Merge changes from topic "libmemoffset_nostd" into main

* changes:
  libfdt: Make get_property_by_offset() less unsafe
  libfdt: Move FFI for DT properties to Libfdt*
  libfdt: Add setprop_placeholder & Improve trimprop
  libfdt: Make Libfdt::string() actually safe
  libfdt: Move string functions to Libfdt
  libfdt: Move phandle functions and 0-cost Phandle
diff --git a/Android.bp b/Android.bp
index 696a963..03bea5a 100644
--- a/Android.bp
+++ b/Android.bp
@@ -62,6 +62,27 @@
     },
 }
 
+soong_config_module_type {
+    name: "avf_flag_aware_cc_defaults",
+    module_type: "cc_defaults",
+    config_namespace: "ANDROID",
+    bool_variables: [
+        "release_avf_enable_virt_cpufreq",
+    ],
+    properties: [
+        "cflags",
+    ],
+}
+
+avf_flag_aware_cc_defaults {
+    name: "avf_build_flags_cc",
+    soong_config_variables: {
+        release_avf_enable_virt_cpufreq: {
+            cflags: ["-DAVF_ENABLE_VIRT_CPUFREQ=1"],
+        },
+    },
+}
+
 genrule_defaults {
     name: "dts_to_dtb",
     tools: ["dtc"],
diff --git a/apex/Android.bp b/apex/Android.bp
index 7cc0414..ba42c88 100644
--- a/apex/Android.bp
+++ b/apex/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/apex/empty-payload-apk/Android.bp b/apex/empty-payload-apk/Android.bp
index 8bd138f..72ec392 100644
--- a/apex/empty-payload-apk/Android.bp
+++ b/apex/empty-payload-apk/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
@@ -17,6 +18,7 @@
 
 cc_library {
     name: "MicrodroidEmptyPayloadJniLib",
+    defaults: ["avf_build_flags_cc"],
     srcs: ["empty_binary.cpp"],
     shared_libs: ["libvm_payload#current"],
     installable: true,
diff --git a/apex/permissions/Android.bp b/apex/permissions/Android.bp
index 0c925ce..38fd9a1 100644
--- a/apex/permissions/Android.bp
+++ b/apex/permissions/Android.bp
@@ -14,6 +14,7 @@
 // limitations under the License.
 
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/apkdmverity/Android.bp b/apkdmverity/Android.bp
index 0cb8ca1..40c5f72 100644
--- a/apkdmverity/Android.bp
+++ b/apkdmverity/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/authfs/Android.bp b/authfs/Android.bp
index 8ac600d..8dc6d86 100644
--- a/authfs/Android.bp
+++ b/authfs/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/authfs/aidl/Android.bp b/authfs/aidl/Android.bp
index 9504037..277a964 100644
--- a/authfs/aidl/Android.bp
+++ b/authfs/aidl/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/authfs/fd_server/Android.bp b/authfs/fd_server/Android.bp
index b02c104..9a16d04 100644
--- a/authfs/fd_server/Android.bp
+++ b/authfs/fd_server/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/authfs/fd_server/src/aidl.rs b/authfs/fd_server/src/aidl.rs
index ada3ffb..8edd899 100644
--- a/authfs/fd_server/src/aidl.rs
+++ b/authfs/fd_server/src/aidl.rs
@@ -375,6 +375,10 @@
     }
 }
 
+// FFI types like `c_long` vary on 32/64-bit, and the check is only needed on
+// 64-bit conversions. Fixing this lint makes the code less readable.
+#[allow(unknown_lints)]
+#[allow(clippy::unnecessary_fallible_conversions)]
 fn try_into_fs_stat(st: Statvfs) -> Result<FsStat, std::num::TryFromIntError> {
     Ok(FsStat {
         blockSize: st.block_size().try_into()?,
diff --git a/authfs/service/Android.bp b/authfs/service/Android.bp
index 2101a36..b4d3b09 100644
--- a/authfs/service/Android.bp
+++ b/authfs/service/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/authfs/src/fsverity/metadata/Android.bp b/authfs/src/fsverity/metadata/Android.bp
index c874c2b..c468b7d 100644
--- a/authfs/src/fsverity/metadata/Android.bp
+++ b/authfs/src/fsverity/metadata/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/authfs/tests/benchmarks/Android.bp b/authfs/tests/benchmarks/Android.bp
index cea5a81..5820cb4 100644
--- a/authfs/tests/benchmarks/Android.bp
+++ b/authfs/tests/benchmarks/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
@@ -28,6 +29,7 @@
 
 cc_binary {
     name: "measure_io",
+    defaults: ["avf_build_flags_cc"],
     srcs: [
         "src/measure_io.cpp",
     ],
diff --git a/authfs/tests/common/Android.bp b/authfs/tests/common/Android.bp
index bba329e..60d2df3 100644
--- a/authfs/tests/common/Android.bp
+++ b/authfs/tests/common/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/authfs/tests/common/src/open_then_run.rs b/authfs/tests/common/src/open_then_run.rs
index 6d828e4..a976784 100644
--- a/authfs/tests/common/src/open_then_run.rs
+++ b/authfs/tests/common/src/open_then_run.rs
@@ -161,7 +161,7 @@
     android_logger::init_once(
         android_logger::Config::default()
             .with_tag("open_then_run")
-            .with_min_level(log::Level::Debug),
+            .with_max_level(log::LevelFilter::Debug),
     );
 
     if let Err(e) = try_main() {
diff --git a/authfs/tests/hosttests/Android.bp b/authfs/tests/hosttests/Android.bp
index 83ef853..1e95e10 100644
--- a/authfs/tests/hosttests/Android.bp
+++ b/authfs/tests/hosttests/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/compos/Android.bp b/compos/Android.bp
index b840506..bf57e27 100644
--- a/compos/Android.bp
+++ b/compos/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/compos/aidl/Android.bp b/compos/aidl/Android.bp
index 7036511..1660837 100644
--- a/compos/aidl/Android.bp
+++ b/compos/aidl/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/compos/apex/Android.bp b/compos/apex/Android.bp
index 55cc446..8b1ba27 100644
--- a/compos/apex/Android.bp
+++ b/compos/apex/Android.bp
@@ -12,6 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/compos/apex/composd.rc b/compos/apex/composd.rc
index df04642..55f3737 100644
--- a/compos/apex/composd.rc
+++ b/compos/apex/composd.rc
@@ -19,10 +19,7 @@
     interface aidl android.system.composd
     disabled
     oneshot
-    # Explicitly specify empty capabilities, otherwise composd will inherit all
-    # the capabilities from init.
-    # Note: whether a process can use capabilities is controlled by SELinux, so
-    # inheriting all the capabilities from init is not a security issue.
-    # However, for defense-in-depth and just for the sake of bookkeeping it's
-    # better to explicitly state that composd doesn't need any capabilities.
-    capabilities
+    # We need SYS_NICE in order to allow the crosvm child process to use it.
+    # (b/322197421). composd itself never uses it (and isn't allowed to by
+    # SELinux).
+    capabilities SYS_NICE
diff --git a/compos/apk/Android.bp b/compos/apk/Android.bp
index c6192b9..a06a5a4 100644
--- a/compos/apk/Android.bp
+++ b/compos/apk/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/compos/benchmark/Android.bp b/compos/benchmark/Android.bp
index 93927a2..96d35b4 100644
--- a/compos/benchmark/Android.bp
+++ b/compos/benchmark/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/compos/common/Android.bp b/compos/common/Android.bp
index 01ab7c9..32bdf8a 100644
--- a/compos/common/Android.bp
+++ b/compos/common/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/compos/compos_key_helper/Android.bp b/compos/compos_key_helper/Android.bp
index f8dc783..7d27525 100644
--- a/compos/compos_key_helper/Android.bp
+++ b/compos/compos_key_helper/Android.bp
@@ -1,9 +1,11 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
 cc_defaults {
     name: "compos_key_defaults",
+    defaults: ["avf_build_flags_cc"],
     apex_available: ["com.android.compos"],
 
     shared_libs: [
diff --git a/compos/composd/Android.bp b/compos/composd/Android.bp
index b0294dd..96d4da7 100644
--- a/compos/composd/Android.bp
+++ b/compos/composd/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/compos/composd/aidl/Android.bp b/compos/composd/aidl/Android.bp
index 56b0b60..20e3679 100644
--- a/compos/composd/aidl/Android.bp
+++ b/compos/composd/aidl/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/compos/composd/native/Android.bp b/compos/composd/native/Android.bp
index f35517f..a0923ef 100644
--- a/compos/composd/native/Android.bp
+++ b/compos/composd/native/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/compos/composd_cmd/Android.bp b/compos/composd_cmd/Android.bp
index 4d3ed5f..8b7a909 100644
--- a/compos/composd_cmd/Android.bp
+++ b/compos/composd_cmd/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/compos/service/Android.bp b/compos/service/Android.bp
index 3dcf8be..478ea3b 100644
--- a/compos/service/Android.bp
+++ b/compos/service/Android.bp
@@ -13,6 +13,7 @@
 // limitations under the License.
 
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/compos/tests/Android.bp b/compos/tests/Android.bp
index 511ecd0..1213a16 100644
--- a/compos/tests/Android.bp
+++ b/compos/tests/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/compos/verify/Android.bp b/compos/verify/Android.bp
index f4d8695..6fba1fd 100644
--- a/compos/verify/Android.bp
+++ b/compos/verify/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/compos/verify/native/Android.bp b/compos/verify/native/Android.bp
index 438d93a..ac2fcfb 100644
--- a/compos/verify/native/Android.bp
+++ b/compos/verify/native/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
@@ -24,6 +25,7 @@
 
 cc_library_static {
     name: "libcompos_verify_native_cpp",
+    defaults: ["avf_build_flags_cc"],
     srcs: ["verify_native.cpp"],
     static_libs: ["libcompos_key"],
     shared_libs: [
diff --git a/demo/Android.bp b/demo/Android.bp
index a291ee1..90e302a 100644
--- a/demo/Android.bp
+++ b/demo/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/demo_native/Android.bp b/demo_native/Android.bp
index 901f829..facb2bb 100644
--- a/demo_native/Android.bp
+++ b/demo_native/Android.bp
@@ -1,9 +1,11 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
 cc_binary {
     name: "vm_demo_native",
+    defaults: ["avf_build_flags_cc"],
     srcs: ["main.cpp"],
     static_libs: [
         "libbase",
diff --git a/encryptedstore/Android.bp b/encryptedstore/Android.bp
index aa46c35..225eedd 100644
--- a/encryptedstore/Android.bp
+++ b/encryptedstore/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/javalib/Android.bp b/javalib/Android.bp
index e3cb2e3..680d59b 100644
--- a/javalib/Android.bp
+++ b/javalib/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/javalib/api/test-current.txt b/javalib/api/test-current.txt
index 958005f..5aff93f 100644
--- a/javalib/api/test-current.txt
+++ b/javalib/api/test-current.txt
@@ -7,12 +7,14 @@
   }
 
   public final class VirtualMachineConfig {
+    method @FlaggedApi("RELEASE_AVF_ENABLE_MULTI_TENANT_MICRODROID_VM") @NonNull public java.util.List<java.lang.String> getExtraApks();
     method @FlaggedApi("RELEASE_AVF_ENABLE_VENDOR_MODULES") @Nullable public String getOs();
     method @Nullable public String getPayloadConfigPath();
     method public boolean isVmConsoleInputSupported();
   }
 
   public static final class VirtualMachineConfig.Builder {
+    method @FlaggedApi("RELEASE_AVF_ENABLE_MULTI_TENANT_MICRODROID_VM") @NonNull public android.system.virtualmachine.VirtualMachineConfig.Builder addExtraApk(@NonNull String);
     method @FlaggedApi("RELEASE_AVF_ENABLE_VENDOR_MODULES") @NonNull public android.system.virtualmachine.VirtualMachineConfig.Builder setOs(@NonNull String);
     method @NonNull @RequiresPermission(android.system.virtualmachine.VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION) public android.system.virtualmachine.VirtualMachineConfig.Builder setPayloadConfigPath(@NonNull String);
     method @FlaggedApi("RELEASE_AVF_ENABLE_VENDOR_MODULES") @NonNull @RequiresPermission(android.system.virtualmachine.VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION) public android.system.virtualmachine.VirtualMachineConfig.Builder setVendorDiskImage(@NonNull java.io.File);
diff --git a/javalib/jni/Android.bp b/javalib/jni/Android.bp
index e82b2ce..24dece2 100644
--- a/javalib/jni/Android.bp
+++ b/javalib/jni/Android.bp
@@ -1,9 +1,11 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
 cc_library_shared {
     name: "libvirtualizationservice_jni",
+    defaults: ["avf_build_flags_cc"],
     srcs: [
         "android_system_virtualmachine_VirtualizationService.cpp",
     ],
@@ -19,6 +21,7 @@
 
 cc_library_shared {
     name: "libvirtualmachine_jni",
+    defaults: ["avf_build_flags_cc"],
     srcs: [
         "android_system_virtualmachine_VirtualMachine.cpp",
     ],
diff --git a/javalib/src/android/system/virtualmachine/VirtualMachine.java b/javalib/src/android/system/virtualmachine/VirtualMachine.java
index 16f9631..5025e88 100644
--- a/javalib/src/android/system/virtualmachine/VirtualMachine.java
+++ b/javalib/src/android/system/virtualmachine/VirtualMachine.java
@@ -54,6 +54,8 @@
 import android.annotation.WorkerThread;
 import android.content.ComponentCallbacks2;
 import android.content.Context;
+import android.content.pm.ApplicationInfo;
+import android.content.pm.PackageManager;
 import android.content.res.Configuration;
 import android.os.Binder;
 import android.os.IBinder;
@@ -76,7 +78,6 @@
 
 import java.io.File;
 import java.io.FileInputStream;
-import java.io.FileOutputStream;
 import java.io.FileNotFoundException;
 import java.io.FileOutputStream;
 import java.io.IOException;
@@ -807,10 +808,30 @@
                     createVmInputPipes();
                 }
 
+                VirtualMachineConfig vmConfig = getConfig();
                 VirtualMachineAppConfig appConfig =
-                        getConfig().toVsConfig(mContext.getPackageManager());
+                        vmConfig.toVsConfig(mContext.getPackageManager());
                 appConfig.name = mName;
 
+                if (!vmConfig.getExtraApks().isEmpty()) {
+                    // Extra APKs were specified directly, rather than via config file.
+                    // We've already populated the file names for the extra APKs and IDSigs
+                    // (via setupExtraApks). But we also need to open the APK files and add
+                    // fds for them to the payload config.
+                    // This isn't needed when the extra APKs are specified in a config file - then
+                    // Virtualization Manager opens them itself.
+                    List<ParcelFileDescriptor> extraApkFiles = new ArrayList<>(mExtraApks.size());
+                    for (ExtraApkSpec extraApk : mExtraApks) {
+                        try {
+                            extraApkFiles.add(
+                                    ParcelFileDescriptor.open(extraApk.apk, MODE_READ_ONLY));
+                        } catch (FileNotFoundException e) {
+                            throw new VirtualMachineException("Failed to open extra APK", e);
+                        }
+                    }
+                    appConfig.payload.getPayloadConfig().extraApks = extraApkFiles;
+                }
+
                 try {
                     createIdSigs(service, appConfig);
                 } catch (FileNotFoundException e) {
@@ -1239,6 +1260,46 @@
         return result.toString();
     }
 
+    /**
+     * Reads the payload config inside the application, parses extra APK information, and then
+     * creates corresponding idsig file paths.
+     */
+    private static List<ExtraApkSpec> setupExtraApks(
+            @NonNull Context context, @NonNull VirtualMachineConfig config, @NonNull File vmDir)
+            throws VirtualMachineException {
+        String configPath = config.getPayloadConfigPath();
+        List<String> extraApks = config.getExtraApks();
+        if (configPath != null) {
+            return setupExtraApksFromConfigFile(context, vmDir, configPath);
+        } else if (!extraApks.isEmpty()) {
+            return setupExtraApksFromList(context, vmDir, extraApks);
+        } else {
+            return Collections.emptyList();
+        }
+    }
+
+    private static List<ExtraApkSpec> setupExtraApksFromConfigFile(
+            Context context, File vmDir, String configPath) throws VirtualMachineException {
+        try (ZipFile zipFile = new ZipFile(context.getPackageCodePath())) {
+            InputStream inputStream = zipFile.getInputStream(zipFile.getEntry(configPath));
+            List<String> apkList =
+                    parseExtraApkListFromPayloadConfig(
+                            new JsonReader(new InputStreamReader(inputStream)));
+
+            List<ExtraApkSpec> extraApks = new ArrayList<>(apkList.size());
+            for (int i = 0; i < apkList.size(); ++i) {
+                extraApks.add(
+                        new ExtraApkSpec(
+                                new File(apkList.get(i)),
+                                new File(vmDir, EXTRA_IDSIG_FILE_PREFIX + i)));
+            }
+
+            return extraApks;
+        } catch (IOException e) {
+            throw new VirtualMachineException("Couldn't parse extra apks from the vm config", e);
+        }
+    }
+
     private static List<String> parseExtraApkListFromPayloadConfig(JsonReader reader)
             throws VirtualMachineException {
         /*
@@ -1275,36 +1336,28 @@
         }
     }
 
