::fmt::Debug;
+use std::os::raw::{c_char, c_void};
+use std::path::Path;
+use std::ptr::{self, NonNull};
+use std::sync::{
+ atomic::{AtomicBool, Ordering},
+ Mutex,
+};
+use vm_payload_status_bindgen::attestation_status_t;
+
+lazy_static! {
+ static ref VM_APK_CONTENTS_PATH_C: CString =
+ CString::new(VM_APK_CONTENTS_PATH).expect("CString::new failed");
+ static ref PAYLOAD_CONNECTION: Mutex<Option<Strong<dyn IVmPayloadService>>> = Mutex::default();
+ static ref VM_ENCRYPTED_STORAGE_PATH_C: CString =
+ CString::new(ENCRYPTEDSTORE_MOUNTPOINT).expect("CString::new failed");
+}
+
+static ALREADY_NOTIFIED: AtomicBool = AtomicBool::new(false);
+
+/// Return a connection to the payload service in Microdroid Manager. Uses the existing connection
+/// if there is one, otherwise attempts to create a new one.
+fn get_vm_payload_service() -> Result<Strong<dyn IVmPayloadService>> {
+ let mut connection = PAYLOAD_CONNECTION.lock().unwrap();
+ if let Some(strong) = &*connection {
+ Ok(strong.clone())
+ } else {
+ let new_connection: Strong<dyn IVmPayloadService> = RpcSession::new()
+ .setup_unix_domain_client(VM_PAYLOAD_SERVICE_SOCKET_NAME)
+ .context(format!("Failed to connect to service: {}", VM_PAYLOAD_SERVICE_SOCKET_NAME))?;
+ *connection = Some(new_connection.clone());
+ Ok(new_connection)
+ }
+}
+
+/// Make sure our logging goes to logcat. It is harmless to call this more than once.
+fn initialize_logging() {
+ android_logger::init_once(
+ android_logger::Config::default().with_tag("vm_payload").with_max_level(LevelFilter::Info),
+ );
+}
+
+/// In many cases clients can't do anything useful if API calls fail, and the failure
+/// generally indicates that the VM is exiting or otherwise doomed. So rather than
+/// returning a non-actionable error indication we just log the problem and abort
+/// the process.
+fn unwrap_or_abort<T, E: Debug>(result: Result<T, E>) -> T {
+ result.unwrap_or_else(|e| {
+ let msg = format!("{:?}", e);
+ error!("{msg}");
+ panic!("{msg}")
+ })
+}
+
+/// Notifies the host that the payload is ready.
+/// Panics on failure.
+#[no_mangle]
+pub extern "C" fn AVmPayload_notifyPayloadReady() {
+ initialize_logging();
+
+ if !ALREADY_NOTIFIED.swap(true, Ordering::Relaxed) {
+ unwrap_or_abort(try_notify_payload_ready());
+
+ info!("Notified host payload ready successfully");
+ }
+}
+
+/// Notifies the host that the payload is ready.
+/// Returns a `Result` containing error information if failed.
+fn try_notify_payload_ready() -> Result<()> {
+ get_vm_payload_service()?.notifyPayloadReady().context("Cannot notify payload ready")
+}
+
+/// Runs a binder RPC server, serving the supplied binder service implementation on the given vsock
+/// port.
+///
+/// If and when the server is ready for connections (it is listening on the port), `on_ready` is
+/// called to allow appropriate action to be taken - e.g. to notify clients that they may now
+/// attempt to connect.
+///
+/// The current thread joins the binder thread pool to handle incoming messages.
+/// This function never returns.
+///
+/// Panics on error (including unexpected server exit).
+///
+/// # Safety
+///
+/// If present, the `on_ready` callback must be a valid function pointer, which will be called at
+/// most once, while this function is executing, with the `param` parameter.
+#[no_mangle]
+pub unsafe extern "C" fn AVmPayload_runVsockRpcServer(
+ service: *mut AIBinder,
+ port: u32,
+ on_ready: Option<unsafe extern "C" fn(param: *mut c_void)>,
+ param: *mut c_void,
+) -> Infallible {
+ initialize_logging();
+
+ // SAFETY: try_run_vsock_server has the same requirements as this function
+ unwrap_or_abort(unsafe { try_run_vsock_server(service, port, on_ready, param) })
+}
+
+/// # Safety: Same as `AVmPayload_runVsockRpcServer`.
