Remove DEBUG_LEVEL_APP_ONLY
Bug: 260147409, 203369076
Test: atest MicrodroidHostTestCases;
atest MicrodroidTestApp;
atest ComposHostTestCases
Change-Id: Ia12019519766a01495ce4305ea8029e11317ca7d
diff --git a/apex/Android.bp b/apex/Android.bp
index 596493a..e580cc2 100644
--- a/apex/Android.bp
+++ b/apex/Android.bp
@@ -4,7 +4,6 @@
microdroid_filesystem_images = [
"microdroid_boot",
- "microdroid_bootconfig_app_debuggable",
"microdroid_bootconfig_full_debuggable",
"microdroid_bootconfig_normal",
"microdroid_init_boot",
@@ -93,7 +92,6 @@
prebuilts: [
"com.android.virt.init.rc",
"features_com.android.virt.xml",
- "microdroid_initrd_app_debuggable",
"microdroid_initrd_full_debuggable",
"microdroid_initrd_normal",
"microdroid.json",
diff --git a/apex/sign_virt_apex.py b/apex/sign_virt_apex.py
index c8cb07d..1d41543 100644
--- a/apex/sign_virt_apex.py
+++ b/apex/sign_virt_apex.py
@@ -352,7 +352,6 @@
'vbmeta.img': 'etc/fs/microdroid_vbmeta.img',
'vbmeta_bootconfig.img': 'etc/fs/microdroid_vbmeta_bootconfig.img',
'bootconfig.normal': 'etc/fs/microdroid_bootconfig.normal',
- 'bootconfig.app_debuggable': 'etc/fs/microdroid_bootconfig.app_debuggable',
'bootconfig.full_debuggable': 'etc/fs/microdroid_bootconfig.full_debuggable',
'uboot_env.img': 'etc/fs/uboot_env.img'
}
@@ -400,7 +399,6 @@
# Re-sign bootconfigs and the uboot_env with the same key
bootconfig_sign_key = key
Async(AddHashFooter, args, bootconfig_sign_key, files['bootconfig.normal'])
- Async(AddHashFooter, args, bootconfig_sign_key, files['bootconfig.app_debuggable'])
Async(AddHashFooter, args, bootconfig_sign_key, files['bootconfig.full_debuggable'])
Async(AddHashFooter, args, bootconfig_sign_key, files['uboot_env.img'])
diff --git a/compos/common/compos_client.rs b/compos/common/compos_client.rs
index 601c6fc..34be1d5 100644
--- a/compos/common/compos_client.rs
+++ b/compos/common/compos_client.rs
@@ -97,11 +97,7 @@
};
let config_path = get_vm_config_path(has_system_ext, parameters.prefer_staged);
- let debug_level = match (protected_vm, parameters.debug_mode) {
- (_, true) => DebugLevel::FULL,
- (false, false) => DebugLevel::APP_ONLY,
- (true, false) => DebugLevel::NONE,
- };
+ let debug_level = if parameters.debug_mode { DebugLevel::FULL } else { DebugLevel::NONE };
let (console_fd, log_fd) = if debug_level == DebugLevel::NONE {
(None, None)
diff --git a/compos/src/compilation.rs b/compos/src/compilation.rs
index 2872d95..10eca96 100644
--- a/compos/src/compilation.rs
+++ b/compos/src/compilation.rs
@@ -43,8 +43,8 @@
fn validate_args(args: &OdrefreshArgs) -> Result<()> {
if args.compilationMode != CompilationMode::NORMAL_COMPILE {
// Conservatively check debuggability.