-    /**
-     * Reads the payload config inside the application, parses extra APK information, and then
-     * creates corresponding idsig file paths.
-     */
-    private static List<ExtraApkSpec> setupExtraApks(
-            @NonNull Context context, @NonNull VirtualMachineConfig config, @NonNull File vmDir)
-            throws VirtualMachineException {
-        String configPath = config.getPayloadConfigPath();
-        if (configPath == null) {
-            return Collections.emptyList();
-        }
-        try (ZipFile zipFile = new ZipFile(context.getPackageCodePath())) {
-            InputStream inputStream =
-                    zipFile.getInputStream(zipFile.getEntry(configPath));
-            List<String> apkList =
-                    parseExtraApkListFromPayloadConfig(
-                            new JsonReader(new InputStreamReader(inputStream)));
-
-            List<ExtraApkSpec> extraApks = new ArrayList<>();
-            for (int i = 0; i < apkList.size(); ++i) {
-                extraApks.add(
-                        new ExtraApkSpec(
-                                new File(apkList.get(i)),
-                                new File(vmDir, EXTRA_IDSIG_FILE_PREFIX + i)));
+    private static List<ExtraApkSpec> setupExtraApksFromList(
+            Context context, File vmDir, List<String> extraApkInfo) throws VirtualMachineException {
+        int count = extraApkInfo.size();
+        List<ExtraApkSpec> extraApks = new ArrayList<>(count);
+        for (int i = 0; i < count; i++) {
+            String packageName = extraApkInfo.get(i);
+            ApplicationInfo appInfo;
+            try {
+                appInfo =
+                        context.getPackageManager()
+                                .getApplicationInfo(
+                                        packageName, PackageManager.ApplicationInfoFlags.of(0));
+            } catch (PackageManager.NameNotFoundException e) {
+                throw new VirtualMachineException("Extra APK package not found", e);
             }
 
-            return Collections.unmodifiableList(extraApks);
-        } catch (IOException e) {
-            throw new VirtualMachineException("Couldn't parse extra apks from the vm config", e);
+            extraApks.add(
+                    new ExtraApkSpec(
+                            new File(appInfo.sourceDir),
+                            new File(vmDir, EXTRA_IDSIG_FILE_PREFIX + i)));
         }
+        return extraApks;
     }
 
     private void importInstanceFrom(@NonNull ParcelFileDescriptor instanceFd)
diff --git a/javalib/src/android/system/virtualmachine/VirtualMachineConfig.java b/javalib/src/android/system/virtualmachine/VirtualMachineConfig.java
index e8ef195..9688789 100644
--- a/javalib/src/android/system/virtualmachine/VirtualMachineConfig.java
+++ b/javalib/src/android/system/virtualmachine/VirtualMachineConfig.java
@@ -49,7 +49,10 @@
 import java.io.OutputStream;
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
+import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collections;
+import java.util.List;
 import java.util.Objects;
 import java.util.zip.ZipFile;
 
@@ -67,7 +70,7 @@
     private static String[] EMPTY_STRING_ARRAY = {};
 
     // These define the schema of the config file persisted on disk.
-    private static final int VERSION = 7;
+    private static final int VERSION = 8;
     private static final String KEY_VERSION = "version";
     private static final String KEY_PACKAGENAME = "packageName";
     private static final String KEY_APKPATH = "apkPath";
@@ -82,6 +85,7 @@
     private static final String KEY_VM_CONSOLE_INPUT_SUPPORTED = "vmConsoleInputSupported";
     private static final String KEY_VENDOR_DISK_IMAGE_PATH = "vendorDiskImagePath";
     private static final String KEY_OS = "os";
+    private static final String KEY_EXTRA_APKS = "extraApks";
 
     /** @hide */
     @Retention(RetentionPolicy.SOURCE)
@@ -140,6 +144,8 @@
     /** Absolute path to the APK file containing the VM payload. */
     @Nullable private final String mApkPath;
 
+    private final List<String> mExtraApks;
+
     @DebugLevel private final int mDebugLevel;
 
     /**
@@ -181,6 +187,7 @@
     private VirtualMachineConfig(
             @Nullable String packageName,
             @Nullable String apkPath,
+            List<String> extraApks,
             @Nullable String payloadConfigPath,
             @Nullable String payloadBinaryName,
             @DebugLevel int debugLevel,
@@ -195,6 +202,11 @@
         // This is only called from Builder.build(); the builder handles parameter validation.
         mPackageName = packageName;
         mApkPath = apkPath;
+        mExtraApks =
+                extraApks.isEmpty()
+                        ? Collections.emptyList()
+                        : Collections.unmodifiableList(
+                                Arrays.asList(extraApks.toArray(new String[0])));
         mPayloadConfigPath = payloadConfigPath;
         mPayloadBinaryName = payloadBinaryName;
         mDebugLevel = debugLevel;
@@ -292,6 +304,13 @@
             builder.setOs(os);
         }
 
+        String[] extraApks = b.getStringArray(KEY_EXTRA_APKS);
+        if (extraApks != null) {
+            for (String extraApk : extraApks) {
+                builder.addExtraApk(extraApk);
+            }
+        }
+
         return builder.build();
     }
 
@@ -331,6 +350,10 @@
             b.putString(KEY_VENDOR_DISK_IMAGE_PATH, mVendorDiskImage.getAbsolutePath());
         }
         b.putString(KEY_OS, mOs);
+        if (!mExtraApks.isEmpty()) {
+            String[] extraApks = mExtraApks.toArray(new String[0]);
+            b.putStringArray(KEY_EXTRA_APKS, extraApks);
+        }
         b.writeToStream(output);
     }
 
@@ -347,6 +370,19 @@
     }
 
     /**
+     * Returns the package names of any extra APKs that have been requested for the VM. They are
+     * returned in the order in which they were added via {@link Builder#addExtraApk}.
+     *
+     * @hide
+     */
+    @TestApi
+    @FlaggedApi("RELEASE_AVF_ENABLE_MULTI_TENANT_MICRODROID_VM")
+    @NonNull
+    public List<String> getExtraApks() {
+        return mExtraApks;
+    }
+
+    /**
      * Returns the path within the APK to the payload config file that defines software aspects of
      * the VM.
      *
@@ -495,7 +531,8 @@
                 && Objects.equals(this.mPayloadConfigPath, other.mPayloadConfigPath)
                 && Objects.equals(this.mPayloadBinaryName, other.mPayloadBinaryName)
                 && Objects.equals(this.mPackageName, other.mPackageName)
-                && Objects.equals(this.mOs, other.mOs);
+                && Objects.equals(this.mOs, other.mOs)
+                && Objects.equals(this.mExtraApks, other.mExtraApks);
     }
 
     /**
@@ -623,6 +660,7 @@
 
         @Nullable private final String mPackageName;
         @Nullable private String mApkPath;
+        private final List<String> mExtraApks = new ArrayList<>();
         @Nullable private String mPayloadConfigPath;
         @Nullable private String mPayloadBinaryName;
         @DebugLevel private int mDebugLevel = DEBUG_LEVEL_NONE;
@@ -683,6 +721,10 @@
                     throw new IllegalStateException(
                             "setPayloadConfigPath and setOs may not both be called");
                 }
+                if (!mExtraApks.isEmpty()) {
+                    throw new IllegalStateException(
+                            "setPayloadConfigPath and addExtraApk may not both be called");
+                }
             } else {
                 if (mPayloadConfigPath != null) {
                     throw new IllegalStateException(
@@ -710,6 +752,7 @@
             return new VirtualMachineConfig(
                     packageName,
                     apkPath,
+                    mExtraApks,
                     mPayloadConfigPath,
                     mPayloadBinaryName,
                     mDebugLevel,
@@ -742,6 +785,21 @@
         }
 
         /**
+         * Specify the package name of an extra APK to be included in the VM. Each extra APK is
+         * mounted, in unzipped form, inside the VM, allowing access to the code and/or data within
+         * it. The VM entry point must be in the main APK.
+         *
+         * @hide
+         */
+        @TestApi
+        @FlaggedApi("RELEASE_AVF_ENABLE_MULTI_TENANT_MICRODROID_VM")
+        @NonNull
+        public Builder addExtraApk(@NonNull String packageName) {
+            mExtraApks.add(requireNonNull(packageName, "extra APK package name must not be null"));
+            return this;
+        }
+
+        /**
          * Sets the path within the APK to the payload config file that defines software aspects of
          * the VM. The file is a JSON file; see
          * packages/modules/Virtualization/microdroid/payload/config/src/lib.rs for the format.
diff --git a/javalib/src/android/system/virtualmachine/VirtualMachineManager.java b/javalib/src/android/system/virtualmachine/VirtualMachineManager.java
index 2802659..1250bd1 100644
--- a/javalib/src/android/system/virtualmachine/VirtualMachineManager.java
+++ b/javalib/src/android/system/virtualmachine/VirtualMachineManager.java
@@ -92,13 +92,19 @@
     })
     public @interface Capability {}
 
-    /* The implementation supports creating protected VMs, whose memory is inaccessible to the
-     * host OS.
+    /**
+     * The implementation supports creating protected VMs, whose memory is inaccessible to the host
+     * OS.
+     *
+     * @see VirtualMachineConfig.Builder#setProtectedVm
      */
     public static final int CAPABILITY_PROTECTED_VM = 1;
 
-    /* The implementation supports creating non-protected VMs, whose memory is accessible to the
+    /**
+     * The implementation supports creating non-protected VMs, whose memory is accessible to the
      * host OS.
+     *
+     * @see VirtualMachineConfig.Builder#setProtectedVm
      */
     public static final int CAPABILITY_NON_PROTECTED_VM = 2;
 
@@ -120,6 +126,7 @@
      */
     @TestApi
     public static final String FEATURE_DICE_CHANGES = IVirtualizationService.FEATURE_DICE_CHANGES;
+
     /**
      * Feature to run payload as non-root user.
      *
diff --git a/launcher/Android.bp b/launcher/Android.bp
index 6c6417f..9835fc9 100644
--- a/launcher/Android.bp
+++ b/launcher/Android.bp
@@ -1,9 +1,11 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
 cc_binary {
     name: "microdroid_launcher",
+    defaults: ["avf_build_flags_cc"],
     srcs: ["main.cpp"],
     shared_libs: [
         "libbase",
diff --git a/libs/apexutil/Android.bp b/libs/apexutil/Android.bp
index beff58d..410c3cf 100644
--- a/libs/apexutil/Android.bp
+++ b/libs/apexutil/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/libs/apkmanifest/Android.bp b/libs/apkmanifest/Android.bp
index e6fcbef..54c4f6c 100644
--- a/libs/apkmanifest/Android.bp
+++ b/libs/apkmanifest/Android.bp
@@ -4,6 +4,7 @@
 
 cc_library_shared {
     name: "libapkmanifest_native",
+    defaults: ["avf_build_flags_cc"],
     srcs: ["native/*.cpp"],
     shared_libs: [
         "libandroidfw",
diff --git a/libs/apkverify/Android.bp b/libs/apkverify/Android.bp
index 4c5a622..e39c46d 100644
--- a/libs/apkverify/Android.bp
+++ b/libs/apkverify/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/libs/apkverify/tests/apkverify_test.rs b/libs/apkverify/tests/apkverify_test.rs
index 441b708..96fad5f 100644
--- a/libs/apkverify/tests/apkverify_test.rs
+++ b/libs/apkverify/tests/apkverify_test.rs
@@ -37,7 +37,7 @@
     android_logger::init_once(
         android_logger::Config::default()
             .with_tag("apkverify_test")
-            .with_min_level(log::Level::Info),
+            .with_max_level(log::LevelFilter::Info),
     );
     info!("Test starting");
 }
diff --git a/libs/apkzip/Android.bp b/libs/apkzip/Android.bp
index dc35b5e..f3622b1 100644
--- a/libs/apkzip/Android.bp
+++ b/libs/apkzip/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/libs/avflog/Android.bp b/libs/avflog/Android.bp
index 695a6c6..7e8daef 100644
--- a/libs/avflog/Android.bp
+++ b/libs/avflog/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/libs/bssl/Android.bp b/libs/bssl/Android.bp
index 2bb5ba5..b023e87 100644
--- a/libs/bssl/Android.bp
+++ b/libs/bssl/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/libs/bssl/error/Android.bp b/libs/bssl/error/Android.bp
index 000e385..ebdbc0a 100644
--- a/libs/bssl/error/Android.bp
+++ b/libs/bssl/error/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/libs/capabilities/Android.bp b/libs/capabilities/Android.bp
index 55112e1..2799926 100644
--- a/libs/capabilities/Android.bp
+++ b/libs/capabilities/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/libs/cstr/Android.bp b/libs/cstr/Android.bp
index 4ea87df..88f43a0 100644
--- a/libs/cstr/Android.bp
+++ b/libs/cstr/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/libs/devicemapper/Android.bp b/libs/devicemapper/Android.bp
index 5332469..5c74162 100644
--- a/libs/devicemapper/Android.bp
+++ b/libs/devicemapper/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/libs/dice/open_dice/Android.bp b/libs/dice/open_dice/Android.bp
index 79d0b96..9481f5d 100644
--- a/libs/dice/open_dice/Android.bp
+++ b/libs/dice/open_dice/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_visibility: [":__subpackages__"],
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
diff --git a/libs/dice/sample_inputs/Android.bp b/libs/dice/sample_inputs/Android.bp
index 013038c..e5d35a7 100644
--- a/libs/dice/sample_inputs/Android.bp
+++ b/libs/dice/sample_inputs/Android.bp
@@ -13,6 +13,7 @@
 // limitations under the License.
 
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/libs/libfdt/Android.bp b/libs/libfdt/Android.bp
index b5f7471..6a7f7f2 100644
--- a/libs/libfdt/Android.bp
+++ b/libs/libfdt/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/libs/vbmeta/Android.bp b/libs/vbmeta/Android.bp
index 4fb6ae4..48f9e51 100644
--- a/libs/vbmeta/Android.bp
+++ b/libs/vbmeta/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/microdroid/Android.bp b/microdroid/Android.bp
index 233754a..e2d7af4 100644
--- a/microdroid/Android.bp
+++ b/microdroid/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/microdroid/init_debug_policy/Android.bp b/microdroid/init_debug_policy/Android.bp
index 2a87ac9..320417d 100644
--- a/microdroid/init_debug_policy/Android.bp
+++ b/microdroid/init_debug_policy/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/microdroid/initrd/Android.bp b/microdroid/initrd/Android.bp
index ec971fa..6f1c9a1 100644
--- a/microdroid/initrd/Android.bp
+++ b/microdroid/initrd/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/microdroid/kdump/Android.bp b/microdroid/kdump/Android.bp
index b9a18fe..5d129f4 100644
--- a/microdroid/kdump/Android.bp
+++ b/microdroid/kdump/Android.bp
@@ -1,9 +1,11 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
 cc_binary {
     name: "microdroid_kexec",
+    defaults: ["avf_build_flags_cc"],
     stem: "kexec_load",
     srcs: ["kexec.c"],
     installable: false,
@@ -13,6 +15,7 @@
 
 cc_binary {
     name: "microdroid_crashdump",
+    defaults: ["avf_build_flags_cc"],
     stem: "crashdump",
     srcs: ["crashdump.c"],
     static_executable: true,
diff --git a/microdroid/kdump/kernel/Android.bp b/microdroid/kdump/kernel/Android.bp
index 0705875..9d241b4 100644
--- a/microdroid/kdump/kernel/Android.bp
+++ b/microdroid/kdump/kernel/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["microdroid_crashdump_kernel_license"],
 }
 
diff --git a/microdroid/kernel/arm64/Android.bp b/microdroid/kernel/arm64/Android.bp
index 0975993..e014509 100644
--- a/microdroid/kernel/arm64/Android.bp
+++ b/microdroid/kernel/arm64/Android.bp
@@ -13,6 +13,7 @@
 // limitations under the License.
 
