Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / ef4c6ec763e7586b6b5e69c57147e908935712d1^! / . / android
commitef4c6ec763e7586b6b5e69c57147e908935712d1[log] [tgz]
authorMatt Gilbride <mattgilbride@google.com>Fri Aug 30 16:29:42 2024 +0000
committerMatt Gilbride <mattgilbride@google.com>Tue Sep 10 14:44:41 2024 +0000
tree3a3223905425a4dd3ec15d9911b05e578221ce20
parent37dda337708b8a3b1e1fe722c3939a60910c7933 [diff]
Support vendor partition in non-debuggable pVMs

Remove the "vendor_hashtree_descriptor_root_digest" prop from the avf
node by default. It will be re-added by virtue of being a trusted prop
in the case that the caller requested the vendor partition.

Stop adding the kerel param "androidboot.microdroid.mount_vendor=1" if
the vendorImage is supplied, as the kernel param is replaced by the
mechanism described above.

Bug: 340506965
Test: TH
Change-Id: I2994526c205ac3830efe0fb060b1ba16c747f14a

diff --git a/android/virtmgr/src/aidl.rs b/android/virtmgr/src/aidl.rs
index 87fb611..9d985ad 100644
--- a/android/virtmgr/src/aidl.rs
+++ b/android/virtmgr/src/aidl.rs

@@ -1105,7 +1105,9 @@
 
         if let Some(file) = custom_config.vendorImage.as_ref() {
             add_microdroid_vendor_image(clone_file(file)?, &mut vm_config);
-            append_kernel_param("androidboot.microdroid.mount_vendor=1", &mut vm_config)
+            if !cfg!(tpu_assignable_device) {
+                append_kernel_param("androidboot.microdroid.mount_vendor=1", &mut vm_config);
+            }
         }
 
         vm_config.devices.clone_from(&custom_config.devices);

diff --git a/android/virtmgr/src/dt_overlay.rs b/android/virtmgr/src/dt_overlay.rs
index 108ed61..d226635 100644
--- a/android/virtmgr/src/dt_overlay.rs
+++ b/android/virtmgr/src/dt_overlay.rs

@@ -17,7 +17,7 @@
 use anyhow::{anyhow, Result};
 use cstr::cstr;
 use fsfdt::FsFdt;
-use libfdt::Fdt;
+use libfdt::{Fdt, FdtError};
 use std::ffi::CStr;
 use std::path::Path;
 
@@ -90,7 +90,26 @@
         fdt.overlay_onto(cstr!("/fragment@0/__overlay__"), path)?;
     }
 
-    if !trusted_props.is_empty() {
+    if cfg!(tpu_assignable_device) {
+        let mut avf = fdt
+            .node_mut(cstr!("/fragment@0/__overlay__/avf"))
+            .map_err(|e| anyhow!("Failed to search avf node: {e:?}"))?
+            .ok_or(anyhow!("Failed to get avf node"))?;
+        let vendor_digest = cstr!("vendor_hashtree_descriptor_root_digest");
+        // Remove the vendor digest.
+        // In the case it is actually requested, it will be re-added by virtue of being in
+        // `trusted_props`.
+        match avf.delprop(vendor_digest) {
+            Ok(()) | Err(FdtError::NotFound) => {}
+            Err(e) => {
+                return Err(anyhow!("Unexpected error pre-removing {vendor_digest:?}: {e:?}"))
+            }
+        }
+        for (name, value) in trusted_props {
+            avf.setprop(name, value)
+                .map_err(|e| anyhow!("Failed to set trusted property: {e:?}"))?;
+        }
+    } else if !trusted_props.is_empty() {
         let mut avf = fdt
             .node_mut(cstr!("/fragment@0/__overlay__/avf"))
             .map_err(|e| anyhow!("Failed to search avf node: {e:?}"))?