+unsafe fn try_run_vsock_server(
+ service: *mut AIBinder,
+ port: u32,
+ on_ready: Option<unsafe extern "C" fn(param: *mut c_void)>,
+ param: *mut c_void,
+) -> Result<Infallible> {
+ // SAFETY: AIBinder returned has correct reference count, and the ownership can
+ // safely be taken by new_spibinder.
+ let service = unsafe { new_spibinder(service) };
+ if let Some(service) = service {
+ match RpcServer::new_vsock(service, libc::VMADDR_CID_HOST, port) {
+ Ok(server) => {
+ if let Some(on_ready) = on_ready {
+ // SAFETY: We're calling the callback with the parameter specified within the
+ // allowed lifetime.
+ unsafe { on_ready(param) };
+ }
+ server.join();
+ bail!("RpcServer unexpectedly terminated");
+ }
+ Err(err) => {
+ bail!("Failed to start RpcServer: {:?}", err);
+ }
+ }
+ } else {
+ bail!("Failed to convert the given service from AIBinder to SpIBinder.");
+ }
+}
+
+/// Get a secret that is uniquely bound to this VM instance.
+/// Panics on failure.
+///
+/// # Safety
+///
+/// Behavior is undefined if any of the following conditions are violated:
+///
+/// * `identifier` must be [valid] for reads of `identifier_size` bytes.
+/// * `secret` must be [valid] for writes of `size` bytes.
+///
+/// [valid]: ptr#safety
+#[no_mangle]
+pub unsafe extern "C" fn AVmPayload_getVmInstanceSecret(
+ identifier: *const u8,
+ identifier_size: usize,
+ secret: *mut u8,
+ size: usize,
+) {
+ initialize_logging();
+
+ // SAFETY: See the requirements on `identifier` above.
+ let identifier = unsafe { std::slice::from_raw_parts(identifier, identifier_size) };
+ let vm_secret = unwrap_or_abort(try_get_vm_instance_secret(identifier, size));
+
+ // SAFETY: See the requirements on `secret` above; `vm_secret` is known to have length `size`,
+ // and cannot overlap `secret` because we just allocated it.
+ unsafe {
+ ptr::copy_nonoverlapping(vm_secret.as_ptr(), secret, size);
+ }
+}
+
+fn try_get_vm_instance_secret(identifier: &[u8], size: usize) -> Result<Vec<u8>> {
+ let vm_secret = get_vm_payload_service()?
+ .getVmInstanceSecret(identifier, i32::try_from(size)?)
+ .context("Cannot get VM instance secret")?;
+ ensure!(
+ vm_secret.len() == size,
+ "Returned secret has {} bytes, expected {}",
+ vm_secret.len(),
+ size
+ );
+ Ok(vm_secret)
+}
+
+/// Get the VM's attestation chain.
+/// Panics on failure.
+///
+/// # Safety
+///
+/// Behavior is undefined if any of the following conditions are violated:
+///
+/// * `data` must be [valid] for writes of `size` bytes, if size > 0.
+///
+/// [valid]: ptr#safety
+#[no_mangle]
+pub unsafe extern "C" fn AVmPayload_getDiceAttestationChain(data: *mut u8, size: usize) -> usize {
+ initialize_logging();
+
+ let chain = unwrap_or_abort(try_get_dice_attestation_chain());
+ if size != 0 {
+ // SAFETY: See the requirements on `data` above. The number of bytes copied doesn't exceed
+ // the length of either buffer, and `chain` cannot overlap `data` because we just allocated
+ // it. We allow data to be null, which is never valid, but only if size == 0 which is
+ // checked above.
+ unsafe { ptr::copy_nonoverlapping(chain.as_ptr(), data, std::cmp::min(chain.len(), size)) };
+ }
+ chain.len()
+}
+
+fn try_get_dice_attestation_chain() -> Result<Vec<u8>> {
+ get_vm_payload_service()?.getDiceAttestationChain().context("Cannot get attestation chain")
+}
+
+/// Get the VM's attestation CDI.