- let debuggable = system_properties::read_bool("ro.boot.microdroid.app_debuggable", false)
- .unwrap_or(false);
+ let debuggable =
+ system_properties::read_bool("ro.boot.microdroid.debuggable", false).unwrap_or(false);
if !debuggable {
bail!("Requested compilation mode only available in debuggable VMs");
}
diff --git a/javalib/api/system-current.txt b/javalib/api/system-current.txt
index f364f4c..fb7c98c 100644
--- a/javalib/api/system-current.txt
+++ b/javalib/api/system-current.txt
@@ -63,8 +63,7 @@
method @Nullable public String getPayloadBinaryPath();
method public boolean isCompatibleWith(@NonNull android.system.virtualmachine.VirtualMachineConfig);
method public boolean isProtectedVm();
- field public static final int DEBUG_LEVEL_APP_ONLY = 1; // 0x1
- field public static final int DEBUG_LEVEL_FULL = 2; // 0x2
+ field public static final int DEBUG_LEVEL_FULL = 1; // 0x1
field public static final int DEBUG_LEVEL_NONE = 0; // 0x0
}
diff --git a/javalib/src/android/system/virtualmachine/VirtualMachineConfig.java b/javalib/src/android/system/virtualmachine/VirtualMachineConfig.java
index f9f29a1..a9e062a 100644
--- a/javalib/src/android/system/virtualmachine/VirtualMachineConfig.java
+++ b/javalib/src/android/system/virtualmachine/VirtualMachineConfig.java
@@ -70,7 +70,6 @@
@Retention(RetentionPolicy.SOURCE)
@IntDef(prefix = "DEBUG_LEVEL_", value = {
DEBUG_LEVEL_NONE,
- DEBUG_LEVEL_APP_ONLY,
DEBUG_LEVEL_FULL
})
public @interface DebugLevel {}
@@ -84,20 +83,12 @@
@SystemApi public static final int DEBUG_LEVEL_NONE = 0;
/**
- * Only the app is debuggable. Log from the app is exported from the VM. Debugger can be
- * attached to the app process. Rest of the VM is not debuggable.
- *
- * @hide
- */
- @SystemApi public static final int DEBUG_LEVEL_APP_ONLY = 1;
-
- /**
* Fully debuggable. All logs (both logcat and kernel message) are exported. All processes
* running in the VM can be attached to the debugger. Rooting is possible.
*
* @hide
*/
- @SystemApi public static final int DEBUG_LEVEL_FULL = 2;
+ @SystemApi public static final int DEBUG_LEVEL_FULL = 1;
/** Absolute path to the APK file containing the VM payload. */
@NonNull private final String mApkPath;
@@ -152,8 +143,7 @@
+ "range [1, " + availableCpus + "]");
}
- if (debugLevel != DEBUG_LEVEL_NONE && debugLevel != DEBUG_LEVEL_APP_ONLY
- && debugLevel != DEBUG_LEVEL_FULL) {
+ if (debugLevel != DEBUG_LEVEL_NONE && debugLevel != DEBUG_LEVEL_FULL) {
throw new IllegalArgumentException("Invalid debugLevel: " + debugLevel);
}
@@ -230,8 +220,7 @@
}
}
@DebugLevel int debugLevel = b.getInt(KEY_DEBUGLEVEL);
- if (debugLevel != DEBUG_LEVEL_NONE && debugLevel != DEBUG_LEVEL_APP_ONLY
- && debugLevel != DEBUG_LEVEL_FULL) {
+ if (debugLevel != DEBUG_LEVEL_NONE && debugLevel != DEBUG_LEVEL_FULL) {
throw new VirtualMachineException("Invalid debugLevel: " + debugLevel);
}
boolean protectedVm = b.getBoolean(KEY_PROTECTED_VM);
@@ -384,9 +373,6 @@
VirtualMachineAppConfig.Payload.configPath(mPayloadConfigPath);
}
switch (mDebugLevel) {
- case DEBUG_LEVEL_APP_ONLY:
- vsConfig.debugLevel = VirtualMachineAppConfig.DebugLevel.APP_ONLY;
- break;
case DEBUG_LEVEL_FULL:
vsConfig.debugLevel = VirtualMachineAppConfig.DebugLevel.FULL;
break;
diff --git a/microdroid/Android.bp b/microdroid/Android.bp
index 79378fe..0b3f7a6 100644
--- a/microdroid/Android.bp
+++ b/microdroid/Android.bp
@@ -373,15 +373,6 @@
}
avb_add_hash_footer {
- name: "microdroid_bootconfig_app_debuggable",
- src: "bootconfig.app_debuggable",
- filename: "microdroid_bootconfig.app_debuggable",
- partition_name: "bootconfig",
- private_key: ":microdroid_sign_key",
- salt: bootconfig_salt,
-}
-
-avb_add_hash_footer {
name: "microdroid_bootconfig_full_debuggable",
src: "bootconfig.full_debuggable",
filename: "microdroid_bootconfig.full_debuggable",
@@ -540,11 +531,6 @@
}
filegroup {
- name: "microdroid_bootconfig_app_debuggable_src",
- srcs: ["bootconfig.app_debuggable"],
-}
-
-filegroup {
name: "microdroid_bootconfig_normal_src",
srcs: ["bootconfig.normal"],
}
diff --git a/microdroid/bootconfig.app_debuggable b/microdroid/bootconfig.app_debuggable
deleted file mode 100644
index 529ed07..0000000
--- a/microdroid/bootconfig.app_debuggable
+++ /dev/null
@@ -1,14 +0,0 @@
-# The app is debuggable.
