Merge "Manage name->VM mapping in VMM"
diff --git a/apex/Android.bp b/apex/Android.bp
index 2d6c757..4e64e50 100644
--- a/apex/Android.bp
+++ b/apex/Android.bp
@@ -57,6 +57,9 @@
bootclasspath_fragments: [
"com.android.virt-bootclasspath-fragment",
],
+ jni_libs: [
+ "libvirtualmachine_jni",
+ ],
}
apex_defaults {
@@ -87,9 +90,6 @@
"fd_server",
"vm",
],
- jni_libs: [
- "libvirtualmachine_jni",
- ],
prebuilts: [
"com.android.virt.init.rc",
"features_com.android.virt.xml",
diff --git a/authfs/aidl/com/android/virt/fs/IAuthFsService.aidl b/authfs/aidl/com/android/virt/fs/IAuthFsService.aidl
index b349db2..30cc281 100644
--- a/authfs/aidl/com/android/virt/fs/IAuthFsService.aidl
+++ b/authfs/aidl/com/android/virt/fs/IAuthFsService.aidl
@@ -21,6 +21,8 @@
/** @hide */
interface IAuthFsService {
+ const String AUTHFS_SERVICE_SOCKET_NAME = "authfs_service";
+
/**
* Creates an AuthFS mount given the config. Returns the binder object that represent the AuthFS
* instance. The AuthFS setup is deleted once the lifetime of the returned binder object ends.
diff --git a/authfs/service/Android.bp b/authfs/service/Android.bp
index e9eec1e..de6326d 100644
--- a/authfs/service/Android.bp
+++ b/authfs/service/Android.bp
@@ -16,6 +16,7 @@
"liblibc",
"liblog_rust",
"libnix",
+ "librpcbinder_rs",
"libshared_child",
],
prefer_rlib: true,
diff --git a/authfs/service/authfs_service.rc b/authfs/service/authfs_service.rc
index 9ad0ce6..7edb1ca 100644
--- a/authfs/service/authfs_service.rc
+++ b/authfs/service/authfs_service.rc
@@ -1,2 +1,3 @@
service authfs_service /system/bin/authfs_service
disabled
+ socket authfs_service stream 0666 root system
diff --git a/authfs/service/src/main.rs b/authfs/service/src/main.rs
index 77cac9a..671c06a 100644
--- a/authfs/service/src/main.rs
+++ b/authfs/service/src/main.rs
@@ -22,8 +22,9 @@
mod authfs;
-use anyhow::{bail, Context, Result};
+use anyhow::{bail, Result};
use log::*;
+use rpcbinder::run_init_unix_domain_rpc_server;
use std::ffi::OsString;
use std::fs::{create_dir, read_dir, remove_dir_all, remove_file};
use std::sync::atomic::{AtomicUsize, Ordering};
@@ -31,13 +32,10 @@
use authfs_aidl_interface::aidl::com::android::virt::fs::AuthFsConfig::AuthFsConfig;
use authfs_aidl_interface::aidl::com::android::virt::fs::IAuthFs::IAuthFs;
use authfs_aidl_interface::aidl::com::android::virt::fs::IAuthFsService::{
- BnAuthFsService, IAuthFsService,
+ BnAuthFsService, IAuthFsService, AUTHFS_SERVICE_SOCKET_NAME,
};
-use binder::{
- self, add_service, BinderFeatures, ExceptionCode, Interface, ProcessState, Status, Strong,
-};
+use binder::{self, BinderFeatures, ExceptionCode, Interface, Status, Strong};
-const SERVICE_NAME: &str = "authfs_service";
const SERVICE_ROOT: &str = "/data/misc/authfs";
/// Implementation of `IAuthFsService`.