+/// Panics on failure.
+///
+/// # Safety
+///
+/// Behavior is undefined if any of the following conditions are violated:
+///
+/// * `data` must be [valid] for writes of `size` bytes, if size > 0.
+///
+/// [valid]: ptr#safety
+#[no_mangle]
+pub unsafe extern "C" fn AVmPayload_getDiceAttestationCdi(data: *mut u8, size: usize) -> usize {
+ initialize_logging();
+
+ let cdi = unwrap_or_abort(try_get_dice_attestation_cdi());
+ if size != 0 {
+ // SAFETY: See the requirements on `data` above. The number of bytes copied doesn't exceed
+ // the length of either buffer, and `cdi` cannot overlap `data` because we just allocated
+ // it. We allow data to be null, which is never valid, but only if size == 0 which is
+ // checked above.
+ unsafe { ptr::copy_nonoverlapping(cdi.as_ptr(), data, std::cmp::min(cdi.len(), size)) };
+ }
+ cdi.len()
+}
+
+fn try_get_dice_attestation_cdi() -> Result<Vec<u8>> {
+ get_vm_payload_service()?.getDiceAttestationCdi().context("Cannot get attestation CDI")
+}
+
+/// Requests the remote attestation of the client VM.
+///
+/// The challenge will be included in the certificate chain in the attestation result,
+/// serving as proof of the freshness of the result.
+///
+/// # Safety
+///
+/// Behavior is undefined if any of the following conditions are violated:
+///
+/// * `challenge` must be [valid] for reads of `challenge_size` bytes.
+/// * `res` must be [valid] to write the attestation result.
+/// * The region of memory beginning at `challenge` with `challenge_size` bytes must not
+/// overlap with the region of memory `res` points to.
+///
+/// [valid]: ptr#safety
+#[no_mangle]
+pub unsafe extern "C" fn AVmPayload_requestAttestation(
+ challenge: *const u8,
+ challenge_size: usize,
+ res: &mut *mut AttestationResult,
+) -> attestation_status_t {
+ initialize_logging();
+ const MAX_CHALLENGE_SIZE: usize = 64;
+ if challenge_size > MAX_CHALLENGE_SIZE {
+ return attestation_status_t::ATTESTATION_ERROR_INVALID_CHALLENGE;
+ }
+ let challenge = if challenge_size == 0 {
+ &[]
+ } else {
+ // SAFETY: The caller guarantees that `challenge` is valid for reads of
+ // `challenge_size` bytes and `challenge_size` is not zero.
+ unsafe { std::slice::from_raw_parts(challenge, challenge_size) }
+ };
+ let service = unwrap_or_abort(get_vm_payload_service());
+ match service.requestAttestation(challenge) {
+ Ok(attestation_res) => {
+ *res = Box::into_raw(Box::new(attestation_res));
+ attestation_status_t::ATTESTATION_OK
+ }
+ Err(e) => {
+ error!("Remote attestation failed: {e:?}");
+ binder_status_to_attestation_status(e)
+ }
+ }
+}
+
+fn binder_status_to_attestation_status(status: binder::Status) -> attestation_status_t {
+ match status.exception_code() {
+ ExceptionCode::UNSUPPORTED_OPERATION => attestation_status_t::ATTESTATION_ERROR_UNSUPPORTED,
+ _ => attestation_status_t::ATTESTATION_ERROR_ATTESTATION_FAILED,
+ }
+}
+
+/// Converts the return value from `AVmPayload_requestAttestation` to a text string
+/// representing the error code.
+#[no_mangle]
+pub extern "C" fn AVmAttestationResult_resultToString(
+ status: attestation_status_t,
+) -> *const c_char {
+ let message = match status {
+ attestation_status_t::ATTESTATION_OK => {
+ CStr::from_bytes_with_nul(b"The remote attestation completes successfully.\0").unwrap()
+ }
+ attestation_status_t::ATTESTATION_ERROR_INVALID_CHALLENGE => {
+ CStr::from_bytes_with_nul(b"The challenge size is not between 0 and 64.\0").unwrap()
+ }
+ attestation_status_t::ATTESTATION_ERROR_ATTESTATION_FAILED => {
+ CStr::from_bytes_with_nul(b"Failed to attest the VM. Please retry at a later time.\0")
+ .unwrap()
+ }
+ attestation_status_t::ATTESTATION_ERROR_UNSUPPORTED => CStr::from_bytes_with_nul(
+ b"Remote attestation is not supported in the current environment.\0",
+ )
+ .unwrap(),
+ };
+ message.as_ptr()
+}
+
+/// Reads the DER-encoded ECPrivateKey structure specified in [RFC 5915 s3] for the
+/// EC P-256 private key from the provided attestation result.