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["microdroid_kernel_prebuilts_6.1_arm64_license"],
 }
 
diff --git a/microdroid/kernel/x86_64/Android.bp b/microdroid/kernel/x86_64/Android.bp
index b3041cd..f7161de 100644
--- a/microdroid/kernel/x86_64/Android.bp
+++ b/microdroid/kernel/x86_64/Android.bp
@@ -13,6 +13,7 @@
 // limitations under the License.
 
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["microdroid_kernel_prebuilts_6.1_x86_64_license"],
 }
 
diff --git a/microdroid/payload/Android.bp b/microdroid/payload/Android.bp
index 4814a64..e67a6d5 100644
--- a/microdroid/payload/Android.bp
+++ b/microdroid/payload/Android.bp
@@ -1,9 +1,11 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
 cc_defaults {
     name: "microdroid_metadata_default",
+    defaults: ["avf_build_flags_cc"],
     host_supported: true,
     srcs: [
         "metadata.proto",
diff --git a/microdroid/payload/config/Android.bp b/microdroid/payload/config/Android.bp
index 4c72b97..7abee15 100644
--- a/microdroid/payload/config/Android.bp
+++ b/microdroid/payload/config/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/microdroid/payload/metadata/Android.bp b/microdroid/payload/metadata/Android.bp
index cd182fc..be87fb8 100644
--- a/microdroid/payload/metadata/Android.bp
+++ b/microdroid/payload/metadata/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/microdroid_manager/Android.bp b/microdroid_manager/Android.bp
index 81bb409..0174ce4 100644
--- a/microdroid_manager/Android.bp
+++ b/microdroid_manager/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/microdroid_manager/aidl/Android.bp b/microdroid_manager/aidl/Android.bp
index 353e9cc..be035df 100644
--- a/microdroid_manager/aidl/Android.bp
+++ b/microdroid_manager/aidl/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/pvmfw/Android.bp b/pvmfw/Android.bp
index b7b17e4..110d46a 100644
--- a/pvmfw/Android.bp
+++ b/pvmfw/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
@@ -294,6 +295,7 @@
 // numbers defined in the ARM DT binding headers
 cc_object {
     name: "pvmfw_platform.dts.preprocessed",
+    defaults: ["avf_build_flags_cc"],
     header_libs: ["arm_dt_bindings_headers"],
     host_supported: true,
     srcs: [":pvmfw_platform.dts.renamed"],
diff --git a/pvmfw/avb/Android.bp b/pvmfw/avb/Android.bp
index 6101a0c..3bb8354 100644
--- a/pvmfw/avb/Android.bp
+++ b/pvmfw/avb/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/pvmfw/avb/fuzz/Android.bp b/pvmfw/avb/fuzz/Android.bp
index e970eed..fe3af0f 100644
--- a/pvmfw/avb/fuzz/Android.bp
+++ b/pvmfw/avb/fuzz/Android.bp
@@ -13,6 +13,7 @@
 // limitations under the License.
 
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/pvmfw/src/fdt.rs b/pvmfw/src/fdt.rs
index 1e37572..ac52be9 100644
--- a/pvmfw/src/fdt.rs
+++ b/pvmfw/src/fdt.rs
@@ -40,12 +40,14 @@
 use log::error;
 use log::info;
 use log::warn;
+use static_assertions::const_assert;
 use tinyvec::ArrayVec;
 use vmbase::fdt::SwiotlbInfo;
 use vmbase::layout::{crosvm::MEM_START, MAX_VIRT_ADDR};
 use vmbase::memory::SIZE_4KB;
 use vmbase::util::flatten;
 use vmbase::util::RangeExt as _;
+use zerocopy::AsBytes as _;
 
 /// An enumeration of errors that can occur during the FDT validation.
 #[derive(Clone, Debug)]
@@ -163,39 +165,47 @@
 }
 
 fn patch_memory_range(fdt: &mut Fdt, memory_range: &Range<usize>) -> libfdt::Result<()> {
-    let size = memory_range.len() as u64;
+    let addr = u64::try_from(MEM_START).unwrap();
+    let size = u64::try_from(memory_range.len()).unwrap();
     fdt.node_mut(cstr!("/memory"))?
         .ok_or(FdtError::NotFound)?
-        .setprop_inplace(cstr!("reg"), flatten(&[MEM_START.to_be_bytes(), size.to_be_bytes()]))
+        .setprop_inplace(cstr!("reg"), [addr.to_be(), size.to_be()].as_bytes())
 }
 
-/// Read the number of CPUs from DT
-fn read_num_cpus_from(fdt: &Fdt) -> libfdt::Result<usize> {
-    Ok(fdt.compatible_nodes(cstr!("arm,arm-v8"))?.count())
-}
+#[derive(Debug, Default)]
+struct CpuInfo {}
 
-/// Validate number of CPUs
-fn validate_num_cpus(num_cpus: usize) -> Result<(), FdtValidationError> {
-    if num_cpus == 0 || DeviceTreeInfo::gic_patched_size(num_cpus).is_none() {
-        Err(FdtValidationError::InvalidCpuCount(num_cpus))
-    } else {
-        Ok(())
+fn read_cpu_info_from(fdt: &Fdt) -> libfdt::Result<ArrayVec<[CpuInfo; DeviceTreeInfo::MAX_CPUS]>> {
+    let mut cpus = ArrayVec::new();
+
+    let mut cpu_nodes = fdt.compatible_nodes(cstr!("arm,arm-v8"))?;
+    for _cpu in cpu_nodes.by_ref().take(cpus.capacity()) {
+        let info = CpuInfo {};
+        cpus.push(info);
     }
+    if cpu_nodes.next().is_some() {
+        warn!("DT has more than {} CPU nodes: discarding extra nodes.", cpus.capacity());
+    }
+
+    Ok(cpus)
 }
 
-/// Patch DT by keeping `num_cpus` number of arm,arm-v8 compatible nodes, and pruning the rest.
-fn patch_num_cpus(fdt: &mut Fdt, num_cpus: usize) -> libfdt::Result<()> {
-    let cpu = cstr!("arm,arm-v8");
-    let mut next = fdt.root_mut()?.next_compatible(cpu)?;
-    for _ in 0..num_cpus {
-        next = if let Some(current) = next {
-            current.next_compatible(cpu)?
-        } else {
-            return Err(FdtError::NoSpace);
-        };
+fn validate_cpu_info(cpus: &[CpuInfo]) -> Result<(), FdtValidationError> {
+    if cpus.is_empty() {
+        return Err(FdtValidationError::InvalidCpuCount(0));
+    }
+
+    Ok(())
+}
+
+fn patch_cpus(fdt: &mut Fdt, cpus: &[CpuInfo]) -> libfdt::Result<()> {
+    const COMPAT: &CStr = cstr!("arm,arm-v8");
+    let mut next = fdt.root_mut()?.next_compatible(COMPAT)?;
+    for _cpu in cpus {
+        next = next.ok_or(FdtError::NoSpace)?.next_compatible(COMPAT)?;
     }
     while let Some(current) = next {
-        next = current.delete_and_next_compatible(cpu)?;
+        next = current.delete_and_next_compatible(COMPAT)?;
     }
     Ok(())
 }
@@ -485,11 +495,17 @@
 }
 
 fn read_serial_info_from(fdt: &Fdt) -> libfdt::Result<SerialInfo> {
-    let mut addrs: ArrayVec<[u64; SerialInfo::MAX_SERIALS]> = Default::default();
-    for node in fdt.compatible_nodes(cstr!("ns16550a"))?.take(SerialInfo::MAX_SERIALS) {
+    let mut addrs = ArrayVec::new();
+
+    let mut serial_nodes = fdt.compatible_nodes(cstr!("ns16550a"))?;
+    for node in serial_nodes.by_ref().take(addrs.capacity()) {
         let reg = node.first_reg()?;
         addrs.push(reg.addr);
     }
+    if serial_nodes.next().is_some() {
+        warn!("DT has more than {} UART nodes: discarding extra nodes.", addrs.capacity());
+    }
+
     Ok(SerialInfo { addrs })
 }
 
@@ -570,7 +586,8 @@
     let mut range1 = ranges.next().ok_or(FdtError::NotFound)?;
 
     let addr = range0.addr;
-    // `validate_num_cpus()` checked that this wouldn't panic
+    // `read_cpu_info_from()` guarantees that we have at most MAX_CPUS.
+    const_assert!(DeviceTreeInfo::gic_patched_size(DeviceTreeInfo::MAX_CPUS).is_some());
     let size = u64::try_from(DeviceTreeInfo::gic_patched_size(num_cpus).unwrap()).unwrap();
 
     // range1 is just below range0
@@ -603,17 +620,11 @@
         *v = v.to_be();
     }
 
-    // SAFETY: array size is the same
-    let value = unsafe {
-        core::mem::transmute::<
-            [u32; NUM_INTERRUPTS * CELLS_PER_INTERRUPT],
-            [u8; NUM_INTERRUPTS * CELLS_PER_INTERRUPT * size_of::<u32>()],
-        >(value.into_inner())
-    };
+    let value = value.into_inner();
 
     let mut node =
         fdt.root_mut()?.next_compatible(cstr!("arm,armv8-timer"))?.ok_or(FdtError::NotFound)?;
-    node.setprop_inplace(cstr!("interrupts"), value.as_slice())
+    node.setprop_inplace(cstr!("interrupts"), value.as_bytes())
 }
 
 #[derive(Debug)]
@@ -622,7 +633,7 @@
     pub initrd_range: Option<Range<usize>>,
     pub memory_range: Range<usize>,
     bootargs: Option<CString>,
-    num_cpus: usize,
+    cpus: ArrayVec<[CpuInfo; DeviceTreeInfo::MAX_CPUS]>,
     pci_info: PciInfo,
     serial_info: SerialInfo,
     pub swiotlb_info: SwiotlbInfo,
@@ -631,7 +642,9 @@
 }
 
 impl DeviceTreeInfo {
-    fn gic_patched_size(num_cpus: usize) -> Option<usize> {
+    const MAX_CPUS: usize = 16;
+
+    const fn gic_patched_size(num_cpus: usize) -> Option<usize> {
         const GIC_REDIST_SIZE_PER_CPU: usize = 32 * SIZE_4KB;
 
         GIC_REDIST_SIZE_PER_CPU.checked_mul(num_cpus)
@@ -729,12 +742,12 @@
         RebootReason::InvalidFdt
     })?;
 
-    let num_cpus = read_num_cpus_from(fdt).map_err(|e| {
-        error!("Failed to read num cpus from DT: {e}");
+    let cpus = read_cpu_info_from(fdt).map_err(|e| {
+        error!("Failed to read CPU info from DT: {e}");
         RebootReason::InvalidFdt
     })?;
-    validate_num_cpus(num_cpus).map_err(|e| {
-        error!("Failed to validate num cpus from DT: {e}");
+    validate_cpu_info(&cpus).map_err(|e| {
+        error!("Failed to validate CPU info from DT: {e}");
         RebootReason::InvalidFdt
     })?;
 
@@ -782,7 +795,7 @@
         initrd_range,
         memory_range,
         bootargs,
-        num_cpus,
+        cpus,
         pci_info,
         serial_info,
         swiotlb_info,
@@ -808,7 +821,7 @@
             RebootReason::InvalidFdt
         })?;
     }
-    patch_num_cpus(fdt, info.num_cpus).map_err(|e| {
+    patch_cpus(fdt, &info.cpus).map_err(|e| {
         error!("Failed to patch cpus to DT: {e}");
         RebootReason::InvalidFdt
     })?;
@@ -824,11 +837,11 @@
         error!("Failed to patch swiotlb info to DT: {e}");
         RebootReason::InvalidFdt
     })?;
-    patch_gic(fdt, info.num_cpus).map_err(|e| {
+    patch_gic(fdt, info.cpus.len()).map_err(|e| {
         error!("Failed to patch gic info to DT: {e}");
         RebootReason::InvalidFdt
     })?;
-    patch_timer(fdt, info.num_cpus).map_err(|e| {
+    patch_timer(fdt, info.cpus.len()).map_err(|e| {
         error!("Failed to patch timer info to DT: {e}");
         RebootReason::InvalidFdt
     })?;
diff --git a/rialto/Android.bp b/rialto/Android.bp
index c102c89..d7aac35 100644
--- a/rialto/Android.bp
+++ b/rialto/Android.bp
@@ -133,11 +133,11 @@
         "libandroid_logger",
         "libanyhow",
         "libbssl_avf_nostd",
-        "libciborium",
         "libclient_vm_csr",
         "libcoset",
         "liblibc",
         "liblog_rust",
+        "libhwtrust",
         "libservice_vm_comm",
         "libservice_vm_fake_chain",
         "libservice_vm_manager",
diff --git a/rialto/src/main.rs b/rialto/src/main.rs
index e705562..ad9b776 100644
--- a/rialto/src/main.rs
+++ b/rialto/src/main.rs
@@ -37,7 +37,7 @@
 use hyp::{get_mem_sharer, get_mmio_guard};
 use libfdt::FdtError;
 use log::{debug, error, info};
-use service_vm_comm::{RequestProcessingError, Response, ServiceVmRequest, VmType};
+use service_vm_comm::{ServiceVmRequest, VmType};
 use service_vm_fake_chain::service_vm;
 use service_vm_requests::process_request;
 use virtio_drivers::{
@@ -177,15 +177,7 @@
 
     let mut vsock_stream = VsockStream::new(socket_device, host_addr())?;
     while let ServiceVmRequest::Process(req) = vsock_stream.read_request()? {
-        let mut response = process_request(req, bcc_handover.as_ref());
-        // TODO(b/185878400): We don't want to issue a certificate to pVM when the client VM
-        // attestation is unfinished. The following code should be removed once the
-        // verification is completed.
-        if vm_type() == VmType::ProtectedVm
-            && matches!(response, Response::RequestClientVmAttestation(_))
-        {
-            response = Response::Err(RequestProcessingError::OperationUnimplemented);
-        }
+        let response = process_request(req, bcc_handover.as_ref());
         vsock_stream.write_response(&response)?;
         vsock_stream.flush()?;
     }
diff --git a/rialto/tests/test.rs b/rialto/tests/test.rs
index c918db5..8899875 100644
--- a/rialto/tests/test.rs
+++ b/rialto/tests/test.rs
@@ -23,9 +23,9 @@
 };
 use anyhow::{bail, Context, Result};
 use bssl_avf::{sha256, EcKey, PKey};
-use ciborium::value::Value;
 use client_vm_csr::generate_attestation_key_and_csr;
 use coset::{CborSerializable, CoseMac0, CoseSign};
+use hwtrust::{rkp, session::Session};
 use log::info;
 use service_vm_comm::{
     ClientVmAttestationParams, Csr, CsrPayload, EcdsaP256KeyPair, GenerateCertificateRequestParams,
@@ -37,7 +37,6 @@
 use service_vm_manager::ServiceVm;
 use std::fs;
 use std::fs::File;
-use std::io;
 use std::panic;
 use std::path::PathBuf;
 use std::str::FromStr;
@@ -272,22 +271,16 @@
     Ok(())
 }
 