@@ -117,15 +115,17 @@
clean_up_working_directory()?;
- ProcessState::start_thread_pool();
-
let service = AuthFsService::new_binder(debuggable).as_binder();
- add_service(SERVICE_NAME, service)
- .with_context(|| format!("Failed to register service {}", SERVICE_NAME))?;
- debug!("{} is running", SERVICE_NAME);
-
- ProcessState::join_thread_pool();
- bail!("Unexpected exit after join_thread_pool")
+ debug!("{} is starting as a rpc service.", AUTHFS_SERVICE_SOCKET_NAME);
+ let retval = run_init_unix_domain_rpc_server(service, AUTHFS_SERVICE_SOCKET_NAME, || {
+ info!("The RPC server '{}' is running.", AUTHFS_SERVICE_SOCKET_NAME);
+ });
+ if retval {
+ info!("The RPC server at '{}' has shut down gracefully.", AUTHFS_SERVICE_SOCKET_NAME);
+ Ok(())
+ } else {
+ bail!("Premature termination of the RPC server '{}'.", AUTHFS_SERVICE_SOCKET_NAME)
+ }
}
fn main() {
diff --git a/compos/src/compsvc.rs b/compos/src/compsvc.rs
index 0e8b9f5..40d14d8 100644
--- a/compos/src/compsvc.rs
+++ b/compos/src/compsvc.rs
@@ -30,14 +30,16 @@
use crate::artifact_signer::ArtifactSigner;
use crate::compilation::odrefresh;
use crate::compos_key;
+use authfs_aidl_interface::aidl::com::android::virt::fs::IAuthFsService::{
+ IAuthFsService, AUTHFS_SERVICE_SOCKET_NAME,
+};
use binder::{BinderFeatures, ExceptionCode, Interface, Result as BinderResult, Status, Strong};
use compos_aidl_interface::aidl::com::android::compos::ICompOsService::{
BnCompOsService, ICompOsService, OdrefreshArgs::OdrefreshArgs,
};
use compos_common::binder::to_binder_result;
use compos_common::odrefresh::{is_system_property_interesting, ODREFRESH_PATH};
-
-const AUTHFS_SERVICE_NAME: &str = "authfs_service";
+use rpcbinder::get_unix_domain_rpc_interface;
/// Constructs a binder object that implements ICompOsService.
pub fn new_binder() -> Result<Strong<dyn ICompOsService>> {
@@ -127,8 +129,10 @@
impl CompOsService {
fn do_odrefresh(&self, args: &OdrefreshArgs) -> Result<i8> {
- let authfs_service = binder::get_interface(AUTHFS_SERVICE_NAME)
- .context("Unable to connect to AuthFS service")?;
+ log::debug!("Prepare to connect to {}", AUTHFS_SERVICE_SOCKET_NAME);
+ let authfs_service: Strong<dyn IAuthFsService> =
+ get_unix_domain_rpc_interface(AUTHFS_SERVICE_SOCKET_NAME)
+ .with_context(|| format!("Failed to connect to {}", AUTHFS_SERVICE_SOCKET_NAME))?;
let exit_code = odrefresh(&self.odrefresh_path, args, authfs_service, |output_dir| {
// authfs only shows us the files we created, so it's ok to just sign everything
// under the output directory.
diff --git a/demo/Android.bp b/demo/Android.bp
index 5241e25..2b234a6 100644
--- a/demo/Android.bp
+++ b/demo/Android.bp
@@ -13,7 +13,10 @@
"com.google.android.material_material",
],
libs: [
- "framework-virtualization",
+ // We need to compile against the .impl library which includes the hidden
+ // APIs. Once the APIs are promoted to @SystemApi we can switch to
+ // framework-virtualization, which contains API stubs.
+ "framework-virtualization.impl",
],
jni_libs: ["MicrodroidTestNativeLib"],
platform_apis: true,
diff --git a/javalib/Android.bp b/javalib/Android.bp
index 04ed273..9be0e9d 100644
--- a/javalib/Android.bp
+++ b/javalib/Android.bp
@@ -12,19 +12,10 @@
java_sdk_library {
name: "framework-virtualization",
- installable: false,
- compile_dex: true,
// TODO(b/243512044): introduce non-updatable-framework-module-defaults
-
defaults: ["framework-module-defaults"],
- shared_library: false,
-
- default_to_stubs: false,
-
- dist_group: "android",
-
jarjar_rules: "jarjar-rules.txt",
srcs: ["src/**/*.java"],
@@ -43,43 +34,30 @@
"com.android.system.virtualmachine.sysprop",
],
errorprone: {
- // We use @GuardedBy and we want a test failure if our locking isn't consistent with it.
enabled: true,
javacflags: [
+ // We use @GuardedBy and we want a test failure if our locking isn't consistent with it.