+///
+/// # Safety
+///
+/// Behavior is undefined if any of the following conditions are violated:
+///
+/// * `data` must be [valid] for writes of `size` bytes, if size > 0.
+/// * The region of memory beginning at `data` with `size` bytes must not overlap with the
+/// region of memory `res` points to.
+///
+/// [valid]: ptr#safety
+/// [RFC 5915 s3]: https://datatracker.ietf.org/doc/html/rfc5915#section-3
+#[no_mangle]
+pub unsafe extern "C" fn AVmAttestationResult_getPrivateKey(
+ res: &AttestationResult,
+ data: *mut u8,
+ size: usize,
+) -> usize {
+ let private_key = &res.privateKey;
+ if size != 0 {
+ let data = NonNull::new(data).expect("data must not be null when size > 0");
+ // SAFETY: See the requirements on `data` above. The number of bytes copied doesn't exceed
+ // the length of either buffer, and the caller ensures that `private_key` cannot overlap
+ // `data`. We allow data to be null, which is never valid, but only if size == 0
+ // which is checked above.
+ unsafe {
+ ptr::copy_nonoverlapping(
+ private_key.as_ptr(),
+ data.as_ptr(),
+ std::cmp::min(private_key.len(), size),
+ )
+ };
+ }
+ private_key.len()
+}
+
+/// Signs the given message using ECDSA P-256, the message is first hashed with SHA-256 and
+/// then it is signed with the attested EC P-256 private key in the attestation result.
+///
+/// # Safety
+///
+/// Behavior is undefined if any of the following conditions are violated:
+///
+/// * `message` must be [valid] for reads of `message_size` bytes.
+/// * `data` must be [valid] for writes of `size` bytes, if size > 0.
+/// * The region of memory beginning at `data` with `size` bytes must not overlap with the
+/// region of memory `res` or `message` point to.
+///
+///
+/// [valid]: ptr#safety
+#[no_mangle]
+pub unsafe extern "C" fn AVmAttestationResult_sign(
+ res: &AttestationResult,
+ message: *const u8,
+ message_size: usize,
+ data: *mut u8,
+ size: usize,
+) -> usize {
+ if message_size == 0 {
+ panic!("Message to be signed must not be empty.")
+ }
+ // SAFETY: See the requirements on `message` above.
+ let message = unsafe { std::slice::from_raw_parts(message, message_size) };
+ let signature = unwrap_or_abort(try_ecdsa_sign(message, &res.privateKey));
+ if size != 0 {
+ let data = NonNull::new(data).expect("data must not be null when size > 0");
+ // SAFETY: See the requirements on `data` above. The number of bytes copied doesn't exceed
+ // the length of either buffer, and the caller ensures that `signature` cannot overlap
+ // `data`. We allow data to be null, which is never valid, but only if size == 0
+ // which is checked above.
+ unsafe {
+ ptr::copy_nonoverlapping(
+ signature.as_ptr(),
+ data.as_ptr(),
+ std::cmp::min(signature.len(), size),
+ )
+ };
+ }
+ signature.len()
+}
+
+fn try_ecdsa_sign(message: &[u8], der_encoded_ec_private_key: &[u8]) -> Result<Vec<u8>> {
+ let private_key = EcKey::private_key_from_der(der_encoded_ec_private_key)?;
+ let digest = sha256(message);
+ let sig = EcdsaSig::sign(&digest, &private_key)?;
+ Ok(sig.to_der()?)
+}
+
+/// Gets the number of certificates in the certificate chain.
+#[no_mangle]
+pub extern "C" fn AVmAttestationResult_getCertificateCount(res: &AttestationResult) -> usize {
+ res.certificateChain.len()
+}
+
+/// Retrieves the certificate at the given `index` from the certificate chain in the provided
+/// attestation result.