-/// TODO(b/300625792): Check the CSR with libhwtrust once the CSR is complete.
 fn check_csr(csr: Vec<u8>) -> Result<()> {
-    let mut reader = io::Cursor::new(csr);
-    let csr: Value = ciborium::from_reader(&mut reader)?;
-    match csr {
-        Value::Array(arr) => {
-            assert_eq!(4, arr.len());
-        }
-        _ => bail!("Incorrect CSR format: {csr:?}"),
-    }
+    let _csr = rkp::Csr::from_cbor(&Session::default(), &csr[..]).context("Failed to parse CSR")?;
     Ok(())
 }
 
 fn start_service_vm(vm_type: VmType) -> Result<ServiceVm> {
     android_logger::init_once(
-        android_logger::Config::default().with_tag("rialto").with_min_level(log::Level::Debug),
+        android_logger::Config::default()
+            .with_tag("rialto")
+            .with_max_level(log::LevelFilter::Debug),
     );
     // Redirect panic messages to logcat.
     panic::set_hook(Box::new(|panic_info| {
diff --git a/service_vm/client_vm_csr/Android.bp b/service_vm/client_vm_csr/Android.bp
index 8d738d8..e2ac573 100644
--- a/service_vm/client_vm_csr/Android.bp
+++ b/service_vm/client_vm_csr/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/service_vm/comm/Android.bp b/service_vm/comm/Android.bp
index bf923a4..23ff202 100644
--- a/service_vm/comm/Android.bp
+++ b/service_vm/comm/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/service_vm/test_apk/Android.bp b/service_vm/demo_apk/Android.bp
similarity index 63%
rename from service_vm/test_apk/Android.bp
rename to service_vm/demo_apk/Android.bp
index 4da3f81..5644819 100644
--- a/service_vm/test_apk/Android.bp
+++ b/service_vm/demo_apk/Android.bp
@@ -1,11 +1,12 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
 android_app {
-    name: "ServiceVmClientTestApp",
+    name: "VmAttestationDemoApp",
     installable: true,
-    jni_libs: ["libservice_vm_client"],
+    jni_libs: ["libvm_attestation_payload"],
     jni_uses_platform_apis: true,
     use_embedded_native_libs: true,
     sdk_version: "system_current",
@@ -14,8 +15,8 @@
 }
 
 rust_defaults {
-    name: "service_vm_client_defaults",
-    crate_name: "service_vm_client",
+    name: "vm_attestation_payload_defaults",
+    crate_name: "vm_attestation_payload",
     defaults: ["avf_build_flags_rust"],
     srcs: ["src/main.rs"],
     prefer_rlib: true,
@@ -28,6 +29,6 @@
 }
 
 rust_ffi {
-    name: "libservice_vm_client",
-    defaults: ["service_vm_client_defaults"],
+    name: "libvm_attestation_payload",
+    defaults: ["vm_attestation_payload_defaults"],
 }
diff --git a/service_vm/test_apk/AndroidManifest.xml b/service_vm/demo_apk/AndroidManifest.xml
similarity index 94%
rename from service_vm/test_apk/AndroidManifest.xml
rename to service_vm/demo_apk/AndroidManifest.xml
index b3598fc..228195d 100644
--- a/service_vm/test_apk/AndroidManifest.xml
+++ b/service_vm/demo_apk/AndroidManifest.xml
@@ -13,7 +13,7 @@
      limitations under the License.
 -->
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
-      package="com.android.virt.service_vm.client">
+      package="com.android.virt.vm_attestation.demo">
      <uses-permission android:name="android.permission.MANAGE_VIRTUAL_MACHINE" />
      <uses-permission android:name="android.permission.USE_CUSTOM_VIRTUAL_MACHINE" />
 
diff --git a/service_vm/demo_apk/README.md b/service_vm/demo_apk/README.md
new file mode 100644
index 0000000..551d47b
--- /dev/null
+++ b/service_vm/demo_apk/README.md
@@ -0,0 +1,53 @@
+# VmAttestationDemoApp
+
+## Overview
+
+The *VmAttestationDemoApp* is an Android application that provides a practical
+demonstration of how to interact with the VM Attestation APIs. This app focuses
+on the payload of the Android app and the payload performs two main tasks:
+requesting attestation and validating the attestation result.
+
+## Building
+
+To build the VmAttestationDemoApp, use the following command:
+
+```
+m VmAttestationDemoApp
+```
+
+## Installing
+
+To install the app on your device, execute the following command:
+
+```
+adb install $ANDROID_PRODUCT_OUT/system/app/VmAttestationDemoApp/VmAttestationDemoApp.apk
+```
+
+## Running
+
+Before running the app, make sure that the device has an internet connection and
+that the remote provisioning host is not empty. You can use the following
+command to check the remote provisioning host:
+
+```
+$ adb shell getprop remote_provisioning.hostname
+remoteprovisioning.googleapis.com
+```
+
+Once you have confirmed the remote provisioning host, you can run the app using
+the following command:
+
+```
+TEST_ROOT=/data/local/tmp/virt && adb shell /apex/com.android.virt/bin/vm run-app \
+  --config-path assets/config.json --debug full \
+  $(adb shell pm path com.android.virt.vm_attestation.demo | cut -c 9-) \
+  $TEST_ROOT/VmAttestationDemoApp.apk.idsig \
+  $TEST_ROOT/instance.vm_attestation.debug.img --protected
+```
+
+Please note that remote attestation is only available for protected VMs.
+Therefore, ensure that the VM is launched in protected mode using the
+`--protected` flag.
+
+If everything is set up correctly, you should be able to see the attestation
+result printed out in the VM logs.
diff --git a/service_vm/test_apk/assets/config.json b/service_vm/demo_apk/assets/config.json
similarity index 74%
rename from service_vm/test_apk/assets/config.json
rename to service_vm/demo_apk/assets/config.json
index 02749fe..1684696 100644
--- a/service_vm/test_apk/assets/config.json
+++ b/service_vm/demo_apk/assets/config.json
@@ -4,7 +4,7 @@
     },
     "task": {
       "type": "microdroid_launcher",
-      "command": "libservice_vm_client.so"
+      "command": "libvm_attestation_payload.so"
     },
     "export_tombstones": true
   }
\ No newline at end of file
diff --git a/service_vm/test_apk/src/main.rs b/service_vm/demo_apk/src/main.rs
similarity index 98%
rename from service_vm/test_apk/src/main.rs
rename to service_vm/demo_apk/src/main.rs
index ba65aca..0d1efb0 100644
--- a/service_vm/test_apk/src/main.rs
+++ b/service_vm/demo_apk/src/main.rs
@@ -36,7 +36,7 @@
     android_logger::init_once(
         android_logger::Config::default()
             .with_tag("service_vm_client")
-            .with_min_level(log::Level::Debug),
+            .with_max_level(log::LevelFilter::Debug),
     );
     // Redirect panic messages to logcat.
     panic::set_hook(Box::new(|panic_info| {
@@ -224,6 +224,6 @@
     // static string.
     let message = unsafe { AVmAttestationResult_resultToString(status) };
     // SAFETY: The pointer returned by `AVmAttestationResult_resultToString` is guaranteed to
-    // point to a valid C String.
+    // point to a valid C String that lives forever.
     unsafe { CStr::from_ptr(message) }
 }
diff --git a/service_vm/fake_chain/Android.bp b/service_vm/fake_chain/Android.bp
index 2bc7b4e..7735aac 100644
--- a/service_vm/fake_chain/Android.bp
+++ b/service_vm/fake_chain/Android.bp
@@ -13,6 +13,7 @@
 // limitations under the License.
 
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/service_vm/kernel/Android.bp b/service_vm/kernel/Android.bp
index 79158e6..3817495 100644
--- a/service_vm/kernel/Android.bp
+++ b/service_vm/kernel/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/service_vm/manager/Android.bp b/service_vm/manager/Android.bp
index 6469212..6e186a5 100644
--- a/service_vm/manager/Android.bp
+++ b/service_vm/manager/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/service_vm/requests/Android.bp b/service_vm/requests/Android.bp
index 57da012..5a49207 100644
--- a/service_vm/requests/Android.bp
+++ b/service_vm/requests/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/service_vm/requests/src/rkp.rs b/service_vm/requests/src/rkp.rs
index 9901a92..569ab01 100644
--- a/service_vm/requests/src/rkp.rs
+++ b/service_vm/requests/src/rkp.rs
@@ -76,13 +76,10 @@
         public_keys.push(public_key.to_cbor_value()?);
     }
     // Builds `CsrPayload`.
-    // TODO(b/299256925): The device information is currently empty as we do not
-    // have sufficient details to include.
-    let device_info = Value::Map(Vec::new());
     let csr_payload = cbor!([
         Value::Integer(CSR_PAYLOAD_SCHEMA_V3.into()),
         Value::Text(String::from(CERTIFICATE_TYPE)),
-        device_info,
+        device_info(),
         Value::Array(public_keys),
     ])?;
     let csr_payload = cbor_util::serialize(&csr_payload)?;
@@ -107,6 +104,22 @@
     Ok(cbor_util::serialize(&auth_req)?)
 }
 
+/// Generates the device info required by the RKP server as a temporary placeholder.
+/// More details in b/301592917.
+fn device_info() -> Value {
+    cbor!({"brand" => "aosp-avf",
+    "manufacturer" => "aosp-avf",
+    "product" => "avf",
+    "model" => "avf",
+    "device" => "avf",
+    "vbmeta_digest" => Value::Bytes(vec![0u8; 0]),
+    "system_patch_level" => 202402,
+    "boot_patch_level" => 20240202,
+    "vendor_patch_level" => 20240202,
+    "fused" => 1})
+    .unwrap()
+}
+
 fn derive_hmac_key(dice_artifacts: &dyn DiceArtifacts) -> Result<Zeroizing<[u8; HMAC_KEY_LENGTH]>> {
     let mut key = Zeroizing::new([0u8; HMAC_KEY_LENGTH]);
     kdf(dice_artifacts.cdi_seal(), &HMAC_KEY_SALT, HMAC_KEY_INFO, key.as_mut()).map_err(|e| {
diff --git a/tests/benchmark/Android.bp b/tests/benchmark/Android.bp
index 31fe0f6..c31c929 100644
--- a/tests/benchmark/Android.bp
+++ b/tests/benchmark/Android.bp
@@ -34,6 +34,7 @@
 
 cc_library_shared {
     name: "MicrodroidBenchmarkNativeLib",
+    defaults: ["avf_build_flags_cc"],
     srcs: ["src/native/*.cpp"],
     local_include_dirs: ["src/native/include"],
     static_libs: [
diff --git a/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java b/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java
index b9faa85..e9c84fb 100644
--- a/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java
+++ b/tests/benchmark/src/java/com/android/microdroid/benchmark/MicrodroidBenchmarks.java
@@ -49,6 +49,7 @@
 
 import org.junit.After;
 import org.junit.Before;
+import org.junit.Ignore;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.Timeout;
@@ -276,6 +277,10 @@
                 (builder) -> builder);
     }
 
+    // TODO(b/323768068): Enable this test when we can inject vendor digest for test purpose.
+    // After introducing VM reference DT, non-pVM cannot trust test_microdroid_vendor_image.img
+    // as well, because it doesn't pass the hashtree digest of testing image into VM.
+    @Ignore
     @Test
     public void testMicrodroidDebugBootTime_withVendorPartition() throws Exception {
         assume().withMessage("Cuttlefish doesn't support device tree under" + " /proc/device-tree")
@@ -286,11 +291,6 @@
         assume().withMessage("Boot with vendor partition is failing in HWASAN enabled Microdroid.")
                 .that(isHwasan())
                 .isFalse();
-        assume().withMessage(
-                        "Skip test for protected VM, pvmfw config data doesn't contain any"
-                                + " information of test images, such as root digest.")
-                .that(mProtectedVm)
-                .isFalse();
         assumeFeatureEnabled(VirtualMachineManager.FEATURE_VENDOR_MODULES);
 
         File vendorDiskImage =
diff --git a/tests/benchmark/src/jni/Android.bp b/tests/benchmark/src/jni/Android.bp
index c2e1b7c..06de3e5 100644
--- a/tests/benchmark/src/jni/Android.bp
+++ b/tests/benchmark/src/jni/Android.bp
@@ -5,6 +5,7 @@
 
 cc_library_shared {
     name: "libiovsock_host_jni",
+    defaults: ["avf_build_flags_cc"],
     srcs: ["io_vsock_host_jni.cpp"],
     header_libs: ["jni_headers"],
     shared_libs: ["libbase"],
diff --git a/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java b/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java
index 7a5d69b..2cd4577 100644
--- a/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java
+++ b/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java
@@ -90,7 +90,7 @@
     private static final String SHELL_PACKAGE_NAME = "com.android.shell";
     private static final String VIRT_APEX = "/apex/com.android.virt/";
 
-    private static final int MIN_MEM_ARM64 = 160;
+    private static final int MIN_MEM_ARM64 = 170;
     private static final int MIN_MEM_X86_64 = 196;
 
     private static final int BOOT_COMPLETE_TIMEOUT = 30000; // 30 seconds
diff --git a/tests/testapk/Android.bp b/tests/testapk/Android.bp
index 10bbfb4..86172b0 100644
--- a/tests/testapk/Android.bp
+++ b/tests/testapk/Android.bp
@@ -68,6 +68,7 @@
 // (MicrodroidTestApp) can start a payload defined in the another app (MicrodroidVmShareApp).
 cc_defaults {
     name: "MicrodroidTestNativeLibDefaults",
+    defaults: ["avf_build_flags_cc"],
     srcs: ["src/native/testbinary.cpp"],
     stl: "libc++_static",
     header_libs: ["vm_payload_restricted_headers"],
@@ -99,12 +100,14 @@
 
 cc_library_shared {
     name: "MicrodroidTestNativeLibSub",
+    defaults: ["avf_build_flags_cc"],
     srcs: ["src/native/testlib.cpp"],
     stl: "libc++_static",
 }
 
 cc_library_shared {
     name: "MicrodroidIdleNativeLib",
+    defaults: ["avf_build_flags_cc"],
     srcs: ["src/native/idlebinary.cpp"],
     header_libs: ["vm_payload_headers"],
     stl: "libc++_static",
@@ -113,6 +116,7 @@
 // An empty payload missing AVmPayload_main
 cc_library_shared {
     name: "MicrodroidEmptyNativeLib",
+    defaults: ["avf_build_flags_cc"],
     srcs: ["src/native/emptybinary.cpp"],
     stl: "none",
 }
@@ -120,6 +124,7 @@
 // A payload that exits immediately on start
 cc_library_shared {
     name: "MicrodroidExitNativeLib",
+    defaults: ["avf_build_flags_cc"],
     srcs: ["src/native/exitbinary.cpp"],
     header_libs: ["vm_payload_headers"],
     stl: "libc++_static",
@@ -128,6 +133,7 @@
 // A payload which tries to link against libselinux, one of private libraries
 cc_library_shared {
     name: "MicrodroidPrivateLinkingNativeLib",
+    defaults: ["avf_build_flags_cc"],
     srcs: ["src/native/idlebinary.cpp"],
     header_libs: ["vm_payload_headers"],
     // HACK: linking against "libselinux" will embed libselinux.so into the apk
@@ -139,6 +145,7 @@
 // A payload that crashes immediately on start
 cc_library_shared {
     name: "MicrodroidCrashNativeLib",
+    defaults: ["avf_build_flags_cc"],
     srcs: ["src/native/crashbinary.cpp"],
     header_libs: ["vm_payload_headers"],
     stl: "libc++_static",
diff --git a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
index df6280d..1dd0309 100644
--- a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
+++ b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
@@ -142,7 +142,6 @@
 
     @Before
     public void setup() {
-        grantPermission(VirtualMachine.MANAGE_VIRTUAL_MACHINE_PERMISSION);
         prepareTestSetup(mProtectedVm, mGki);
         // USE_CUSTOM_VIRTUAL_MACHINE permission has protection level signature|development, meaning
         // that it will be automatically granted when test apk is installed. We have some tests
@@ -155,13 +154,12 @@
 
     @After
     public void tearDown() {
-        revokePermission(VirtualMachine.MANAGE_VIRTUAL_MACHINE_PERMISSION);
         revokePermission(VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION);
     }
 
     private static final long ONE_MEBI = 1024 * 1024;
 
-    private static final long MIN_MEM_ARM64 = 160 * ONE_MEBI;
+    private static final long MIN_MEM_ARM64 = 170 * ONE_MEBI;
     private static final long MIN_MEM_X86_64 = 196 * ONE_MEBI;
     private static final String EXAMPLE_STRING = "Literally any string!! :)";
 
@@ -229,32 +227,6 @@
         testResults.assertNoException();
         assertThat(testResults.mAddInteger).isEqualTo(37 + 73);
     }
-
-    @Test
-    @CddTest(
-            requirements = {
-                "9.17/C-1-1",
-                "9.17/C-1-2",
-                "9.17/C-1-4",
-            })
-    public void createVmRequiresPermission() {
-        assumeSupportedDevice();
-
-        revokePermission(VirtualMachine.MANAGE_VIRTUAL_MACHINE_PERMISSION);
-
-        VirtualMachineConfig config =
-                newVmConfigBuilderWithPayloadBinary("MicrodroidTestNativeLib.so")
-                        .setMemoryBytes(minMemoryRequired())
-                        .build();
-
-        SecurityException e =
-                assertThrows(
-                        SecurityException.class,
-                        () -> forceCreateNewVirtualMachine("test_vm_requires_permission", config));
-        assertThat(e).hasMessageThat()
-                .contains("android.permission.MANAGE_VIRTUAL_MACHINE permission");
-    }
-
     @Test
     @CddTest(requirements = {"9.17/C-1-1"})
     public void autoCloseVm() throws Exception {
@@ -481,29 +453,32 @@
         // Minimal has as little as specified as possible; everything that can be is defaulted.
         VirtualMachineConfig.Builder minimalBuilder =
                 new VirtualMachineConfig.Builder(getContext())
-                        .setPayloadBinaryName("binary.so")
+                        .setPayloadConfigPath("config/path")
                         .setProtectedVm(isProtectedVm());
         VirtualMachineConfig minimal = minimalBuilder.build();
 
         assertThat(minimal.getApkPath()).isNull();
+        assertThat(minimal.getExtraApks()).isEmpty();
         assertThat(minimal.getDebugLevel()).isEqualTo(DEBUG_LEVEL_NONE);
         assertThat(minimal.getMemoryBytes()).isEqualTo(0);
         assertThat(minimal.getCpuTopology()).isEqualTo(CPU_TOPOLOGY_ONE_CPU);
-        assertThat(minimal.getPayloadBinaryName()).isEqualTo("binary.so");
-        assertThat(minimal.getPayloadConfigPath()).isNull();
+        assertThat(minimal.getPayloadBinaryName()).isNull();
+        assertThat(minimal.getPayloadConfigPath()).isEqualTo("config/path");
         assertThat(minimal.isProtectedVm()).isEqualTo(isProtectedVm());
         assertThat(minimal.isEncryptedStorageEnabled()).isFalse();
         assertThat(minimal.getEncryptedStorageBytes()).isEqualTo(0);
         assertThat(minimal.isVmOutputCaptured()).isEqualTo(false);
-        assertThat(minimal.getOs()).isEqualTo("microdroid");
+        assertThat(minimal.getOs()).isNull();
 
         // Maximal has everything that can be set to some non-default value. (And has different
         // values than minimal for the required fields.)
         VirtualMachineConfig.Builder maximalBuilder =
                 new VirtualMachineConfig.Builder(getContext())
                         .setProtectedVm(mProtectedVm)
-                        .setPayloadConfigPath("config/path")
+                        .setPayloadBinaryName("binary.so")
                         .setApkPath("/apk/path")
+                        .addExtraApk("package.name1:split")
+                        .addExtraApk("package.name2")
                         .setDebugLevel(DEBUG_LEVEL_FULL)
                         .setMemoryBytes(42)
                         .setCpuTopology(CPU_TOPOLOGY_MATCH_HOST)
@@ -512,25 +487,28 @@
         VirtualMachineConfig maximal = maximalBuilder.build();
 
         assertThat(maximal.getApkPath()).isEqualTo("/apk/path");
+        assertThat(maximal.getExtraApks())
+                .containsExactly("package.name1:split", "package.name2")
+                .inOrder();
         assertThat(maximal.getDebugLevel()).isEqualTo(DEBUG_LEVEL_FULL);
         assertThat(maximal.getMemoryBytes()).isEqualTo(42);
         assertThat(maximal.getCpuTopology()).isEqualTo(CPU_TOPOLOGY_MATCH_HOST);
-        assertThat(maximal.getPayloadBinaryName()).isNull();
-        assertThat(maximal.getPayloadConfigPath()).isEqualTo("config/path");
+        assertThat(maximal.getPayloadBinaryName()).isEqualTo("binary.so");
+        assertThat(maximal.getPayloadConfigPath()).isNull();
         assertThat(maximal.isProtectedVm()).isEqualTo(isProtectedVm());
         assertThat(maximal.isEncryptedStorageEnabled()).isTrue();
         assertThat(maximal.getEncryptedStorageBytes()).isEqualTo(1_000_000);
         assertThat(maximal.isVmOutputCaptured()).isEqualTo(true);
-        assertThat(maximal.getOs()).isNull();
+        assertThat(maximal.getOs()).isEqualTo("microdroid");
 
         assertThat(minimal.isCompatibleWith(maximal)).isFalse();
         assertThat(minimal.isCompatibleWith(minimal)).isTrue();
         assertThat(maximal.isCompatibleWith(maximal)).isTrue();
 
-        VirtualMachineConfig os = minimalBuilder.setOs("microdroid_gki-android14-6.1").build();
+        VirtualMachineConfig os = maximalBuilder.setOs("microdroid_gki-android14-6.1").build();
         assertThat(os.getPayloadBinaryName()).isEqualTo("binary.so");
         assertThat(os.getOs()).isEqualTo("microdroid_gki-android14-6.1");
-        assertThat(os.isCompatibleWith(minimal)).isFalse();
+        assertThat(os.isCompatibleWith(maximal)).isFalse();
     }
 
     @Test
@@ -542,6 +520,7 @@
         // All your null are belong to me.
         assertThrows(NullPointerException.class, () -> new VirtualMachineConfig.Builder(null));
         assertThrows(NullPointerException.class, () -> builder.setApkPath(null));
+        assertThrows(NullPointerException.class, () -> builder.addExtraApk(null));
         assertThrows(NullPointerException.class, () -> builder.setPayloadConfigPath(null));
         assertThrows(NullPointerException.class, () -> builder.setPayloadBinaryName(null));
         assertThrows(NullPointerException.class, () -> builder.setVendorDiskImage(null));
@@ -607,6 +586,7 @@
                 .isTrue();
 
         // Changes that must be incompatible, since they must change the VM identity.
+        assertConfigCompatible(baseline, newBaselineBuilder().addExtraApk("foo")).isFalse();
         assertConfigCompatible(baseline, newBaselineBuilder().setDebugLevel(DEBUG_LEVEL_FULL))
                 .isFalse();
         assertConfigCompatible(baseline, newBaselineBuilder().setPayloadBinaryName("different"))
@@ -931,7 +911,34 @@
                         vm,
                         (ts, tr) -> {
                             tr.mExtraApkTestProp =
-                                    ts.readProperty("debug.microdroid.test.extra_apk");
+                                    ts.readProperty(
+                                            "debug.microdroid.test.extra_apk_build_manifest");
+                        });
+        assertThat(testResults.mExtraApkTestProp).isEqualTo("PASS");
+    }
+
+    @Test
+    @CddTest(requirements = {"9.17/C-1-1", "9.17/C-2-1"})
+    public void extraApkInVmConfig() throws Exception {
+        assumeSupportedDevice();
+        assumeFeatureEnabled(VirtualMachineManager.FEATURE_MULTI_TENANT);
+
+        grantPermission(VirtualMachine.USE_CUSTOM_VIRTUAL_MACHINE_PERMISSION);
+        VirtualMachineConfig config =
+                newVmConfigBuilderWithPayloadBinary("MicrodroidTestNativeLib.so")
+                        .setMemoryBytes(minMemoryRequired())
+                        .setDebugLevel(DEBUG_LEVEL_FULL)
+                        .addExtraApk(VM_SHARE_APP_PACKAGE_NAME)
+                        .build();
+        VirtualMachine vm = forceCreateNewVirtualMachine("test_vm_extra_apk", config);
+
+        TestResults testResults =
+                runVmTestService(
+                        TAG,
+                        vm,
+                        (ts, tr) -> {
+                            tr.mExtraApkTestProp =
+                                    ts.readProperty("debug.microdroid.test.extra_apk_vm_share");
                         });
         assertThat(testResults.mExtraApkTestProp).isEqualTo("PASS");
     }
@@ -1159,18 +1166,6 @@
         assertThrows(Exception.class, () -> launchVmAndGetCdis("test_vm"));
     }
 
-    @Test
-    public void isFeatureEnabled_requiresManagePermission() throws Exception {
-        revokePermission(VirtualMachine.MANAGE_VIRTUAL_MACHINE_PERMISSION);
-
-        VirtualMachineManager vmm = getVirtualMachineManager();
-        SecurityException e =
-                assertThrows(SecurityException.class, () -> vmm.isFeatureEnabled("whatever"));
-        assertThat(e)
-                .hasMessageThat()
-                .contains("android.permission.MANAGE_VIRTUAL_MACHINE permission");
-    }
-
     private static final UUID MICRODROID_PARTITION_UUID =
             UUID.fromString("cf9afe9a-0662-11ec-a329-c32663a09d75");
     private static final UUID PVM_FW_PARTITION_UUID =
@@ -2133,7 +2128,7 @@
                 .contains("android.permission.USE_CUSTOM_VIRTUAL_MACHINE permission");
     }
 
-    // TODO(b/323768068): Enable this test when we can inject vendor hashkey for test purpose.
+    // TODO(b/323768068): Enable this test when we can inject vendor digest for test purpose.
     // After introducing VM reference DT, non-pVM cannot trust test_microdroid_vendor_image.img
     // as well, because it doesn't pass the hashtree digest of testing image into VM.
     @Ignore
diff --git a/tests/testapk/src/native/testbinary.cpp b/tests/testapk/src/native/testbinary.cpp
index c9b5e3a..1a75102 100644
--- a/tests/testapk/src/native/testbinary.cpp
+++ b/tests/testapk/src/native/testbinary.cpp
@@ -349,7 +349,7 @@
     return {};
 }
 
-Result<void> verify_apk() {
+Result<void> verify_build_manifest() {
     const char* path = "/mnt/extra-apk/0/assets/build_manifest.pb";
 
     std::string str;
@@ -364,6 +364,17 @@
     return {};
 }
 
+Result<void> verify_vm_share() {
+    const char* path = "/mnt/extra-apk/0/assets/vmshareapp.txt";
+
+    std::string str;
+    if (!android::base::ReadFileToString(path, &str)) {
+        return ErrnoError() << "failed to read vmshareapp.txt";
+    }
+
+    return {};
+}
+
 } // Anonymous namespace
 
 extern "C" int AVmPayload_main() {
@@ -372,8 +383,10 @@
     // Make sure we can call into other shared libraries.
     testlib_sub();
 
-    // Extra apks may be missing; this is not a fatal error
-    report_test("extra_apk", verify_apk());
+    // Report various things that aren't always fatal - these are checked in MicrodroidTests as
+    // appropriate.
+    report_test("extra_apk_build_manifest", verify_build_manifest());
+    report_test("extra_apk_vm_share", verify_vm_share());
 
     __system_property_set("debug.microdroid.app.run", "true");
 
diff --git a/tests/vmshareapp/assets/vmshareapp.txt b/tests/vmshareapp/assets/vmshareapp.txt
new file mode 100644
index 0000000..02fdd71
--- /dev/null
+++ b/tests/vmshareapp/assets/vmshareapp.txt
@@ -0,0 +1 @@
+Marker file for the vmshareapp APK
diff --git a/virtualizationmanager/Android.bp b/virtualizationmanager/Android.bp
index 48b5cd1..39d296f 100644
--- a/virtualizationmanager/Android.bp
+++ b/virtualizationmanager/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/virtualizationmanager/fsfdt/Android.bp b/virtualizationmanager/fsfdt/Android.bp
index 3a42bf3..7199485 100644
--- a/virtualizationmanager/fsfdt/Android.bp
+++ b/virtualizationmanager/fsfdt/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
@@ -17,8 +18,8 @@
     ],
 }
 
-rust_library_rlib {
-    name: "libfsfdt",
+rust_defaults {
+    name: "libfsfdt_default",
     crate_name: "fsfdt",
     defaults: ["avf_build_flags_rust"],
     edition: "2021",
@@ -30,3 +31,17 @@
     ],
     apex_available: ["com.android.virt"],
 }
+
+rust_library_rlib {
+    name: "libfsfdt",
+    defaults: ["libfsfdt_default"],
+}
+
+rust_test {
+    name: "libfsfdt_test",
+    defaults: ["libfsfdt_default"],
+    data: ["testdata/**/*"],
+    data_bins: ["dtc_static"],
+    rustlibs: ["libtempfile"],
+    compile_multilib: "first",
+}
diff --git a/virtualizationmanager/fsfdt/src/lib.rs b/virtualizationmanager/fsfdt/src/lib.rs
index a2ca519..549df04 100644
--- a/virtualizationmanager/fsfdt/src/lib.rs
+++ b/virtualizationmanager/fsfdt/src/lib.rs
@@ -98,3 +98,56 @@
         Ok(())
     }
 }
+
+#[cfg(test)]
+mod test {
+    use super::*;
+    use std::io::Write;
+    use std::process::Command;
+    use tempfile::NamedTempFile;
+
+    const TEST_FS_FDT_ROOT_PATH: &str = "testdata/fs";
+    const BUF_SIZE_MAX: usize = 1024;
+
+    fn dts_from_fs(path: &Path) -> String {
+        let path = path.to_str().unwrap();
+        let res = Command::new("./dtc_static")
+            .args(["-f", "-s", "-I", "fs", "-O", "dts", path])
+            .output()
+            .unwrap();
+        assert!(res.status.success(), "{res:?}");
+        String::from_utf8(res.stdout).unwrap()
+    }
+
+    fn dts_from_dtb(path: &Path) -> String {
+        let path = path.to_str().unwrap();
+        let res = Command::new("./dtc_static")
+            .args(["-f", "-s", "-I", "dtb", "-O", "dts", path])
+            .output()
+            .unwrap();
+        assert!(res.status.success(), "{res:?}");
+        String::from_utf8(res.stdout).unwrap()
+    }
+
+    fn to_temp_file(fdt: &Fdt) -> Result<NamedTempFile> {
+        let mut file = NamedTempFile::new()?;
+        file.as_file_mut().write_all(fdt.as_slice())?;
+        file.as_file_mut().sync_all()?;
+
+        Ok(file)
+    }
+
+    #[test]
+    fn test_from_fs() {
+        let fs_path = Path::new(TEST_FS_FDT_ROOT_PATH);
+
+        let mut data = vec![0_u8; BUF_SIZE_MAX];
+        let fdt = Fdt::from_fs(fs_path, &mut data).unwrap();
+        let file = to_temp_file(fdt).unwrap();
+
+        let expected = dts_from_fs(fs_path);
+        let actual = dts_from_dtb(file.path());
+
+        assert_eq!(&expected, &actual);
+    }
+}
diff --git a/virtualizationmanager/fsfdt/testdata/fs/avf/reference/oem/stub b/virtualizationmanager/fsfdt/testdata/fs/avf/reference/oem/stub
new file mode 100644
index 0000000..2e73f18
--- /dev/null
+++ b/virtualizationmanager/fsfdt/testdata/fs/avf/reference/oem/stub
Binary files differ
diff --git a/virtualizationmanager/fsfdt/testdata/fs/avf/reference/vendor/empty b/virtualizationmanager/fsfdt/testdata/fs/avf/reference/vendor/empty
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/virtualizationmanager/fsfdt/testdata/fs/avf/reference/vendor/empty
diff --git a/virtualizationmanager/fsfdt/testdata/fs/avf/reference/vendor/vendor_extra_node/flag b/virtualizationmanager/fsfdt/testdata/fs/avf/reference/vendor/vendor_extra_node/flag
new file mode 100644
index 0000000..accba00
--- /dev/null
+++ b/virtualizationmanager/fsfdt/testdata/fs/avf/reference/vendor/vendor_extra_node/flag
Binary files differ
diff --git a/virtualizationmanager/fsfdt/testdata/fs/avf/reference/vendor_hashtree_descriptor_root_digest b/virtualizationmanager/fsfdt/testdata/fs/avf/reference/vendor_hashtree_descriptor_root_digest
new file mode 100644
index 0000000..e901bb1
--- /dev/null
+++ b/virtualizationmanager/fsfdt/testdata/fs/avf/reference/vendor_hashtree_descriptor_root_digest
Binary files differ
diff --git a/virtualizationmanager/fsfdt/testdata/fs/avf/reference/vendor_image_key b/virtualizationmanager/fsfdt/testdata/fs/avf/reference/vendor_image_key
new file mode 100644
index 0000000..4d02944
--- /dev/null
+++ b/virtualizationmanager/fsfdt/testdata/fs/avf/reference/vendor_image_key
Binary files differ
diff --git a/virtualizationmanager/src/aidl.rs b/virtualizationmanager/src/aidl.rs
index 602c670..771863b 100644
--- a/virtualizationmanager/src/aidl.rs
+++ b/virtualizationmanager/src/aidl.rs
@@ -1410,6 +1410,70 @@
     }
 }
 