-androidboot.microdroid.app_debuggable=1
-
-# TODO(b/203369076) This should be 0 to disable adb rooting. For now, we can't do that because
-# if this is set to 0, adbd enforces the host authentication but we don't put the adb
-# public key (which represents the owner) in the VM yet.
-androidboot.microdroid.debuggable=0
-
-# Console output is not redirect to the host-side.
-kernel.printk.devkmsg=off
-kernel.console=ttynull
-
-# ADB is supported but rooting is prohibited.
-androidboot.adb.enabled=1
diff --git a/microdroid/bootconfig.full_debuggable b/microdroid/bootconfig.full_debuggable
index 583060b..0d0457c 100644
--- a/microdroid/bootconfig.full_debuggable
+++ b/microdroid/bootconfig.full_debuggable
@@ -1,6 +1,3 @@
-# The app is debuggable as full_debuggable is a superser of app_debuggable.
-androidboot.microdroid.app_debuggable=1
-
# ro.debuggable is set.
androidboot.microdroid.debuggable=1
diff --git a/microdroid/bootconfig.normal b/microdroid/bootconfig.normal
index 5cc553c..9226ca1 100644
--- a/microdroid/bootconfig.normal
+++ b/microdroid/bootconfig.normal
@@ -1,6 +1,3 @@
-# The app is not debuggable.
-androidboot.microdroid.app_debuggable=0
-
# ro.debuggable is off
androidboot.microdroid.debuggable=0
diff --git a/microdroid/init.rc b/microdroid/init.rc
index 310cf2b..a48ba4b 100644
--- a/microdroid/init.rc
+++ b/microdroid/init.rc
@@ -19,10 +19,10 @@
# If VM is debuggable, send logs to outside ot the VM via the serial console.
# If non-debuggable, logs are internally consumed at /dev/null
-on early-init && property:ro.boot.microdroid.app_debuggable=1
+on early-init && property:ro.boot.microdroid.debuggable=1
setprop ro.log.file_logger.path /dev/hvc2
-on early-init && property:ro.boot.microdroid.app_debuggable=0
+on early-init && property:ro.boot.microdroid.debuggable=0
setprop ro.log.file_logger.path /dev/null
on init
diff --git a/microdroid/initrd/Android.bp b/microdroid/initrd/Android.bp
index eb761bf..8d7794d 100644
--- a/microdroid/initrd/Android.bp
+++ b/microdroid/initrd/Android.bp
@@ -72,28 +72,6 @@
}
genrule {
- name: "microdroid_initrd_app_debuggable_arm64",
- tools: ["initrd_bootconfig"],
- srcs: [
- ":microdroid_initrd_gen",
- ":microdroid_bootconfig_app_debuggable_src",
- ] + bootconfigs_arm64,
- out: ["microdroid_initrd_app_debuggable_arm64"],
- cmd: "$(location initrd_bootconfig) --output $(out) $(in)",
-}
-
-genrule {
- name: "microdroid_initrd_app_debuggable_x86_64",
- tools: ["initrd_bootconfig"],
- srcs: [
- ":microdroid_initrd_gen",
- ":microdroid_bootconfig_app_debuggable_src",
- ] + bootconfigs_x86_64,
- out: ["microdroid_initrd_app_debuggable_x86_64"],
- cmd: "$(location initrd_bootconfig) --output $(out) $(in)",
-}
-
-genrule {
name: "microdroid_initrd_normal_arm64",
tools: ["initrd_bootconfig"],
srcs: [
@@ -131,21 +109,6 @@
}
prebuilt_etc {
- name: "microdroid_initrd_app_debuggable",
- // We don't have ramdisk for architectures other than x86_64 & arm64
- src: "empty_file",
- arch: {
- x86_64: {
- src: ":microdroid_initrd_app_debuggable_x86_64",
- },
- arm64: {
- src: ":microdroid_initrd_app_debuggable_arm64",
- },
- },
- filename: "microdroid_initrd_app_debuggable.img",
-}
-
-prebuilt_etc {
name: "microdroid_initrd_normal",
// We don't have ramdisk for architectures other than x86_64 & arm64
src: "empty_file",
@@ -168,13 +131,6 @@
}
genrule {
- name: "microdroid_initrd_app_debuggable.sha256",
- srcs: [":microdroid_initrd_app_debuggable"],
- cmd: "cat $(in) | sha256sum | cut -d' ' -f1 > $(out)",
- out: ["hash"],
-}
-
-genrule {
name: "microdroid_initrd_full_debuggable.sha256",
srcs: [":microdroid_initrd_full_debuggable"],
cmd: "cat $(in) | sha256sum | cut -d' ' -f1 > $(out)",
@@ -185,7 +141,6 @@
name: "microdroid_initrd_hashes",
srcs: [
":microdroid_initrd_normal.sha256",
- ":microdroid_initrd_app_debuggable.sha256",
":microdroid_initrd_full_debuggable.sha256",
],
// join the hashes with commas
diff --git a/microdroid_manager/src/main.rs b/microdroid_manager/src/main.rs
index 0e45461..3c490f4 100644
--- a/microdroid_manager/src/main.rs
+++ b/microdroid_manager/src/main.rs
@@ -76,7 +76,7 @@
"/sys/firmware/devicetree/base/virtualization/guest/debug-microdroid,no-verified-boot";
const APEX_CONFIG_DONE_PROP: &str = "apex_config.done";
-const APP_DEBUGGABLE_PROP: &str = "ro.boot.microdroid.app_debuggable";
+const DEBUGGABLE_PROP: &str = "ro.boot.microdroid.debuggable";
const APK_MOUNT_DONE_PROP: &str = "microdroid_manager.apk.mounted";
// SYNC WITH virtualizationservice/src/crosvm.rs
@@ -167,7 +167,7 @@
fn main() -> Result<()> {
// If debuggable, print full backtrace to console log with stdio_to_kmsg
- if system_properties::read_bool(APP_DEBUGGABLE_PROP, true)? {
+ if system_properties::read_bool(DEBUGGABLE_PROP, true)? {
env::set_var("RUST_BACKTRACE", "full");
}
@@ -281,12 +281,12 @@
}
}
- // Check app debuggability, conervatively assuming it is debuggable
- let app_debuggable = system_properties::read_bool(APP_DEBUGGABLE_PROP, true)?;
+ // Check debuggability, conservatively assuming it is debuggable
+ let debuggable = system_properties::read_bool(DEBUGGABLE_PROP, true)?;
// Send the details to diced
let hidden = verified_data.salt.clone().try_into().unwrap();
- dice.derive(code_hash, &config_desc, authority_hash, app_debuggable, hidden)
+ dice.derive(code_hash, &config_desc, authority_hash, debuggable, hidden)
}
fn encode_tstr(tstr: &str, buffer: &mut Vec<u8>) -> Result<()> {
diff --git a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
index 35b9e61..cc1bbfd 100644
--- a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
+++ b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
@@ -18,7 +18,6 @@
import static android.system.virtualmachine.VirtualMachine.STATUS_DELETED;
import static android.system.virtualmachine.VirtualMachine.STATUS_RUNNING;
import static android.system.virtualmachine.VirtualMachine.STATUS_STOPPED;
-import static android.system.virtualmachine.VirtualMachineConfig.DEBUG_LEVEL_APP_ONLY;
import static android.system.virtualmachine.VirtualMachineConfig.DEBUG_LEVEL_FULL;
import static android.system.virtualmachine.VirtualMachineConfig.DEBUG_LEVEL_NONE;
@@ -474,15 +473,6 @@
@CddTest(requirements = {"9.17/C-1-1", "9.17/C-2-7"})
public void changingNonDebuggableVmDebuggableInvalidatesVmIdentity() throws Exception {
changeDebugLevel(DEBUG_LEVEL_NONE, DEBUG_LEVEL_FULL);
- changeDebugLevel(DEBUG_LEVEL_NONE, DEBUG_LEVEL_APP_ONLY);
- }
-
- @Test
- @CddTest(requirements = {"9.17/C-1-1", "9.17/C-2-7"})
- @Ignore("b/260067026")
- public void changingAppDebuggableVmFullyDebuggableInvalidatesVmIdentity() throws Exception {
- assume().withMessage("Skip for non-protected VM. b/239158757").that(mProtectedVm).isTrue();
- changeDebugLevel(DEBUG_LEVEL_APP_ONLY, DEBUG_LEVEL_FULL);
}
private void changeDebugLevel(int fromLevel, int toLevel) throws Exception {
diff --git a/virtualizationservice/aidl/android/system/virtualizationservice/VirtualMachineAppConfig.aidl b/virtualizationservice/aidl/android/system/virtualizationservice/VirtualMachineAppConfig.aidl
index e99757e..884561d 100644
--- a/virtualizationservice/aidl/android/system/virtualizationservice/VirtualMachineAppConfig.aidl
+++ b/virtualizationservice/aidl/android/system/virtualizationservice/VirtualMachineAppConfig.aidl
@@ -59,8 +59,6 @@
enum DebugLevel {
/** Not debuggable at all */
NONE,
- /** Only the logs from app is shown */
- APP_ONLY,
/**
* Fully debuggable. All logs are shown, kernel messages are shown, and adb shell is
* supported
diff --git a/virtualizationservice/src/payload.rs b/virtualizationservice/src/payload.rs
index f6e8a7b..f84cb86 100644
--- a/virtualizationservice/src/payload.rs
+++ b/virtualizationservice/src/payload.rs
@@ -405,7 +405,6 @@
) -> Result<()> {
let debug_suffix = match config.debugLevel {
DebugLevel::NONE => "normal",
- DebugLevel::APP_ONLY => "app_debuggable",
DebugLevel::FULL => "full_debuggable",
_ => return Err(anyhow!("unsupported debug level: {:?}", config.debugLevel)),
};
diff --git a/vm/src/main.rs b/vm/src/main.rs
index bc18fae..32b165b 100644
--- a/vm/src/main.rs
+++ b/vm/src/main.rs
@@ -85,7 +85,7 @@
#[clap(long)]
ramdump: Option<PathBuf>,
- /// Debug level of the VM. Supported values: "none" (default), "app_only", and "full".
+ /// Debug level of the VM. Supported values: "none" (default), and "full".
#[clap(long, default_value = "none", value_parser = parse_debug_level)]
debug: DebugLevel,
@@ -148,7 +148,7 @@
#[clap(long)]
ramdump: Option<PathBuf>,
- /// Debug level of the VM. Supported values: "none" (default), "app_only", and "full".
+ /// Debug level of the VM. Supported values: "none" (default), and "full".
#[clap(long, default_value = "full", value_parser = parse_debug_level)]
debug: DebugLevel,
@@ -233,7 +233,6 @@
fn parse_debug_level(s: &str) -> Result<DebugLevel, String> {
match s {
"none" => Ok(DebugLevel::NONE),
- "app_only" => Ok(DebugLevel::APP_ONLY),
"full" => Ok(DebugLevel::FULL),
_ => Err(format!("Invalid debug level {}", s)),
}