"-Xep:GuardedBy:ERROR",
+ // JavaApiUsedByMainlineModule is quite spammy, and since we com.android.virt is not
+ // an updatable module we don't need it.
+ "-Xep:JavaApiUsedByMainlineModule:OFF",
],
},
- public: {
- enabled: true,
- sdk_version: "module_current",
- },
-
- system: {
- enabled: true,
- sdk_version: "module_current",
- },
-
- module_lib: {
- enabled: true,
- sdk_version: "module_current",
- },
-
test: {
enabled: true,
sdk_version: "module_current",
},
sdk_version: "core_platform",
- platform_apis: true,
impl_only_libs: [
"framework",
],
impl_library_visibility: [
- "//frameworks/base",
+ "//packages/modules/Virtualization:__subpackages__",
],
- // Temporary workaround, will be removed in a follow-up child cl.
+ // TODO(b/243512044): remove once we have API tracking files in prebuilts/sdk
unsafe_ignore_missing_latest_api: true,
}
diff --git a/microdroid_manager/src/main.rs b/microdroid_manager/src/main.rs
index 762a149..0ac4167 100644
--- a/microdroid_manager/src/main.rs
+++ b/microdroid_manager/src/main.rs
@@ -28,7 +28,10 @@
use android_system_virtualmachineservice::aidl::android::system::virtualmachineservice::IVirtualMachineService::{
IVirtualMachineService, VM_BINDER_SERVICE_PORT,
};
-use android_system_virtualization_payload::aidl::android::system::virtualization::payload::IVmPayloadService::VM_APK_CONTENTS_PATH;
+use android_system_virtualization_payload::aidl::android::system::virtualization::payload::IVmPayloadService::{
+ VM_APK_CONTENTS_PATH,
+ VM_PAYLOAD_SERVICE_SOCKET_NAME,
+};
use anyhow::{anyhow, bail, ensure, Context, Error, Result};
use apkverify::{get_public_key_der, verify, V4Signature};
use binder::Strong;
@@ -36,14 +39,16 @@
use glob::glob;
use itertools::sorted;
use libc::VMADDR_CID_HOST;
-use log::{error, info};
+use log::{error, info, warn};
use microdroid_metadata::{write_metadata, Metadata, PayloadMetadata};
use microdroid_payload_config::{OsConfig, Task, TaskType, VmPayloadConfig};
+use nix::fcntl::{fcntl, F_SETFD, FdFlag};
use nix::sys::signal::Signal;
use openssl::sha::Sha512;
use payload::{get_apex_data_from_payload, load_metadata, to_metadata};
use rand::Fill;
use rpcbinder::get_vsock_rpc_interface;
+use rustutils::sockets::android_get_control_socket;
use rustutils::system_properties;
use rustutils::system_properties::PropertyWatcher;
use std::borrow::Cow::{Borrowed, Owned};
@@ -174,10 +179,22 @@
})
}
+fn set_cloexec_on_vm_payload_service_socket() -> Result<()> {
+ let fd = android_get_control_socket(VM_PAYLOAD_SERVICE_SOCKET_NAME)?;
+
+ fcntl(fd, F_SETFD(FdFlag::FD_CLOEXEC))?;
+
+ Ok(())
+}
+
fn try_main() -> Result<()> {
let _ = kernlog::init();
info!("started.");
+ if let Err(e) = set_cloexec_on_vm_payload_service_socket() {
+ warn!("Failed to set cloexec on vm payload socket: {:?}", e);
+ }
+
load_crashkernel_if_supported().context("Failed to load crashkernel")?;
swap::init_swap().context("Failed to initialise swap")?;
@@ -726,8 +743,7 @@
Ok(())
}
-/// Executes the given task. Stdout of the task is piped into the vsock stream to the
-/// virtualizationservice in the host side.