+struct SecretkeeperProxy(Strong<dyn ISecretkeeper>);
+
+impl Interface for SecretkeeperProxy {}
+
+impl ISecretkeeper for SecretkeeperProxy {
+    fn processSecretManagementRequest(&self, req: &[u8]) -> binder::Result<Vec<u8>> {
+        // Pass the request to the channel, and read the response.
+        self.0.processSecretManagementRequest(req)
+    }
+
+    fn getAuthGraphKe(&self) -> binder::Result<Strong<dyn IAuthGraphKeyExchange>> {
+        let ag = AuthGraphKeyExchangeProxy(self.0.getAuthGraphKe()?);
+        Ok(BnAuthGraphKeyExchange::new_binder(ag, BinderFeatures::default()))
+    }
+
+    fn deleteIds(&self, ids: &[SecretId]) -> binder::Result<()> {
+        self.0.deleteIds(ids)
+    }
+
+    fn deleteAll(&self) -> binder::Result<()> {
+        self.0.deleteAll()
+    }
+}
+
+struct AuthGraphKeyExchangeProxy(Strong<dyn IAuthGraphKeyExchange>);
+
+impl Interface for AuthGraphKeyExchangeProxy {}
+
+impl IAuthGraphKeyExchange for AuthGraphKeyExchangeProxy {
+    fn create(&self) -> binder::Result<SessionInitiationInfo> {
+        self.0.create()
+    }
+
+    fn init(
+        &self,
+        peer_pub_key: &PubKey,
+        peer_id: &Identity,
+        peer_nonce: &[u8],
+        peer_version: i32,
+    ) -> binder::Result<KeInitResult> {
+        self.0.init(peer_pub_key, peer_id, peer_nonce, peer_version)
+    }
+
+    fn finish(
+        &self,
+        peer_pub_key: &PubKey,
+        peer_id: &Identity,
+        peer_signature: &SessionIdSignature,
+        peer_nonce: &[u8],
+        peer_version: i32,
+        own_key: &Key,
+    ) -> binder::Result<SessionInfo> {
+        self.0.finish(peer_pub_key, peer_id, peer_signature, peer_nonce, peer_version, own_key)
+    }
+
+    fn authenticationComplete(
+        &self,
+        peer_signature: &SessionIdSignature,
+        shared_keys: &[AuthgraphArc; 2],
+    ) -> binder::Result<[AuthgraphArc; 2]> {
+        self.0.authenticationComplete(peer_signature, shared_keys)
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -1626,67 +1690,3 @@
         Ok(())
     }
 }
-
-struct SecretkeeperProxy(Strong<dyn ISecretkeeper>);
-
-impl Interface for SecretkeeperProxy {}
-
-impl ISecretkeeper for SecretkeeperProxy {
-    fn processSecretManagementRequest(&self, req: &[u8]) -> binder::Result<Vec<u8>> {
-        // Pass the request to the channel, and read the response.
-        self.0.processSecretManagementRequest(req)
-    }
-
-    fn getAuthGraphKe(&self) -> binder::Result<Strong<dyn IAuthGraphKeyExchange>> {
-        let ag = AuthGraphKeyExchangeProxy(self.0.getAuthGraphKe()?);
-        Ok(BnAuthGraphKeyExchange::new_binder(ag, BinderFeatures::default()))
-    }
-
-    fn deleteIds(&self, ids: &[SecretId]) -> binder::Result<()> {
-        self.0.deleteIds(ids)
-    }
-
-    fn deleteAll(&self) -> binder::Result<()> {
-        self.0.deleteAll()
-    }
-}
-
-struct AuthGraphKeyExchangeProxy(Strong<dyn IAuthGraphKeyExchange>);
-
-impl Interface for AuthGraphKeyExchangeProxy {}
-
-impl IAuthGraphKeyExchange for AuthGraphKeyExchangeProxy {
-    fn create(&self) -> binder::Result<SessionInitiationInfo> {
-        self.0.create()
-    }
-
-    fn init(
-        &self,
-        peer_pub_key: &PubKey,
-        peer_id: &Identity,
-        peer_nonce: &[u8],
-        peer_version: i32,
-    ) -> binder::Result<KeInitResult> {
-        self.0.init(peer_pub_key, peer_id, peer_nonce, peer_version)
-    }
-
-    fn finish(
-        &self,
-        peer_pub_key: &PubKey,
-        peer_id: &Identity,
-        peer_signature: &SessionIdSignature,
-        peer_nonce: &[u8],
-        peer_version: i32,
-        own_key: &Key,
-    ) -> binder::Result<SessionInfo> {
-        self.0.finish(peer_pub_key, peer_id, peer_signature, peer_nonce, peer_version, own_key)
-    }
-
-    fn authenticationComplete(
-        &self,
-        peer_signature: &SessionIdSignature,
-        shared_keys: &[AuthgraphArc; 2],
-    ) -> binder::Result<[AuthgraphArc; 2]> {
-        self.0.authenticationComplete(peer_signature, shared_keys)
-    }
-}
diff --git a/virtualizationservice/Android.bp b/virtualizationservice/Android.bp
index e0bb97f..71d9d4b 100644
--- a/virtualizationservice/Android.bp
+++ b/virtualizationservice/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/virtualizationservice/aidl/Android.bp b/virtualizationservice/aidl/Android.bp
index 8ca375a..7c9c4f7 100644
--- a/virtualizationservice/aidl/Android.bp
+++ b/virtualizationservice/aidl/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/virtualizationservice/vfio_handler/Android.bp b/virtualizationservice/vfio_handler/Android.bp
index 66fc2ee..b9d495b 100644
--- a/virtualizationservice/vfio_handler/Android.bp
+++ b/virtualizationservice/vfio_handler/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/vm/Android.bp b/vm/Android.bp
index 04aff5e..ff1b788 100644
--- a/vm/Android.bp
+++ b/vm/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
diff --git a/vm_payload/Android.bp b/vm_payload/Android.bp
index 286612c..a745fd6 100644
--- a/vm_payload/Android.bp
+++ b/vm_payload/Android.bp
@@ -53,7 +53,7 @@
     ],
     visibility: [
         "//packages/modules/Virtualization/compos",
-        "//packages/modules/Virtualization/service_vm/test_apk",
+        "//packages/modules/Virtualization/service_vm:__subpackages__",
     ],
     shared_libs: [
         "libvm_payload#current",
@@ -63,6 +63,7 @@
 // Shared library for clients to link against.
 cc_library_shared {
     name: "libvm_payload",
+    defaults: ["avf_build_flags_cc"],
     shared_libs: [
         "libbinder_ndk",
         "libbinder_rpc_unstable",
@@ -84,6 +85,7 @@
 // declaration of AVmPayload_main().
 cc_library_headers {
     name: "vm_payload_headers",
+    defaults: ["avf_build_flags_cc"],
     apex_available: ["com.android.compos"],
     export_include_dirs: ["include"],
 }
@@ -91,6 +93,7 @@
 // Restricted headers for use by internal clients & associated tests.
 cc_library_headers {
     name: "vm_payload_restricted_headers",
+    defaults: ["avf_build_flags_cc"],
     header_libs: ["vm_payload_headers"],
     export_header_lib_headers: ["vm_payload_headers"],
     export_include_dirs: ["include-restricted"],
diff --git a/vm_payload/src/api.rs b/vm_payload/src/api.rs
deleted file mode 100644
index 7978059..0000000
--- a/vm_payload/src/api.rs
+++ /dev/null
@@ -1,509 +0,0 @@
-// Copyright 2022, The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-//! This module handles the interaction with virtual machine payload service.
-
-use android_system_virtualization_payload::aidl::android::system::virtualization::payload:: IVmPayloadService::{
-    IVmPayloadService, ENCRYPTEDSTORE_MOUNTPOINT, VM_APK_CONTENTS_PATH,
-    VM_PAYLOAD_SERVICE_SOCKET_NAME, AttestationResult::AttestationResult,
-};
-use anyhow::{bail, ensure, Context, Result};
-use binder::{
-    unstable_api::{new_spibinder, AIBinder},
-    Strong, ExceptionCode,
-};
-use lazy_static::lazy_static;
-use log::{error, info, LevelFilter};
-use rpcbinder::{RpcServer, RpcSession};
-use openssl::{ec::EcKey, sha::sha256, ecdsa::EcdsaSig};
-use std::convert::Infallible;
-use std::ffi::{CString, CStr};
-use std::fmt::Debug;
-use std::os::raw::{c_char, c_void};
-use std::path::Path;
-use std::ptr::{self, NonNull};
-use std::sync::{
-    atomic::{AtomicBool, Ordering},
-    Mutex,
-};
-use vm_payload_status_bindgen::attestation_status_t;
-
-lazy_static! {
-    static ref VM_APK_CONTENTS_PATH_C: CString =
-        CString::new(VM_APK_CONTENTS_PATH).expect("CString::new failed");
-    static ref PAYLOAD_CONNECTION: Mutex<Option<Strong<dyn IVmPayloadService>>> = Mutex::default();
-    static ref VM_ENCRYPTED_STORAGE_PATH_C: CString =
-        CString::new(ENCRYPTEDSTORE_MOUNTPOINT).expect("CString::new failed");
-}
-
-static ALREADY_NOTIFIED: AtomicBool = AtomicBool::new(false);
-
-/// Return a connection to the payload service in Microdroid Manager. Uses the existing connection
-/// if there is one, otherwise attempts to create a new one.
-fn get_vm_payload_service() -> Result<Strong<dyn IVmPayloadService>> {
-    let mut connection = PAYLOAD_CONNECTION.lock().unwrap();
-    if let Some(strong) = &*connection {
-        Ok(strong.clone())
-    } else {
-        let new_connection: Strong<dyn IVmPayloadService> = RpcSession::new()
-            .setup_unix_domain_client(VM_PAYLOAD_SERVICE_SOCKET_NAME)
-            .context(format!("Failed to connect to service: {}", VM_PAYLOAD_SERVICE_SOCKET_NAME))?;
-        *connection = Some(new_connection.clone());
-        Ok(new_connection)
-    }
-}
-
-/// Make sure our logging goes to logcat. It is harmless to call this more than once.
-fn initialize_logging() {
-    android_logger::init_once(
-        android_logger::Config::default().with_tag("vm_payload").with_max_level(LevelFilter::Info),
-    );
-}
-
-/// In many cases clients can't do anything useful if API calls fail, and the failure
-/// generally indicates that the VM is exiting or otherwise doomed. So rather than
-/// returning a non-actionable error indication we just log the problem and abort
-/// the process.
-fn unwrap_or_abort<T, E: Debug>(result: Result<T, E>) -> T {
-    result.unwrap_or_else(|e| {
-        let msg = format!("{:?}", e);
-        error!("{msg}");
-        panic!("{msg}")
-    })
-}
-
-/// Notifies the host that the payload is ready.
-/// Panics on failure.
-#[no_mangle]
-pub extern "C" fn AVmPayload_notifyPayloadReady() {
-    initialize_logging();
-
-    if !ALREADY_NOTIFIED.swap(true, Ordering::Relaxed) {
-        unwrap_or_abort(try_notify_payload_ready());
-
-        info!("Notified host payload ready successfully");
-    }
-}
-
-/// Notifies the host that the payload is ready.
-/// Returns a `Result` containing error information if failed.
-fn try_notify_payload_ready() -> Result<()> {
-    get_vm_payload_service()?.notifyPayloadReady().context("Cannot notify payload ready")
-}
-
-/// Runs a binder RPC server, serving the supplied binder service implementation on the given vsock
-/// port.
-///
-/// If and when the server is ready for connections (it is listening on the port), `on_ready` is
-/// called to allow appropriate action to be taken - e.g. to notify clients that they may now
-/// attempt to connect.
-///
-/// The current thread joins the binder thread pool to handle incoming messages.
-/// This function never returns.
-///
-/// Panics on error (including unexpected server exit).
-///
-/// # Safety
-///
-/// If present, the `on_ready` callback must be a valid function pointer, which will be called at
-/// most once, while this function is executing, with the `param` parameter.
-#[no_mangle]
-pub unsafe extern "C" fn AVmPayload_runVsockRpcServer(
-    service: *mut AIBinder,
-    port: u32,
-    on_ready: Option<unsafe extern "C" fn(param: *mut c_void)>,
-    param: *mut c_void,
-) -> Infallible {
-    initialize_logging();
-
-    // SAFETY: try_run_vsock_server has the same requirements as this function
-    unwrap_or_abort(unsafe { try_run_vsock_server(service, port, on_ready, param) })
-}
-
-/// # Safety: Same as `AVmPayload_runVsockRpcServer`.
-unsafe fn try_run_vsock_server(
-    service: *mut AIBinder,
-    port: u32,
-    on_ready: Option<unsafe extern "C" fn(param: *mut c_void)>,
-    param: *mut c_void,
-) -> Result<Infallible> {
-    // SAFETY: AIBinder returned has correct reference count, and the ownership can
-    // safely be taken by new_spibinder.
-    let service = unsafe { new_spibinder(service) };
-    if let Some(service) = service {
-        match RpcServer::new_vsock(service, libc::VMADDR_CID_HOST, port) {
-            Ok(server) => {
-                if let Some(on_ready) = on_ready {
-                    // SAFETY: We're calling the callback with the parameter specified within the
-                    // allowed lifetime.
-                    unsafe { on_ready(param) };
-                }
-                server.join();
-                bail!("RpcServer unexpectedly terminated");
-            }
-            Err(err) => {
-                bail!("Failed to start RpcServer: {:?}", err);
-            }
-        }
-    } else {
-        bail!("Failed to convert the given service from AIBinder to SpIBinder.");
-    }
-}
-
-/// Get a secret that is uniquely bound to this VM instance.
-/// Panics on failure.
-///
-/// # Safety
-///
-/// Behavior is undefined if any of the following conditions are violated:
-///
-/// * `identifier` must be [valid] for reads of `identifier_size` bytes.
-/// * `secret` must be [valid] for writes of `size` bytes.
-///
-/// [valid]: ptr#safety
-#[no_mangle]
-pub unsafe extern "C" fn AVmPayload_getVmInstanceSecret(
-    identifier: *const u8,
-    identifier_size: usize,
-    secret: *mut u8,
-    size: usize,
-) {
-    initialize_logging();
-
-    // SAFETY: See the requirements on `identifier` above.
