Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / daf396aaa220dbb68745fe3a91f82d9987f976fa
commitdaf396aaa220dbb68745fe3a91f82d9987f976fa[log] [tgz]
authorSeungjae Yoo <seungjaeyoo@google.com>Mon Apr 15 12:58:07 2024 +0900
committerSeungjae Yoo <seungjaeyoo@google.com>Mon Apr 15 13:49:10 2024 +0900
tree60a36808326a7ac60f4853257f4af5483e1ecb02
parentc3219d5f46a60ee2b8bc6f27cd63cda32c914881 [diff]
Make SecurityException being detected in nativeSpawn

When android.permission.MANAGE_VIRTUAL_MACHINE isn't granted to the app,
framework API should throw SecurityException for permission check. After
granting CAP_SYS_NICE to virtmgr, connection is not made between virtmgr
and Java framework side. This change does sending any single character
from virtmgr through readyFd-waitFd pipe, so that nativeSpawn function
of framework side can detect if connection is healthy, before trying to
create actual binder connection. And this health check can leave more
descriptive error with throwing Security Exception.

Bug: 328051532
Test: atest MicrodroidTestAppNoPerm
Test: atest MicrodroidTestApp
Change-Id: Iee246a136459fbf30e21a480fc9f8a786711324f
3 files changed
tree: 60a36808326a7ac60f4853257f4af5483e1ecb02
  1. apex/
  2. apkdmverity/
  3. authfs/
  4. compos/
  5. demo/
  6. demo_native/
  7. docs/
  8. encryptedstore/
  9. flags/
  10. java/
  11. launcher/
  12. libs/
  13. microdroid/
  14. microdroid_manager/
  15. pvmfw/
  16. rialto/
  17. service_vm/
  18. tests/
  19. virtualizationmanager/
  20. virtualizationservice/
  21. vm/
  22. vm_payload/
  23. vmbase/
  24. vmclient/
  25. vmlauncher_app/
  26. zipfuse/
  27. .clang-format
  28. .gitignore
  29. Android.bp
  30. avf_flags.aconfig
  31. OWNERS
  32. PREUPLOAD.cfg
  33. README.md
  34. rustfmt.toml
  35. TEST_MAPPING
README.md

Android Virtualization Framework (AVF)

Android Virtualization Framework (AVF) provides secure and private execution environments for executing code. AVF is ideal for security-oriented use cases that require stronger isolation assurances over those offered by Android’s app sandbox.

Visit our public doc site to learn more about what AVF is, what it is for, and how it is structured. This repository contains source code for userspace components of AVF.

If you want a quick start, see the getting started guideline and follow the steps there.

For in-depth explanations about individual topics and components, visit the following links.

AVF components:

AVF APIs:

How-Tos: