Merge "Switch to AutoCloseable"
diff --git a/compos/composd_cmd/Android.bp b/compos/composd_cmd/Android.bp
index 54b0bad..77caad8 100644
--- a/compos/composd_cmd/Android.bp
+++ b/compos/composd_cmd/Android.bp
@@ -2,8 +2,8 @@
default_applicable_licenses: ["Android-Apache-2.0"],
}
-rust_binary {
- name: "composd_cmd",
+rust_defaults {
+ name: "composd_cmd_defaults",
srcs: ["composd_cmd.rs"],
edition: "2021",
rustlibs: [
@@ -12,8 +12,14 @@
"libbinder_rs",
"libclap",
"libcompos_common",
+ "libhypervisor_props",
],
prefer_rlib: true,
+}
+
+rust_binary {
+ name: "composd_cmd",
+ defaults: ["composd_cmd_defaults"],
apex_available: [
"com.android.compos",
],
@@ -21,15 +27,6 @@
rust_test {
name: "composd_cmd.test",
- srcs: ["composd_cmd.rs"],
- edition: "2021",
- rustlibs: [
- "android.system.composd-rust",
- "libanyhow",
- "libbinder_rs",
- "libclap",
- "libcompos_common",
- ],
- prefer_rlib: true,
+ defaults: ["composd_cmd_defaults"],
test_suites: ["general-tests"],
}
diff --git a/compos/composd_cmd/composd_cmd.rs b/compos/composd_cmd/composd_cmd.rs
index 19c3720..6d096a1 100644
--- a/compos/composd_cmd/composd_cmd.rs
+++ b/compos/composd_cmd/composd_cmd.rs
@@ -128,6 +128,12 @@
&Strong<dyn ICompilationTaskCallback>,
) -> BinderResult<Strong<dyn ICompilationTask>>,
{
+ if !hypervisor_props::is_any_vm_supported()? {
+ // Give up now, before trying to start composd, or we may end up waiting forever
+ // as it repeatedly starts and then aborts (b/254599807).
+ bail!("Device doesn't support protected or non-protected VMs")
+ }
+
let service = wait_for_interface::<dyn IIsolatedCompilationService>("android.system.composd")
.context("Failed to connect to composd service")?;
diff --git a/libs/dice/Android.bp b/libs/dice/Android.bp
deleted file mode 100644
index 31a39b2..0000000
--- a/libs/dice/Android.bp
+++ /dev/null
@@ -1,19 +0,0 @@
-package {
- default_applicable_licenses: ["Android-Apache-2.0"],
-}
-
-rust_library_rlib {
- name: "libdice_nostd",
- crate_name: "dice",
- srcs: ["src/lib.rs"],
- edition: "2021",
- no_stdlibs: true,
- prefer_rlib: true,
- stdlibs: ["libcore.rust_sysroot"],
- rustlibs: [
- "libdiced_open_dice_nostd",
- "libopen_dice_cbor_bindgen_nostd",
- "libopen_dice_bcc_bindgen_nostd",
- ],
- apex_available: ["com.android.virt"],
-}
diff --git a/libs/dice/src/bcc.rs b/libs/dice/src/bcc.rs
deleted file mode 100644
index a7ef882..0000000
--- a/libs/dice/src/bcc.rs
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- * Copyright 2022 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-//! Wrapper around dice/android/bcc.h.
-
-use core::mem;
-use core::ptr;
-
-use open_dice_bcc_bindgen::BccHandoverMainFlow;
-use open_dice_bcc_bindgen::BccHandoverParse;
-
-use crate::check_result;
-use crate::Cdi;
-use crate::DiceError;
-use crate::InputValues;
-use crate::Result;
-
-/// Boot Chain Certificate handover format combining the BCC and CDIs in a single CBOR object.
-#[derive(Clone, Debug)]
-pub struct Handover<'a> {
- buffer: &'a [u8],
- /// Attestation CDI.
- pub cdi_attest: &'a Cdi,
- /// Sealing CDI.
- pub cdi_seal: &'a Cdi,
- /// Boot Chain Certificate (optional).
- pub bcc: Option<&'a [u8]>,
-}
-
-impl<'a> Handover<'a> {
- /// Validates and extracts the fields of a BCC handover buffer.
- pub fn new(buffer: &'a [u8]) -> Result<Self> {
- let mut cdi_attest: *const u8 = ptr::null();
- let mut cdi_seal: *const u8 = ptr::null();
- let mut bcc: *const u8 = ptr::null();
- let mut bcc_size: usize = 0;
-
- // SAFETY - The buffer is only read and never stored and the returned pointers should all
- // point within the address range of the buffer or be NULL.
- check_result(unsafe {
- BccHandoverParse(
- buffer.as_ptr(),
- buffer.len(),
- &mut cdi_attest as *mut *const u8,
- &mut cdi_seal as *mut *const u8,
- &mut bcc as *mut *const u8,
- &mut bcc_size as *mut usize,
- )
- })?;
-
- let cdi_attest = {
- let i = index_from_ptr(buffer, cdi_attest).ok_or(DiceError::PlatformError)?;
- let s = buffer.get(i..(i + mem::size_of::<Cdi>())).ok_or(DiceError::PlatformError)?;
- s.try_into().map_err(|_| DiceError::PlatformError)?
- };
- let cdi_seal = {
- let i = index_from_ptr(buffer, cdi_seal).ok_or(DiceError::PlatformError)?;
- let s = buffer.get(i..(i + mem::size_of::<Cdi>())).ok_or(DiceError::PlatformError)?;
- s.try_into().map_err(|_| DiceError::PlatformError)?
- };
- let bcc = if bcc.is_null() {
- None
- } else {
- let i = index_from_ptr(buffer, bcc).ok_or(DiceError::PlatformError)?;
- Some(buffer.get(i..(i + bcc_size)).ok_or(DiceError::PlatformError)?)
- };
-
- Ok(Self { buffer, cdi_attest, cdi_seal, bcc })
- }
-
- /// Executes the main BCC handover flow.
- pub fn main_flow(&self, input_values: &InputValues, buffer: &mut [u8]) -> Result<usize> {
- let context = ptr::null_mut();
- let mut size: usize = 0;
- // SAFETY - The function only reads `self.buffer`, writes to `buffer` within its bounds,
- // reads `input_values` as a constant input and doesn't store any pointer.
- check_result(unsafe {
- BccHandoverMainFlow(
- context,
- self.buffer.as_ptr(),
- self.buffer.len(),
- input_values.as_ptr(),
- buffer.len(),
- buffer.as_mut_ptr(),
- &mut size as *mut usize,
- )
- })?;
-
- Ok(size)
- }
-}
-
-fn index_from_ptr(slice: &[u8], pointer: *const u8) -> Option<usize> {
- if slice.as_ptr_range().contains(&pointer) {
- (pointer as usize).checked_sub(slice.as_ptr() as usize)
- } else {
- None
- }
-}
diff --git a/libs/dice/src/lib.rs b/libs/dice/src/lib.rs
deleted file mode 100644
index 6870eeb..0000000
--- a/libs/dice/src/lib.rs
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * Copyright 2022 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-//! Bare metal wrapper around libopen_dice.
-
-#![no_std]
-
-pub use diced_open_dice::{
- bcc_format_config_descriptor, check_result, Cdi, Config, DiceError, DiceMode, Hash,
- InputValues, Result, CDI_SIZE, HASH_SIZE, HIDDEN_SIZE,
-};
-
-pub mod bcc;
diff --git a/libs/hypervisor_props/Android.bp b/libs/hypervisor_props/Android.bp
new file mode 100644
index 0000000..af08b01
--- /dev/null
+++ b/libs/hypervisor_props/Android.bp
@@ -0,0 +1,18 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+rust_library {
+ name: "libhypervisor_props",
+ crate_name: "hypervisor_props",
+ srcs: ["src/lib.rs"],
+ edition: "2021",
+ rustlibs: [
+ "libanyhow",
+ "librustutils",
+ ],
+ apex_available: [
+ "com.android.compos",
+ "com.android.virt",
+ ],
+}
diff --git a/libs/hypervisor_props/src/lib.rs b/libs/hypervisor_props/src/lib.rs
new file mode 100644
index 0000000..120a48c
--- /dev/null
+++ b/libs/hypervisor_props/src/lib.rs
@@ -0,0 +1,40 @@
+// Copyright 2023, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Access to hypervisor capabilities via system properties set by the bootloader.
+
+use anyhow::{Error, Result};
+use rustutils::system_properties;
+
+/// Returns whether there is a hypervisor present that supports non-protected VMs.
+pub fn is_vm_supported() -> Result<bool> {
+ system_properties::read_bool("ro.boot.hypervisor.vm.supported", false).map_err(Error::new)
+}
+
+/// Returns whether there is a hypervisor present that supports protected VMs.
+pub fn is_protected_vm_supported() -> Result<bool> {
+ system_properties::read_bool("ro.boot.hypervisor.protected_vm.supported", false)
+ .map_err(Error::new)
+}
+
+/// Returns whether there is a hypervisor present that supports any sort of VM, either protected
+/// or non-protected.
+pub fn is_any_vm_supported() -> Result<bool> {
+ is_vm_supported().and_then(|ok| if ok { Ok(true) } else { is_protected_vm_supported() })
+}
+
+/// Returns the version of the hypervisor, if there is one.
+pub fn version() -> Result<Option<String>> {
+ system_properties::read("ro.boot.hypervisor.version").map_err(Error::new)
+}
diff --git a/microdroid_manager/src/dice.rs b/microdroid_manager/src/dice.rs
index 9a2648f..fd22198 100644
--- a/microdroid_manager/src/dice.rs
+++ b/microdroid_manager/src/dice.rs
@@ -14,10 +14,11 @@
//! Logic for handling the DICE values and boot operations.
-use anyhow::{bail, Context, Error, Result};
+use anyhow::{anyhow, bail, Context, Error, Result};
use byteorder::{NativeEndian, ReadBytesExt};
use diced_open_dice::{
- retry_bcc_main_flow, Cdi, Config, DiceMode, Hash, Hidden, InputValues, OwnedDiceArtifacts,
+ bcc_handover_parse, retry_bcc_main_flow, BccHandover, Cdi, Config, DiceMode, Hash, Hidden,
+ InputValues, OwnedDiceArtifacts,
};
use keystore2_crypto::ZVec;
use libc::{c_void, mmap, munmap, MAP_FAILED, MAP_PRIVATE, PROT_READ};
@@ -47,9 +48,7 @@
driver_path: PathBuf,
mmap_addr: *mut c_void,
mmap_size: usize,
- cdi_attest: &'a Cdi,
- cdi_seal: &'a Cdi,
- bcc: &'a [u8],
+ bcc_handover: BccHandover<'a>,
},
Fake(OwnedDiceArtifacts),
}
@@ -86,27 +85,13 @@
// accessible and not referenced from anywhere else.
let mmap_buf =
unsafe { slice::from_raw_parts((mmap_addr as *const u8).as_ref().unwrap(), mmap_size) };
- // Very inflexible parsing / validation of the BccHandover data. Assumes deterministically
- // encoded CBOR.
- //
- // BccHandover = {
- // 1 : bstr .size 32, ; CDI_Attest
- // 2 : bstr .size 32, ; CDI_Seal
- // 3 : Bcc, ; Certificate chain
- // }
- if mmap_buf[0..4] != [0xa3, 0x01, 0x58, 0x20]
- || mmap_buf[36..39] != [0x02, 0x58, 0x20]
- || mmap_buf[71] != 0x03
- {
- bail!("BccHandover format mismatch");
- }
+ let bcc_handover =
+ bcc_handover_parse(mmap_buf).map_err(|_| anyhow!("Failed to parse Bcc Handover"))?;
Ok(Self::Real {
driver_path: driver_path.to_path_buf(),
mmap_addr,
mmap_size,
- cdi_attest: mmap_buf[4..36].try_into().unwrap(),
- cdi_seal: mmap_buf[39..71].try_into().unwrap(),
- bcc: &mmap_buf[72..],
+ bcc_handover,
})
}
@@ -115,7 +100,7 @@
// directly, so we have the chance to rotate the key if needed. A salt isn't needed as the
// input key material is already cryptographically strong.
let cdi_seal = match self {
- Self::Real { cdi_seal, .. } => cdi_seal,
+ Self::Real { bcc_handover, .. } => bcc_handover.cdi_seal,
Self::Fake(fake) => &fake.cdi_values.cdi_seal,
};
let salt = &[];
@@ -138,7 +123,11 @@
hidden,
);
let (cdi_attest, cdi_seal, bcc) = match &self {
- Self::Real { cdi_attest, cdi_seal, bcc, .. } => (*cdi_attest, *cdi_seal, *bcc),
+ Self::Real { bcc_handover, .. } => (
+ bcc_handover.cdi_attest,
+ bcc_handover.cdi_seal,
+ bcc_handover.bcc.ok_or_else(|| anyhow!("bcc is none"))?,
+ ),
Self::Fake(fake) => {
(&fake.cdi_values.cdi_attest, &fake.cdi_values.cdi_seal, fake.bcc.as_slice())
}
diff --git a/pvmfw/Android.bp b/pvmfw/Android.bp
index 9cb997b..7561800 100644
--- a/pvmfw/Android.bp
+++ b/pvmfw/Android.bp
@@ -14,7 +14,6 @@
rustlibs: [
"libaarch64_paging",
"libbuddy_system_allocator",
- "libdice_nostd", // TODO(b/267575445): Remove this library once the migration is done.
"libdiced_open_dice_nostd",
"libfdtpci",
"liblibfdt",
diff --git a/pvmfw/src/dice.rs b/pvmfw/src/dice.rs
index 9c5f59a..14f522f 100644
--- a/pvmfw/src/dice.rs
+++ b/pvmfw/src/dice.rs
@@ -20,10 +20,9 @@
use core::mem::size_of;
use core::slice;
-use dice::Config;
-use dice::DiceMode;
-use dice::InputValues;
-use diced_open_dice::{bcc_format_config_descriptor, hash, HIDDEN_SIZE};
+use diced_open_dice::{
+ bcc_format_config_descriptor, hash, Config, DiceMode, Hash, InputValues, HIDDEN_SIZE,
+};
use pvmfw_avb::{DebugLevel, Digest, VerifiedBootData};
fn to_dice_mode(debug_level: DebugLevel) -> DiceMode {
@@ -33,7 +32,7 @@
}
}
-fn to_dice_hash(verified_boot_data: &VerifiedBootData) -> dice::Result<dice::Hash> {
+fn to_dice_hash(verified_boot_data: &VerifiedBootData) -> diced_open_dice::Result<Hash> {
let mut digests = [0u8; size_of::<Digest>() * 2];
digests[..size_of::<Digest>()].copy_from_slice(&verified_boot_data.kernel_digest);
if let Some(initrd_digest) = verified_boot_data.initrd_digest {
@@ -43,13 +42,13 @@
}
pub struct PartialInputs {
- code_hash: dice::Hash,
- auth_hash: dice::Hash,
+ code_hash: Hash,
+ auth_hash: Hash,
mode: DiceMode,
}
impl PartialInputs {
- pub fn new(data: &VerifiedBootData) -> dice::Result<Self> {
+ pub fn new(data: &VerifiedBootData) -> diced_open_dice::Result<Self> {
let code_hash = to_dice_hash(data)?;
let auth_hash = hash(data.public_key)?;
let mode = to_dice_mode(data.debug_level);
@@ -57,7 +56,10 @@
Ok(Self { code_hash, auth_hash, mode })
}
- pub fn into_input_values(self, salt: &[u8; HIDDEN_SIZE]) -> dice::Result<InputValues> {
+ pub fn into_input_values(
+ self,
+ salt: &[u8; HIDDEN_SIZE],
+ ) -> diced_open_dice::Result<InputValues> {
let component_name = CStr::from_bytes_with_nul(b"vm_entry\0").unwrap();
let mut config_descriptor_buffer = [0; 128];
let config_descriptor_size = bcc_format_config_descriptor(
diff --git a/pvmfw/src/entry.rs b/pvmfw/src/entry.rs
index 530449c..ddde50a 100644
--- a/pvmfw/src/entry.rs
+++ b/pvmfw/src/entry.rs
@@ -25,7 +25,6 @@
use core::arch::asm;
use core::num::NonZeroUsize;
use core::slice;
-use dice::bcc::Handover;
use log::debug;
use log::error;
use log::info;
@@ -243,10 +242,6 @@
})?;
let bcc_slice = appended.get_bcc_mut();
- let bcc = Handover::new(bcc_slice).map_err(|e| {
- error!("Invalid BCC Handover: {e:?}");
- RebootReason::InvalidBcc
- })?;
debug!("Activating dynamic page table...");
// SAFETY - page_table duplicates the static mappings for everything that the Rust code is
@@ -258,7 +253,7 @@
let slices = MemorySlices::new(fdt, payload, payload_size, &mut memory)?;
// This wrapper allows main() to be blissfully ignorant of platform details.
- crate::main(slices.fdt, slices.kernel, slices.ramdisk, &bcc, &mut memory)?;
+ crate::main(slices.fdt, slices.kernel, slices.ramdisk, bcc_slice, &mut memory)?;
helpers::flushed_zeroize(bcc_slice);
helpers::flush(slices.fdt.as_slice());
diff --git a/pvmfw/src/main.rs b/pvmfw/src/main.rs
index f7774e4..ba26114 100644
--- a/pvmfw/src/main.rs
+++ b/pvmfw/src/main.rs
@@ -46,7 +46,7 @@
memory::MemoryTracker,
virtio::pci::{self, find_virtio_devices},
};
-use ::dice::bcc;
+use diced_open_dice::{bcc_handover_main_flow, bcc_handover_parse, HIDDEN_SIZE};
use fdtpci::{PciError, PciInfo};
use libfdt::Fdt;
use log::{debug, error, info, trace};
@@ -59,7 +59,7 @@
fdt: &mut Fdt,
signed_kernel: &[u8],
ramdisk: Option<&[u8]>,
- bcc: &bcc::Handover,
+ current_bcc_handover: &[u8],
memory: &mut MemoryTracker,
) -> Result<(), RebootReason> {
info!("pVM firmware");
@@ -71,7 +71,11 @@
} else {
debug!("Ramdisk: None");
}
- trace!("BCC: {bcc:x?}");
+ let bcc_handover = bcc_handover_parse(current_bcc_handover).map_err(|e| {
+ error!("Invalid BCC Handover: {e:?}");
+ RebootReason::InvalidBcc
+ })?;
+ trace!("BCC: {bcc_handover:x?}");
// Set up PCI bus for VirtIO devices.
let pci_info = PciInfo::from_fdt(fdt).map_err(handle_pci_error)?;
@@ -95,12 +99,12 @@
error!("Failed to compute partial DICE inputs: {e:?}");
RebootReason::InternalError
})?;
- let salt = [0; ::dice::HIDDEN_SIZE]; // TODO(b/249723852): Get from instance.img and/or TRNG.
+ let salt = [0; HIDDEN_SIZE]; // TODO(b/249723852): Get from instance.img and/or TRNG.
let dice_inputs = dice_inputs.into_input_values(&salt).map_err(|e| {
error!("Failed to generate DICE inputs: {e:?}");
RebootReason::InternalError
})?;
- let _ = bcc.main_flow(&dice_inputs, next_bcc).map_err(|e| {
+ let _ = bcc_handover_main_flow(current_bcc_handover, &dice_inputs, next_bcc).map_err(|e| {
error!("Failed to derive next-stage DICE secrets: {e:?}");
RebootReason::SecretDerivationError
})?;
diff --git a/virtualizationmanager/Android.bp b/virtualizationmanager/Android.bp
index a436cea..e82797e 100644
--- a/virtualizationmanager/Android.bp
+++ b/virtualizationmanager/Android.bp
@@ -32,6 +32,7 @@
"libclap",
"libcommand_fds",
"libdisk",
+ "libhypervisor_props",
"liblazy_static",
"liblibc",
"liblog_rust",
diff --git a/virtualizationmanager/src/main.rs b/virtualizationmanager/src/main.rs
index dca64cb..3f0b64b 100644
--- a/virtualizationmanager/src/main.rs
+++ b/virtualizationmanager/src/main.rs
@@ -23,7 +23,7 @@
use crate::aidl::{GLOBAL_SERVICE, VirtualizationService};
use android_system_virtualizationservice::aidl::android::system::virtualizationservice::IVirtualizationService::BnVirtualizationService;
-use anyhow::{bail, Context};
+use anyhow::{bail, Context, Result};
use binder::{BinderFeatures, ProcessState};
use lazy_static::lazy_static;
use log::{info, Level};
@@ -33,7 +33,6 @@
use nix::fcntl::{fcntl, F_GETFD, F_SETFD, FdFlag};
use nix::unistd::{Pid, Uid};
use std::os::unix::raw::{pid_t, uid_t};
-use rustutils::system_properties;
const LOG_TAG: &str = "virtmgr";
@@ -92,9 +91,15 @@
Ok(unsafe { OwnedFd::from_raw_fd(raw_fd) })
}
-fn is_property_set(name: &str) -> bool {
- system_properties::read_bool(name, false)
- .unwrap_or_else(|e| panic!("Failed to read {name}: {e:?}"))
+fn check_vm_support() -> Result<()> {
+ if hypervisor_props::is_any_vm_supported()? {
+ Ok(())
+ } else {
+ // This should never happen, it indicates a misconfigured device where the virt APEX
+ // is present but VMs are not supported. If it does happen, fail fast to avoid wasting
+ // resources trying.
+ bail!("Device doesn't support protected or non-protected VMs")
+ }
}
fn main() {
@@ -105,14 +110,7 @@
.with_log_id(android_logger::LogId::System),
);
- let non_protected_vm_supported = is_property_set("ro.boot.hypervisor.vm.supported");
- let protected_vm_supported = is_property_set("ro.boot.hypervisor.protected_vm.supported");
- if !non_protected_vm_supported && !protected_vm_supported {
- // This should never happen, it indicates a misconfigured device where the virt APEX
- // is present but VMs are not supported. If it does happen, fail fast to avoid wasting
- // resources trying.
- panic!("Device doesn't support protected or unprotected VMs");
- }
+ check_vm_support().unwrap();
let args = Args::parse();
diff --git a/vm/Android.bp b/vm/Android.bp
index e217786..50e68cc 100644
--- a/vm/Android.bp
+++ b/vm/Android.bp
@@ -15,11 +15,11 @@
"libclap",
"libenv_logger",
"libglob",
+ "libhypervisor_props",
"liblibc",
"liblog_rust",
"libmicrodroid_payload_config",
"librand",
- "librustutils",
"libserde_json",
"libserde",
"libvmconfig",
diff --git a/vm/src/main.rs b/vm/src/main.rs
index e1c3413..6c08a19 100644
--- a/vm/src/main.rs
+++ b/vm/src/main.rs
@@ -23,12 +23,11 @@
PartitionType::PartitionType, VirtualMachineAppConfig::DebugLevel::DebugLevel,
};
use anyhow::{Context, Error};
-use binder::ProcessState;
+use binder::{ProcessState, Strong};
use clap::Parser;
use create_idsig::command_create_idsig;
use create_partition::command_create_partition;
use run::{command_run, command_run_app, command_run_microdroid};
-use rustutils::system_properties;
use std::path::{Path, PathBuf};
#[derive(Debug)]
@@ -230,6 +229,12 @@
}
}
+fn get_service() -> Result<Strong<dyn IVirtualizationService>, Error> {
+ let virtmgr =
+ vmclient::VirtualizationService::new().context("Failed to spawn VirtualizationService")?;
+ virtmgr.connect().context("Failed to connect to VirtualizationService")
+}
+
fn main() -> Result<(), Error> {
env_logger::init();
let opt = Opt::parse();
@@ -237,10 +242,6 @@
// We need to start the thread pool for Binder to work properly, especially link_to_death.
ProcessState::start_thread_pool();
- let virtmgr =
- vmclient::VirtualizationService::new().context("Failed to spawn VirtualizationService")?;
- let service = virtmgr.connect().context("Failed to connect to VirtualizationService")?;
-
match opt {
Opt::RunApp {
name,
@@ -261,7 +262,7 @@
extra_idsigs,
} => command_run_app(
name,
- service.as_ref(),
+ get_service()?.as_ref(),
&apk,
&idsig,
&instance,
@@ -292,7 +293,7 @@
task_profiles,
} => command_run_microdroid(
name,
- service.as_ref(),
+ get_service()?.as_ref(),
work_dir,
storage.as_deref(),
storage_size,
@@ -307,7 +308,7 @@
Opt::Run { name, config, cpu_topology, task_profiles, console, log } => {
command_run(
name,
- service.as_ref(),
+ get_service()?.as_ref(),
&config,
console.as_deref(),
log.as_deref(),
@@ -316,12 +317,14 @@
task_profiles,
)
}
- Opt::List => command_list(service.as_ref()),
+ Opt::List => command_list(get_service()?.as_ref()),
Opt::Info => command_info(),
Opt::CreatePartition { path, size, partition_type } => {
- command_create_partition(service.as_ref(), &path, size, partition_type)
+ command_create_partition(get_service()?.as_ref(), &path, size, partition_type)
}
- Opt::CreateIdsig { apk, path } => command_create_idsig(service.as_ref(), &apk, &path),
+ Opt::CreateIdsig { apk, path } => {
+ command_create_idsig(get_service()?.as_ref(), &apk, &path)
+ }
}
}
@@ -334,10 +337,8 @@
/// Print information about supported VM types.
fn command_info() -> Result<(), Error> {
- let non_protected_vm_supported =
- system_properties::read_bool("ro.boot.hypervisor.vm.supported", false)?;
- let protected_vm_supported =
- system_properties::read_bool("ro.boot.hypervisor.protected_vm.supported", false)?;
+ let non_protected_vm_supported = hypervisor_props::is_vm_supported()?;
+ let protected_vm_supported = hypervisor_props::is_protected_vm_supported()?;
match (non_protected_vm_supported, protected_vm_supported) {
(false, false) => println!("VMs are not supported."),
(false, true) => println!("Only protected VMs are supported."),
@@ -345,7 +346,7 @@
(true, true) => println!("Both protected and non-protected VMs are supported."),
}
- if let Some(version) = system_properties::read("ro.boot.hypervisor.version")? {
+ if let Some(version) = hypervisor_props::version()? {
println!("Hypervisor version: {}", version);
} else {
println!("Hypervisor version not set.");