-    let identifier = unsafe { std::slice::from_raw_parts(identifier, identifier_size) };
-    let vm_secret = unwrap_or_abort(try_get_vm_instance_secret(identifier, size));
-
-    // SAFETY: See the requirements on `secret` above; `vm_secret` is known to have length `size`,
-    // and cannot overlap `secret` because we just allocated it.
-    unsafe {
-        ptr::copy_nonoverlapping(vm_secret.as_ptr(), secret, size);
-    }
-}
-
-fn try_get_vm_instance_secret(identifier: &[u8], size: usize) -> Result<Vec<u8>> {
-    let vm_secret = get_vm_payload_service()?
-        .getVmInstanceSecret(identifier, i32::try_from(size)?)
-        .context("Cannot get VM instance secret")?;
-    ensure!(
-        vm_secret.len() == size,
-        "Returned secret has {} bytes, expected {}",
-        vm_secret.len(),
-        size
-    );
-    Ok(vm_secret)
-}
-
-/// Get the VM's attestation chain.
-/// Panics on failure.
-///
-/// # Safety
-///
-/// Behavior is undefined if any of the following conditions are violated:
-///
-/// * `data` must be [valid] for writes of `size` bytes, if size > 0.
-///
-/// [valid]: ptr#safety
-#[no_mangle]
-pub unsafe extern "C" fn AVmPayload_getDiceAttestationChain(data: *mut u8, size: usize) -> usize {
-    initialize_logging();
-
-    let chain = unwrap_or_abort(try_get_dice_attestation_chain());
-    if size != 0 {
-        // SAFETY: See the requirements on `data` above. The number of bytes copied doesn't exceed
-        // the length of either buffer, and `chain` cannot overlap `data` because we just allocated
-        // it. We allow data to be null, which is never valid, but only if size == 0 which is
-        // checked above.
-        unsafe { ptr::copy_nonoverlapping(chain.as_ptr(), data, std::cmp::min(chain.len(), size)) };
-    }
-    chain.len()
-}
-
-fn try_get_dice_attestation_chain() -> Result<Vec<u8>> {
-    get_vm_payload_service()?.getDiceAttestationChain().context("Cannot get attestation chain")
-}
-
-/// Get the VM's attestation CDI.
-/// Panics on failure.
-///
-/// # Safety
-///
-/// Behavior is undefined if any of the following conditions are violated:
-///
-/// * `data` must be [valid] for writes of `size` bytes, if size > 0.
-///
-/// [valid]: ptr#safety
-#[no_mangle]
-pub unsafe extern "C" fn AVmPayload_getDiceAttestationCdi(data: *mut u8, size: usize) -> usize {
-    initialize_logging();
-
-    let cdi = unwrap_or_abort(try_get_dice_attestation_cdi());
-    if size != 0 {
-        // SAFETY: See the requirements on `data` above. The number of bytes copied doesn't exceed
-        // the length of either buffer, and `cdi` cannot overlap `data` because we just allocated
-        // it. We allow data to be null, which is never valid, but only if size == 0 which is
-        // checked above.
-        unsafe { ptr::copy_nonoverlapping(cdi.as_ptr(), data, std::cmp::min(cdi.len(), size)) };
-    }
-    cdi.len()
-}
-
-fn try_get_dice_attestation_cdi() -> Result<Vec<u8>> {
-    get_vm_payload_service()?.getDiceAttestationCdi().context("Cannot get attestation CDI")
-}
-
-/// Requests the remote attestation of the client VM.
-///
-/// The challenge will be included in the certificate chain in the attestation result,
-/// serving as proof of the freshness of the result.
-///
-/// # Safety
-///
-/// Behavior is undefined if any of the following conditions are violated:
-///
-/// * `challenge` must be [valid] for reads of `challenge_size` bytes.
-/// * `res` must be [valid] to write the attestation result.
-/// * The region of memory beginning at `challenge` with `challenge_size` bytes must not
-///  overlap with the region of memory `res` points to.
-///
-/// [valid]: ptr#safety
-#[no_mangle]
-pub unsafe extern "C" fn AVmPayload_requestAttestation(
-    challenge: *const u8,
-    challenge_size: usize,
-    res: &mut *mut AttestationResult,
-) -> attestation_status_t {
-    initialize_logging();
-    const MAX_CHALLENGE_SIZE: usize = 64;
-    if challenge_size > MAX_CHALLENGE_SIZE {
-        return attestation_status_t::ATTESTATION_ERROR_INVALID_CHALLENGE;
-    }
-    let challenge = if challenge_size == 0 {
-        &[]
-    } else {
-        // SAFETY: The caller guarantees that `challenge` is valid for reads of
-        // `challenge_size` bytes and `challenge_size` is not zero.
-        unsafe { std::slice::from_raw_parts(challenge, challenge_size) }
-    };
-    let service = unwrap_or_abort(get_vm_payload_service());
-    match service.requestAttestation(challenge) {
-        Ok(attestation_res) => {
-            *res = Box::into_raw(Box::new(attestation_res));
-            attestation_status_t::ATTESTATION_OK
-        }
-        Err(e) => {
-            error!("Remote attestation failed: {e:?}");
-            binder_status_to_attestation_status(e)
-        }
-    }
-}
-
-fn binder_status_to_attestation_status(status: binder::Status) -> attestation_status_t {
-    match status.exception_code() {
-        ExceptionCode::UNSUPPORTED_OPERATION => attestation_status_t::ATTESTATION_ERROR_UNSUPPORTED,
-        _ => attestation_status_t::ATTESTATION_ERROR_ATTESTATION_FAILED,
-    }
-}
-
-/// Converts the return value from `AVmPayload_requestAttestation` to a text string
-/// representing the error code.
-#[no_mangle]
-pub extern "C" fn AVmAttestationResult_resultToString(
-    status: attestation_status_t,
-) -> *const c_char {
-    let message = match status {
-        attestation_status_t::ATTESTATION_OK => {
-            CStr::from_bytes_with_nul(b"The remote attestation completes successfully.\0").unwrap()
-        }
-        attestation_status_t::ATTESTATION_ERROR_INVALID_CHALLENGE => {
-            CStr::from_bytes_with_nul(b"The challenge size is not between 0 and 64.\0").unwrap()
-        }
-        attestation_status_t::ATTESTATION_ERROR_ATTESTATION_FAILED => {
-            CStr::from_bytes_with_nul(b"Failed to attest the VM. Please retry at a later time.\0")
-                .unwrap()
-        }
-        attestation_status_t::ATTESTATION_ERROR_UNSUPPORTED => CStr::from_bytes_with_nul(
-            b"Remote attestation is not supported in the current environment.\0",
-        )
-        .unwrap(),
-    };
-    message.as_ptr()
-}
-
-/// Reads the DER-encoded ECPrivateKey structure specified in [RFC 5915 s3] for the
-/// EC P-256 private key from the provided attestation result.
-///
-/// # Safety
-///
-/// Behavior is undefined if any of the following conditions are violated:
-///
-/// * `data` must be [valid] for writes of `size` bytes, if size > 0.
-/// * The region of memory beginning at `data` with `size` bytes must not overlap with the
-///  region of memory `res` points to.
-///
-/// [valid]: ptr#safety
-/// [RFC 5915 s3]: https://datatracker.ietf.org/doc/html/rfc5915#section-3
-#[no_mangle]
-pub unsafe extern "C" fn AVmAttestationResult_getPrivateKey(
-    res: &AttestationResult,
-    data: *mut u8,
-    size: usize,
-) -> usize {
-    let private_key = &res.privateKey;
-    if size != 0 {
-        let data = NonNull::new(data).expect("data must not be null when size > 0");
-        // SAFETY: See the requirements on `data` above. The number of bytes copied doesn't exceed
-        // the length of either buffer, and the caller ensures that `private_key` cannot overlap
-        // `data`. We allow data to be null, which is never valid, but only if size == 0
-        // which is checked above.
-        unsafe {
-            ptr::copy_nonoverlapping(
-                private_key.as_ptr(),
-                data.as_ptr(),
-                std::cmp::min(private_key.len(), size),
-            )
-        };
-    }
-    private_key.len()
-}
-
-/// Signs the given message using ECDSA P-256, the message is first hashed with SHA-256 and
-/// then it is signed with the attested EC P-256 private key in the attestation result.
-///
-/// # Safety
-///
-/// Behavior is undefined if any of the following conditions are violated:
-///
-/// * `message` must be [valid] for reads of `message_size` bytes.
-/// * `data` must be [valid] for writes of `size` bytes, if size > 0.
-/// * The region of memory beginning at `data` with `size` bytes must not overlap with the
-///  region of memory `res` or `message` point to.
-///
-///
-/// [valid]: ptr#safety
-#[no_mangle]
-pub unsafe extern "C" fn AVmAttestationResult_sign(
-    res: &AttestationResult,
-    message: *const u8,
-    message_size: usize,
-    data: *mut u8,
-    size: usize,
-) -> usize {
-    if message_size == 0 {
-        panic!("Message to be signed must not be empty.")
-    }
-    // SAFETY: See the requirements on `message` above.
-    let message = unsafe { std::slice::from_raw_parts(message, message_size) };
-    let signature = unwrap_or_abort(try_ecdsa_sign(message, &res.privateKey));
-    if size != 0 {
-        let data = NonNull::new(data).expect("data must not be null when size > 0");
-        // SAFETY: See the requirements on `data` above. The number of bytes copied doesn't exceed
-        // the length of either buffer, and the caller ensures that `signature` cannot overlap
-        // `data`. We allow data to be null, which is never valid, but only if size == 0
-        // which is checked above.
-        unsafe {
-            ptr::copy_nonoverlapping(
-                signature.as_ptr(),
-                data.as_ptr(),
-                std::cmp::min(signature.len(), size),
-            )
-        };
-    }
-    signature.len()
-}
-
-fn try_ecdsa_sign(message: &[u8], der_encoded_ec_private_key: &[u8]) -> Result<Vec<u8>> {
-    let private_key = EcKey::private_key_from_der(der_encoded_ec_private_key)?;
-    let digest = sha256(message);
-    let sig = EcdsaSig::sign(&digest, &private_key)?;
-    Ok(sig.to_der()?)
-}
-
-/// Gets the number of certificates in the certificate chain.
-#[no_mangle]
-pub extern "C" fn AVmAttestationResult_getCertificateCount(res: &AttestationResult) -> usize {
-    res.certificateChain.len()
-}
-
-/// Retrieves the certificate at the given `index` from the certificate chain in the provided
-/// attestation result.
-///
-/// # Safety
-///
-/// Behavior is undefined if any of the following conditions are violated:
-///
-/// * `data` must be [valid] for writes of `size` bytes, if size > 0.
-/// * `index` must be within the range of [0, number of certificates). The number of certificates
-///   can be obtained with `AVmAttestationResult_getCertificateCount`.
-/// * The region of memory beginning at `data` with `size` bytes must not overlap with the
-///  region of memory `res` points to.
-///
-/// [valid]: ptr#safety
-#[no_mangle]
-pub unsafe extern "C" fn AVmAttestationResult_getCertificateAt(
-    res: &AttestationResult,
-    index: usize,
-    data: *mut u8,
-    size: usize,
-) -> usize {
-    let certificate =
-        &res.certificateChain.get(index).expect("The index is out of bounds.").encodedCertificate;
-    if size != 0 {
-        let data = NonNull::new(data).expect("data must not be null when size > 0");
-        // SAFETY: See the requirements on `data` above. The number of bytes copied doesn't exceed
-        // the length of either buffer, and the caller ensures that `certificate` cannot overlap
-        // `data`. We allow data to be null, which is never valid, but only if size == 0
-        // which is checked above.
-        unsafe {
-            ptr::copy_nonoverlapping(
-                certificate.as_ptr(),
-                data.as_ptr(),
-                std::cmp::min(certificate.len(), size),
-            )
-        };
-    }
-    certificate.len()
-}
-
-/// Frees all the data owned by given attestation result and result itself.
-///
-/// # Safety
-///
-/// Behavior is undefined if any of the following conditions are violated:
-///
-/// * `res` must point to a valid `AttestationResult` and has not been freed before.
-#[no_mangle]
-pub unsafe extern "C" fn AVmAttestationResult_free(res: *mut AttestationResult) {
-    if !res.is_null() {
-        // SAFETY: The result is only freed once is ensured by the caller.
-        let res = unsafe { Box::from_raw(res) };
-        drop(res)
-    }
-}
-
-/// Gets the path to the APK contents.
-#[no_mangle]
-pub extern "C" fn AVmPayload_getApkContentsPath() -> *const c_char {
-    VM_APK_CONTENTS_PATH_C.as_ptr()
-}
-
-/// Gets the path to the VM's encrypted storage.
-#[no_mangle]
-pub extern "C" fn AVmPayload_getEncryptedStoragePath() -> *const c_char {
-    if Path::new(ENCRYPTEDSTORE_MOUNTPOINT).exists() {
-        VM_ENCRYPTED_STORAGE_PATH_C.as_ptr()
-    } else {
-        ptr::null()
-    }
-}
diff --git a/vm_payload/src/lib.rs b/vm_payload/src/lib.rs
index 9e10895..7978059 100644
--- a/vm_payload/src/lib.rs
+++ b/vm_payload/src/lib.rs
@@ -12,14 +12,498 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-//! Library for payload to communicate with the Microdroid Manager.
+//! This module handles the interaction with virtual machine payload service.
 
