Support running protected VMs.

Test: atest VirtualizationTestCases
Change-Id: Ia6e605a73f6dd14e87fc7ad5e12bf973b1d2b499
diff --git a/virtualizationservice/src/crosvm.rs b/virtualizationservice/src/crosvm.rs
index 797011c..669c631 100644
--- a/virtualizationservice/src/crosvm.rs
+++ b/virtualizationservice/src/crosvm.rs
@@ -39,6 +39,7 @@
     pub initrd: Option<&'a File>,
     pub disks: Vec<DiskFile>,
     pub params: Option<String>,
+    pub protected: bool,
 }
 
 /// A disk image to pass to crosvm for a VM.
@@ -55,6 +56,8 @@
     child: SharedChild,
     /// The CID assigned to the VM for vsock communication.
     pub cid: Cid,
+    /// Whether the VM is a protected VM.
+    pub protected: bool,
     /// Directory of temporary files used by the VM while it is running.
     pub temporary_directory: PathBuf,
     /// The UID of the process which requested the VM.
@@ -75,6 +78,7 @@
     fn new(
         child: SharedChild,
         cid: Cid,
+        protected: bool,
         temporary_directory: PathBuf,
         requester_uid: u32,
         requester_sid: String,
@@ -83,6 +87,7 @@
         VmInstance {
             child,
             cid,
+            protected,
             temporary_directory,
             requester_uid,
             requester_sid,
@@ -107,6 +112,7 @@
         let instance = Arc::new(VmInstance::new(
             child,
             config.cid,
+            config.protected,
             temporary_directory,
             requester_uid,
             requester_sid,
@@ -163,6 +169,10 @@
     // TODO(qwandor): Remove --disable-sandbox.
     command.arg("run").arg("--disable-sandbox").arg("--cid").arg(config.cid.to_string());
 
+    if config.protected {
+        command.arg("--protected-vm");
+    }
+
     if let Some(log_fd) = log_fd {
         command.stdout(log_fd);
     } else {