+///
+/// # Safety
+///
+/// Behavior is undefined if any of the following conditions are violated:
+///
+/// * `data` must be [valid] for writes of `size` bytes, if size > 0.
+/// * `index` must be within the range of [0, number of certificates). The number of certificates
+/// can be obtained with `AVmAttestationResult_getCertificateCount`.
+/// * The region of memory beginning at `data` with `size` bytes must not overlap with the
+/// region of memory `res` points to.
+///
+/// [valid]: ptr#safety
+#[no_mangle]
+pub unsafe extern "C" fn AVmAttestationResult_getCertificateAt(
+ res: &AttestationResult,
+ index: usize,
+ data: *mut u8,
+ size: usize,
+) -> usize {
+ let certificate =
+ &res.certificateChain.get(index).expect("The index is out of bounds.").encodedCertificate;
+ if size != 0 {
+ let data = NonNull::new(data).expect("data must not be null when size > 0");
+ // SAFETY: See the requirements on `data` above. The number of bytes copied doesn't exceed
+ // the length of either buffer, and the caller ensures that `certificate` cannot overlap
+ // `data`. We allow data to be null, which is never valid, but only if size == 0
+ // which is checked above.
+ unsafe {
+ ptr::copy_nonoverlapping(
+ certificate.as_ptr(),
+ data.as_ptr(),
+ std::cmp::min(certificate.len(), size),
+ )
+ };
+ }
+ certificate.len()
+}
+
+/// Frees all the data owned by given attestation result and result itself.
+///
+/// # Safety
+///
+/// Behavior is undefined if any of the following conditions are violated:
+///
+/// * `res` must point to a valid `AttestationResult` and has not been freed before.
+#[no_mangle]
+pub unsafe extern "C" fn AVmAttestationResult_free(res: *mut AttestationResult) {
+ if !res.is_null() {
+ // SAFETY: The result is only freed once is ensured by the caller.
+ let res = unsafe { Box::from_raw(res) };
+ drop(res)
+ }
+}
+
+/// Gets the path to the APK contents.
+#[no_mangle]
+pub extern "C" fn AVmPayload_getApkContentsPath() -> *const c_char {
+ VM_APK_CONTENTS_PATH_C.as_ptr()
+}
+
+/// Gets the path to the VM's encrypted storage.
+#[no_mangle]
+pub extern "C" fn AVmPayload_getEncryptedStoragePath() -> *const c_char {
+ if Path::new(ENCRYPTEDSTORE_MOUNTPOINT).exists() {
+ VM_ENCRYPTED_STORAGE_PATH_C.as_ptr()
+ } else {
+ ptr::null()
+ }
+}
diff --git a/vmbase/Android.bp b/vmbase/Android.bp
index e682773..07e1b4c 100644
--- a/vmbase/Android.bp
+++ b/vmbase/Android.bp
@@ -41,6 +41,7 @@
// Used by extra cc_library_static linked into the final ELF.
cc_defaults {
name: "vmbase_cc_defaults",
+ defaults: ["avf_build_flags_cc"],
nocrt: true,
no_libcrt: true,
system_shared_libs: [],
diff --git a/vmbase/example/tests/test.rs b/vmbase/example/tests/test.rs
index 17ff947..2df5a80 100644
--- a/vmbase/example/tests/test.rs
+++ b/vmbase/example/tests/test.rs
@@ -42,7 +42,9 @@
#[test]
fn test_run_example_vm() -> Result<(), Error> {
android_logger::init_once(
- android_logger::Config::default().with_tag("vmbase").with_min_level(log::Level::Debug),
+ android_logger::Config::default()
+ .with_tag("vmbase")
+ .with_max_level(log::LevelFilter::Debug),
);
// Redirect panic messages to logcat.
diff --git a/zipfuse/Android.bp b/zipfuse/Android.bp
index 974d66a..7ee0ef1 100644
--- a/zipfuse/Android.bp
+++ b/zipfuse/Android.bp
@@ -1,4 +1,5 @@
package {
+ default_team: "trendy_team_virtualization",
default_applicable_licenses: ["Android-Apache-2.0"],
}