-mod api;
-
-pub use api::{
-    AVmAttestationResult_free, AVmAttestationResult_getCertificateAt,
-    AVmAttestationResult_getCertificateCount, AVmAttestationResult_getPrivateKey,
-    AVmAttestationResult_resultToString, AVmAttestationResult_sign,
-    AVmPayload_getDiceAttestationCdi, AVmPayload_getDiceAttestationChain,
-    AVmPayload_getVmInstanceSecret, AVmPayload_notifyPayloadReady, AVmPayload_requestAttestation,
+use android_system_virtualization_payload::aidl::android::system::virtualization::payload:: IVmPayloadService::{
+    IVmPayloadService, ENCRYPTEDSTORE_MOUNTPOINT, VM_APK_CONTENTS_PATH,
+    VM_PAYLOAD_SERVICE_SOCKET_NAME, AttestationResult::AttestationResult,
 };
+use anyhow::{bail, ensure, Context, Result};
+use binder::{
+    unstable_api::{new_spibinder, AIBinder},
+    Strong, ExceptionCode,
+};
+use lazy_static::lazy_static;
+use log::{error, info, LevelFilter};
+use rpcbinder::{RpcServer, RpcSession};
+use openssl::{ec::EcKey, sha::sha256, ecdsa::EcdsaSig};
+use std::convert::Infallible;
+use std::ffi::{CString, CStr};
+use std::fmt::Debug;
+use std::os::raw::{c_char, c_void};
+use std::path::Path;
+use std::ptr::{self, NonNull};
+use std::sync::{
+    atomic::{AtomicBool, Ordering},
+    Mutex,
+};
+use vm_payload_status_bindgen::attestation_status_t;
+
+lazy_static! {
+    static ref VM_APK_CONTENTS_PATH_C: CString =
+        CString::new(VM_APK_CONTENTS_PATH).expect("CString::new failed");
+    static ref PAYLOAD_CONNECTION: Mutex<Option<Strong<dyn IVmPayloadService>>> = Mutex::default();
+    static ref VM_ENCRYPTED_STORAGE_PATH_C: CString =
+        CString::new(ENCRYPTEDSTORE_MOUNTPOINT).expect("CString::new failed");
+}
+
+static ALREADY_NOTIFIED: AtomicBool = AtomicBool::new(false);
+
+/// Return a connection to the payload service in Microdroid Manager. Uses the existing connection
+/// if there is one, otherwise attempts to create a new one.
+fn get_vm_payload_service() -> Result<Strong<dyn IVmPayloadService>> {
+    let mut connection = PAYLOAD_CONNECTION.lock().unwrap();
+    if let Some(strong) = &*connection {
+        Ok(strong.clone())
+    } else {
+        let new_connection: Strong<dyn IVmPayloadService> = RpcSession::new()
+            .setup_unix_domain_client(VM_PAYLOAD_SERVICE_SOCKET_NAME)
+            .context(format!("Failed to connect to service: {}", VM_PAYLOAD_SERVICE_SOCKET_NAME))?;
+        *connection = Some(new_connection.clone());
+        Ok(new_connection)
+    }
+}
+
+/// Make sure our logging goes to logcat. It is harmless to call this more than once.
+fn initialize_logging() {
+    android_logger::init_once(
+        android_logger::Config::default().with_tag("vm_payload").with_max_level(LevelFilter::Info),
+    );
+}
+
+/// In many cases clients can't do anything useful if API calls fail, and the failure
+/// generally indicates that the VM is exiting or otherwise doomed. So rather than
+/// returning a non-actionable error indication we just log the problem and abort
+/// the process.
+fn unwrap_or_abort<T, E: Debug>(result: Result<T, E>) -> T {
+    result.unwrap_or_else(|e| {
+        let msg = format!("{:?}", e);
+        error!("{msg}");
+        panic!("{msg}")
+    })
+}
+
+/// Notifies the host that the payload is ready.
+/// Panics on failure.
+#[no_mangle]
+pub extern "C" fn AVmPayload_notifyPayloadReady() {
+    initialize_logging();
+
+    if !ALREADY_NOTIFIED.swap(true, Ordering::Relaxed) {
+        unwrap_or_abort(try_notify_payload_ready());
+
+        info!("Notified host payload ready successfully");
+    }
+}
+
+/// Notifies the host that the payload is ready.
+/// Returns a `Result` containing error information if failed.
+fn try_notify_payload_ready() -> Result<()> {
+    get_vm_payload_service()?.notifyPayloadReady().context("Cannot notify payload ready")
+}
+
+/// Runs a binder RPC server, serving the supplied binder service implementation on the given vsock
+/// port.
+///
+/// If and when the server is ready for connections (it is listening on the port), `on_ready` is
+/// called to allow appropriate action to be taken - e.g. to notify clients that they may now
+/// attempt to connect.
+///
+/// The current thread joins the binder thread pool to handle incoming messages.
+/// This function never returns.
+///
+/// Panics on error (including unexpected server exit).
+///
+/// # Safety
+///
+/// If present, the `on_ready` callback must be a valid function pointer, which will be called at
+/// most once, while this function is executing, with the `param` parameter.
+#[no_mangle]
+pub unsafe extern "C" fn AVmPayload_runVsockRpcServer(
+    service: *mut AIBinder,
+    port: u32,
+    on_ready: Option<unsafe extern "C" fn(param: *mut c_void)>,
+    param: *mut c_void,
+) -> Infallible {
+    initialize_logging();
+
+    // SAFETY: try_run_vsock_server has the same requirements as this function
+    unwrap_or_abort(unsafe { try_run_vsock_server(service, port, on_ready, param) })
+}
+
+/// # Safety: Same as `AVmPayload_runVsockRpcServer`.
+unsafe fn try_run_vsock_server(
+    service: *mut AIBinder,
+    port: u32,
+    on_ready: Option<unsafe extern "C" fn(param: *mut c_void)>,
+    param: *mut c_void,
+) -> Result<Infallible> {
+    // SAFETY: AIBinder returned has correct reference count, and the ownership can
+    // safely be taken by new_spibinder.
+    let service = unsafe { new_spibinder(service) };
+    if let Some(service) = service {
+        match RpcServer::new_vsock(service, libc::VMADDR_CID_HOST, port) {
+            Ok(server) => {
+                if let Some(on_ready) = on_ready {
+                    // SAFETY: We're calling the callback with the parameter specified within the
+                    // allowed lifetime.
+                    unsafe { on_ready(param) };
+                }
+                server.join();
+                bail!("RpcServer unexpectedly terminated");
+            }
+            Err(err) => {
+                bail!("Failed to start RpcServer: {:?}", err);
+            }
+        }
+    } else {
+        bail!("Failed to convert the given service from AIBinder to SpIBinder.");
+    }
+}
+
+/// Get a secret that is uniquely bound to this VM instance.
+/// Panics on failure.
+///
+/// # Safety
+///
+/// Behavior is undefined if any of the following conditions are violated:
+///
+/// * `identifier` must be [valid] for reads of `identifier_size` bytes.
+/// * `secret` must be [valid] for writes of `size` bytes.
+///
+/// [valid]: ptr#safety
+#[no_mangle]
+pub unsafe extern "C" fn AVmPayload_getVmInstanceSecret(
+    identifier: *const u8,
+    identifier_size: usize,
+    secret: *mut u8,
+    size: usize,
+) {
+    initialize_logging();
+
+    // SAFETY: See the requirements on `identifier` above.
+    let identifier = unsafe { std::slice::from_raw_parts(identifier, identifier_size) };
+    let vm_secret = unwrap_or_abort(try_get_vm_instance_secret(identifier, size));
+
+    // SAFETY: See the requirements on `secret` above; `vm_secret` is known to have length `size`,
+    // and cannot overlap `secret` because we just allocated it.
+    unsafe {
+        ptr::copy_nonoverlapping(vm_secret.as_ptr(), secret, size);
+    }
+}
+
+fn try_get_vm_instance_secret(identifier: &[u8], size: usize) -> Result<Vec<u8>> {
+    let vm_secret = get_vm_payload_service()?
+        .getVmInstanceSecret(identifier, i32::try_from(size)?)
+        .context("Cannot get VM instance secret")?;
+    ensure!(
+        vm_secret.len() == size,
+        "Returned secret has {} bytes, expected {}",
+        vm_secret.len(),
+        size
+    );
+    Ok(vm_secret)
+}
+
+/// Get the VM's attestation chain.
+/// Panics on failure.
+///
+/// # Safety
+///
+/// Behavior is undefined if any of the following conditions are violated:
+///
+/// * `data` must be [valid] for writes of `size` bytes, if size > 0.
+///
+/// [valid]: ptr#safety
+#[no_mangle]
+pub unsafe extern "C" fn AVmPayload_getDiceAttestationChain(data: *mut u8, size: usize) -> usize {
+    initialize_logging();
+
+    let chain = unwrap_or_abort(try_get_dice_attestation_chain());
+    if size != 0 {
+        // SAFETY: See the requirements on `data` above. The number of bytes copied doesn't exceed
+        // the length of either buffer, and `chain` cannot overlap `data` because we just allocated
+        // it. We allow data to be null, which is never valid, but only if size == 0 which is
+        // checked above.
+        unsafe { ptr::copy_nonoverlapping(chain.as_ptr(), data, std::cmp::min(chain.len(), size)) };
+    }
+    chain.len()
+}
+
+fn try_get_dice_attestation_chain() -> Result<Vec<u8>> {
+    get_vm_payload_service()?.getDiceAttestationChain().context("Cannot get attestation chain")
+}
+
+/// Get the VM's attestation CDI.
+/// Panics on failure.
+///
+/// # Safety
+///
+/// Behavior is undefined if any of the following conditions are violated:
+///
+/// * `data` must be [valid] for writes of `size` bytes, if size > 0.
+///
+/// [valid]: ptr#safety
+#[no_mangle]
+pub unsafe extern "C" fn AVmPayload_getDiceAttestationCdi(data: *mut u8, size: usize) -> usize {
+    initialize_logging();
+
+    let cdi = unwrap_or_abort(try_get_dice_attestation_cdi());
+    if size != 0 {
+        // SAFETY: See the requirements on `data` above. The number of bytes copied doesn't exceed
+        // the length of either buffer, and `cdi` cannot overlap `data` because we just allocated
+        // it. We allow data to be null, which is never valid, but only if size == 0 which is
+        // checked above.
+        unsafe { ptr::copy_nonoverlapping(cdi.as_ptr(), data, std::cmp::min(cdi.len(), size)) };
+    }
+    cdi.len()
+}
+
+fn try_get_dice_attestation_cdi() -> Result<Vec<u8>> {
+    get_vm_payload_service()?.getDiceAttestationCdi().context("Cannot get attestation CDI")
+}
+
+/// Requests the remote attestation of the client VM.
+///
+/// The challenge will be included in the certificate chain in the attestation result,
+/// serving as proof of the freshness of the result.
+///
+/// # Safety
+///
+/// Behavior is undefined if any of the following conditions are violated:
+///
+/// * `challenge` must be [valid] for reads of `challenge_size` bytes.
+/// * `res` must be [valid] to write the attestation result.
+/// * The region of memory beginning at `challenge` with `challenge_size` bytes must not
+///  overlap with the region of memory `res` points to.
+///
+/// [valid]: ptr#safety
+#[no_mangle]
+pub unsafe extern "C" fn AVmPayload_requestAttestation(
+    challenge: *const u8,
+    challenge_size: usize,
+    res: &mut *mut AttestationResult,
+) -> attestation_status_t {
+    initialize_logging();
+    const MAX_CHALLENGE_SIZE: usize = 64;
+    if challenge_size > MAX_CHALLENGE_SIZE {
+        return attestation_status_t::ATTESTATION_ERROR_INVALID_CHALLENGE;
+    }
+    let challenge = if challenge_size == 0 {
+        &[]
+    } else {
+        // SAFETY: The caller guarantees that `challenge` is valid for reads of
+        // `challenge_size` bytes and `challenge_size` is not zero.
+        unsafe { std::slice::from_raw_parts(challenge, challenge_size) }
+    };
+    let service = unwrap_or_abort(get_vm_payload_service());
+    match service.requestAttestation(challenge) {
+        Ok(attestation_res) => {
+            *res = Box::into_raw(Box::new(attestation_res));
+            attestation_status_t::ATTESTATION_OK
+        }
+        Err(e) => {
+            error!("Remote attestation failed: {e:?}");
+            binder_status_to_attestation_status(e)
+        }
+    }
+}
+
+fn binder_status_to_attestation_status(status: binder::Status) -> attestation_status_t {
+    match status.exception_code() {
+        ExceptionCode::UNSUPPORTED_OPERATION => attestation_status_t::ATTESTATION_ERROR_UNSUPPORTED,
+        _ => attestation_status_t::ATTESTATION_ERROR_ATTESTATION_FAILED,
+    }
+}
+
+/// Converts the return value from `AVmPayload_requestAttestation` to a text string
+/// representing the error code.
+#[no_mangle]
+pub extern "C" fn AVmAttestationResult_resultToString(
+    status: attestation_status_t,
+) -> *const c_char {
+    let message = match status {
+        attestation_status_t::ATTESTATION_OK => {
+            CStr::from_bytes_with_nul(b"The remote attestation completes successfully.\0").unwrap()
+        }
+        attestation_status_t::ATTESTATION_ERROR_INVALID_CHALLENGE => {
+            CStr::from_bytes_with_nul(b"The challenge size is not between 0 and 64.\0").unwrap()
+        }
+        attestation_status_t::ATTESTATION_ERROR_ATTESTATION_FAILED => {
+            CStr::from_bytes_with_nul(b"Failed to attest the VM. Please retry at a later time.\0")
+                .unwrap()
+        }
+        attestation_status_t::ATTESTATION_ERROR_UNSUPPORTED => CStr::from_bytes_with_nul(
+            b"Remote attestation is not supported in the current environment.\0",
+        )
+        .unwrap(),
+    };
+    message.as_ptr()
+}
+
+/// Reads the DER-encoded ECPrivateKey structure specified in [RFC 5915 s3] for the
+/// EC P-256 private key from the provided attestation result.
+///
+/// # Safety
+///
+/// Behavior is undefined if any of the following conditions are violated:
+///
+/// * `data` must be [valid] for writes of `size` bytes, if size > 0.
+/// * The region of memory beginning at `data` with `size` bytes must not overlap with the
+///  region of memory `res` points to.
+///
+/// [valid]: ptr#safety
+/// [RFC 5915 s3]: https://datatracker.ietf.org/doc/html/rfc5915#section-3
+#[no_mangle]
+pub unsafe extern "C" fn AVmAttestationResult_getPrivateKey(
+    res: &AttestationResult,
+    data: *mut u8,
+    size: usize,
+) -> usize {
+    let private_key = &res.privateKey;
+    if size != 0 {
+        let data = NonNull::new(data).expect("data must not be null when size > 0");
+        // SAFETY: See the requirements on `data` above. The number of bytes copied doesn't exceed
+        // the length of either buffer, and the caller ensures that `private_key` cannot overlap
+        // `data`. We allow data to be null, which is never valid, but only if size == 0
+        // which is checked above.
+        unsafe {
+            ptr::copy_nonoverlapping(
+                private_key.as_ptr(),
+                data.as_ptr(),
+                std::cmp::min(private_key.len(), size),
+            )
+        };
+    }
+    private_key.len()
+}
+
+/// Signs the given message using ECDSA P-256, the message is first hashed with SHA-256 and
+/// then it is signed with the attested EC P-256 private key in the attestation result.
+///
+/// # Safety
+///
+/// Behavior is undefined if any of the following conditions are violated:
+///
+/// * `message` must be [valid] for reads of `message_size` bytes.
+/// * `data` must be [valid] for writes of `size` bytes, if size > 0.
+/// * The region of memory beginning at `data` with `size` bytes must not overlap with the
+///  region of memory `res` or `message` point to.
+///
+///
+/// [valid]: ptr#safety
+#[no_mangle]
+pub unsafe extern "C" fn AVmAttestationResult_sign(
+    res: &AttestationResult,
+    message: *const u8,
+    message_size: usize,
+    data: *mut u8,
+    size: usize,
+) -> usize {
+    if message_size == 0 {
+        panic!("Message to be signed must not be empty.")
+    }
+    // SAFETY: See the requirements on `message` above.
+    let message = unsafe { std::slice::from_raw_parts(message, message_size) };
+    let signature = unwrap_or_abort(try_ecdsa_sign(message, &res.privateKey));
+    if size != 0 {
+        let data = NonNull::new(data).expect("data must not be null when size > 0");
+        // SAFETY: See the requirements on `data` above. The number of bytes copied doesn't exceed
+        // the length of either buffer, and the caller ensures that `signature` cannot overlap
+        // `data`. We allow data to be null, which is never valid, but only if size == 0
+        // which is checked above.
+        unsafe {
+            ptr::copy_nonoverlapping(
+                signature.as_ptr(),
+                data.as_ptr(),
+                std::cmp::min(signature.len(), size),
+            )
+        };
+    }
+    signature.len()
+}
+
+fn try_ecdsa_sign(message: &[u8], der_encoded_ec_private_key: &[u8]) -> Result<Vec<u8>> {
+    let private_key = EcKey::private_key_from_der(der_encoded_ec_private_key)?;
+    let digest = sha256(message);
+    let sig = EcdsaSig::sign(&digest, &private_key)?;
+    Ok(sig.to_der()?)
+}
+
+/// Gets the number of certificates in the certificate chain.
+#[no_mangle]
+pub extern "C" fn AVmAttestationResult_getCertificateCount(res: &AttestationResult) -> usize {
+    res.certificateChain.len()
+}
+
+/// Retrieves the certificate at the given `index` from the certificate chain in the provided
+/// attestation result.
+///
+/// # Safety
+///
+/// Behavior is undefined if any of the following conditions are violated:
+///
+/// * `data` must be [valid] for writes of `size` bytes, if size > 0.
+/// * `index` must be within the range of [0, number of certificates). The number of certificates
+///   can be obtained with `AVmAttestationResult_getCertificateCount`.
+/// * The region of memory beginning at `data` with `size` bytes must not overlap with the
+///  region of memory `res` points to.
+///
+/// [valid]: ptr#safety
+#[no_mangle]
+pub unsafe extern "C" fn AVmAttestationResult_getCertificateAt(
+    res: &AttestationResult,
+    index: usize,
+    data: *mut u8,
+    size: usize,
+) -> usize {
+    let certificate =
+        &res.certificateChain.get(index).expect("The index is out of bounds.").encodedCertificate;
+    if size != 0 {
+        let data = NonNull::new(data).expect("data must not be null when size > 0");
+        // SAFETY: See the requirements on `data` above. The number of bytes copied doesn't exceed
+        // the length of either buffer, and the caller ensures that `certificate` cannot overlap
+        // `data`. We allow data to be null, which is never valid, but only if size == 0
+        // which is checked above.
+        unsafe {
+            ptr::copy_nonoverlapping(
+                certificate.as_ptr(),
+                data.as_ptr(),
+                std::cmp::min(certificate.len(), size),
+            )
+        };
+    }
+    certificate.len()
+}
+
+/// Frees all the data owned by given attestation result and result itself.
+///
+/// # Safety
+///
+/// Behavior is undefined if any of the following conditions are violated:
+///
+/// * `res` must point to a valid `AttestationResult` and has not been freed before.
+#[no_mangle]
+pub unsafe extern "C" fn AVmAttestationResult_free(res: *mut AttestationResult) {
+    if !res.is_null() {
+        // SAFETY: The result is only freed once is ensured by the caller.
+        let res = unsafe { Box::from_raw(res) };
+        drop(res)
+    }
+}
+
+/// Gets the path to the APK contents.
+#[no_mangle]
+pub extern "C" fn AVmPayload_getApkContentsPath() -> *const c_char {
+    VM_APK_CONTENTS_PATH_C.as_ptr()
+}
+
+/// Gets the path to the VM's encrypted storage.
+#[no_mangle]
+pub extern "C" fn AVmPayload_getEncryptedStoragePath() -> *const c_char {
+    if Path::new(ENCRYPTEDSTORE_MOUNTPOINT).exists() {
+        VM_ENCRYPTED_STORAGE_PATH_C.as_ptr()
+    } else {
+        ptr::null()
+    }
+}
diff --git a/vmbase/Android.bp b/vmbase/Android.bp
index e682773..07e1b4c 100644
--- a/vmbase/Android.bp
+++ b/vmbase/Android.bp
@@ -41,6 +41,7 @@
 // Used by extra cc_library_static linked into the final ELF.
 cc_defaults {
     name: "vmbase_cc_defaults",
+    defaults: ["avf_build_flags_cc"],
     nocrt: true,
     no_libcrt: true,
     system_shared_libs: [],
diff --git a/vmbase/example/tests/test.rs b/vmbase/example/tests/test.rs
index 17ff947..2df5a80 100644
--- a/vmbase/example/tests/test.rs
+++ b/vmbase/example/tests/test.rs
@@ -42,7 +42,9 @@
 #[test]
 fn test_run_example_vm() -> Result<(), Error> {
     android_logger::init_once(
-        android_logger::Config::default().with_tag("vmbase").with_min_level(log::Level::Debug),
+        android_logger::Config::default()
+            .with_tag("vmbase")
+            .with_max_level(log::LevelFilter::Debug),
     );
 
     // Redirect panic messages to logcat.
diff --git a/zipfuse/Android.bp b/zipfuse/Android.bp
index 974d66a..7ee0ef1 100644
--- a/zipfuse/Android.bp
+++ b/zipfuse/Android.bp
@@ -1,4 +1,5 @@
 package {
+    default_team: "trendy_team_virtualization",
     default_applicable_licenses: ["Android-Apache-2.0"],
 }