+/// Executes the given task.
fn exec_task(task: &Task, service: &Strong<dyn IVirtualMachineService>) -> Result<i32> {
info!("executing main task {:?}...", task);
let mut command = match task.type_ {
@@ -738,6 +754,7 @@
command
}
};
+ command.stdin(Stdio::null()).stdout(Stdio::null()).stderr(Stdio::null());
info!("notifying payload started");
service.notifyPayloadStarted()?;
diff --git a/microdroid_manager/src/vm_payload_service.rs b/microdroid_manager/src/vm_payload_service.rs
index 249a2d8..126a8a9 100644
--- a/microdroid_manager/src/vm_payload_service.rs
+++ b/microdroid_manager/src/vm_payload_service.rs
@@ -106,8 +106,8 @@
fn setup_payload_stdio_proxy(&self) -> Result<File> {
// Instead of a predefined port in the host, we open up a port in the guest and have
// the host connect to it. This makes it possible to have per-app instances of VS.
- const ANY_PORT: u32 = 0;
- let listener = VsockListener::bind_with_cid_port(libc::VMADDR_CID_HOST, ANY_PORT)
+ const ANY_PORT: u32 = u32::MAX; // (u32)-1
+ let listener = VsockListener::bind_with_cid_port(libc::VMADDR_CID_ANY, ANY_PORT)
.context("Failed to create vsock listener")?;
let addr = listener.local_addr().context("Failed to resolve listener port")?;
self.virtual_machine_service
diff --git a/tests/benchmark/Android.bp b/tests/benchmark/Android.bp
index bccea6b..1747183 100644
--- a/tests/benchmark/Android.bp
+++ b/tests/benchmark/Android.bp
@@ -16,7 +16,10 @@
"com.android.microdroid.testservice-java",
"truth-prebuilt",
],
- libs: ["framework-virtualization"],
+ // We need to compile against the .impl library which includes the hidden
+ // APIs. Once the APIs are promoted to @SystemApi we can switch to
+ // framework-virtualization, which contains API stubs.
+ libs: ["framework-virtualization.impl"],
jni_libs: [
"MicrodroidBenchmarkNativeLib",
"MicrodroidIdleNativeLib",
diff --git a/tests/helper/Android.bp b/tests/helper/Android.bp
index bd92020..86af955 100644
--- a/tests/helper/Android.bp
+++ b/tests/helper/Android.bp
@@ -24,5 +24,8 @@
"VirtualizationTestHelper",
"truth-prebuilt",
],
- libs: ["framework-virtualization"],
+ // We need to compile against the .impl library which includes the hidden
+ // APIs. Once the APIs are promoted to @SystemApi we can switch to
+ // framework-virtualization, which contains API stubs.
+ libs: ["framework-virtualization.impl"],
}
diff --git a/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java b/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java
index a836559..b872a73 100644
--- a/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java
+++ b/tests/hostside/java/com/android/microdroid/test/MicrodroidHostTests.java
@@ -602,6 +602,7 @@
// Check that no denials have happened so far
CommandRunner android = new CommandRunner(getDevice());
assertThat(android.tryRun("egrep", "'avc:[[:space:]]{1,2}denied'", LOG_PATH)).isNull();
+ assertThat(android.tryRun("egrep", "'avc:[[:space:]]{1,2}denied'", CONSOLE_PATH)).isNull();
assertThat(microdroid.run("cat /proc/cpuinfo | grep processor | wc -l"))
.isEqualTo(Integer.toString(NUM_VCPUS));
diff --git a/tests/testapk/Android.bp b/tests/testapk/Android.bp
index 8d49721..707dca1 100644
--- a/tests/testapk/Android.bp
+++ b/tests/testapk/Android.bp
@@ -19,7 +19,10 @@
"truth-prebuilt",
"compatibility-common-util-devicesidelib",
],
- libs: ["framework-virtualization"],
+ // We need to compile against the .impl library which includes the hidden
+ // APIs. Once the APIs are promoted to @SystemApi we can switch to
+ // framework-virtualization, which contains API stubs.
+ libs: ["framework-virtualization.impl"],
jni_libs: [
"MicrodroidTestNativeLib",
"MicrodroidIdleNativeLib",