| David Brazdil | 1f53070 | 2022-10-03 12:18:10 +0100 | [diff] [blame] | 1 | // Copyright 2022, The Android Open Source Project |
| 2 | // |
| 3 | // Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | // you may not use this file except in compliance with the License. |
| 5 | // You may obtain a copy of the License at |
| 6 | // |
| 7 | // http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | // |
| 9 | // Unless required by applicable law or agreed to in writing, software |
| 10 | // distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | // See the License for the specific language governing permissions and |
| 13 | // limitations under the License. |
| 14 | |
| 15 | //! Android Virtualization Manager |
| 16 | |
| 17 | mod aidl; |
| 18 | mod atom; |
| 19 | mod composite; |
| 20 | mod crosvm; |
| 21 | mod payload; |
| 22 | mod selinux; |
| 23 | |
| 24 | use crate::aidl::VirtualizationService; |
| 25 | use android_system_virtualizationservice::aidl::android::system::virtualizationservice::IVirtualizationService::BnVirtualizationService; |
| 26 | use anyhow::{bail, Context}; |
| 27 | use binder::BinderFeatures; |
| 28 | use lazy_static::lazy_static; |
| 29 | use log::{info, Level}; |
| 30 | use rpcbinder::{FileDescriptorTransportMode, RpcServer}; |
| 31 | use std::os::unix::io::{FromRawFd, OwnedFd, RawFd}; |
| 32 | use clap::Parser; |
| 33 | use nix::unistd::{Pid, Uid}; |
| 34 | use std::os::unix::raw::{pid_t, uid_t}; |
| 35 | |
| 36 | const LOG_TAG: &str = "virtmgr"; |
| 37 | |
| 38 | lazy_static! { |
| 39 | static ref PID_PARENT: Pid = Pid::parent(); |
| 40 | static ref UID_CURRENT: Uid = Uid::current(); |
| 41 | } |
| 42 | |
| 43 | fn get_calling_pid() -> pid_t { |
| 44 | // The caller is the parent of this process. |
| 45 | PID_PARENT.as_raw() |
| 46 | } |
| 47 | |
| 48 | fn get_calling_uid() -> uid_t { |
| 49 | // The caller and this process share the same UID. |
| 50 | UID_CURRENT.as_raw() |
| 51 | } |
| 52 | |
| 53 | #[derive(Parser)] |
| 54 | struct Args { |
| 55 | /// File descriptor inherited from the caller to run RpcBinder server on. |
| 56 | /// This should be one end of a socketpair() compatible with RpcBinder's |
| 57 | /// UDS bootstrap transport. |
| 58 | #[clap(long)] |
| 59 | rpc_server_fd: RawFd, |
| 60 | /// File descriptor inherited from the caller to signal RpcBinder server |
| 61 | /// readiness. This should be one end of pipe() and the caller should be |
| 62 | /// waiting for HUP on the other end. |
| 63 | #[clap(long)] |
| 64 | ready_fd: RawFd, |
| 65 | } |
| 66 | |
| 67 | fn take_fd_ownership(raw_fd: RawFd, owned_fds: &mut Vec<RawFd>) -> Result<OwnedFd, anyhow::Error> { |
| 68 | // Basic check that the integer value does correspond to a file descriptor. |
| 69 | nix::fcntl::fcntl(raw_fd, nix::fcntl::F_GETFD) |
| 70 | .with_context(|| format!("Invalid file descriptor {raw_fd}"))?; |
| 71 | |
| 72 | // Creating OwnedFd for stdio FDs is not safe. |
| 73 | if [libc::STDIN_FILENO, libc::STDOUT_FILENO, libc::STDERR_FILENO].contains(&raw_fd) { |
| 74 | bail!("File descriptor {raw_fd} is standard I/O descriptor"); |
| 75 | } |
| 76 | |
| 77 | // Reject RawFds that already have a corresponding OwnedFd. |
| 78 | if owned_fds.contains(&raw_fd) { |
| 79 | bail!("File descriptor {raw_fd} already owned"); |
| 80 | } |
| 81 | owned_fds.push(raw_fd); |
| 82 | |
| 83 | // SAFETY - Initializing OwnedFd for a RawFd provided in cmdline arguments. |
| 84 | // We checked that the integer value corresponds to a valid FD and that this |
| 85 | // is the first argument to claim its ownership. |
| 86 | Ok(unsafe { OwnedFd::from_raw_fd(raw_fd) }) |
| 87 | } |
| 88 | |
| 89 | fn main() { |
| 90 | android_logger::init_once( |
| 91 | android_logger::Config::default() |
| 92 | .with_tag(LOG_TAG) |
| 93 | .with_min_level(Level::Info) |
| 94 | .with_log_id(android_logger::LogId::System), |
| 95 | ); |
| 96 | |
| 97 | let args = Args::parse(); |
| 98 | |
| 99 | let mut owned_fds = vec![]; |
| 100 | let rpc_server_fd = take_fd_ownership(args.rpc_server_fd, &mut owned_fds) |
| 101 | .expect("Failed to take ownership of rpc_server_fd"); |
| 102 | let ready_fd = take_fd_ownership(args.ready_fd, &mut owned_fds) |
| 103 | .expect("Failed to take ownership of ready_fd"); |
| 104 | |
| 105 | let service = VirtualizationService::init(); |
| 106 | let service = |
| 107 | BnVirtualizationService::new_binder(service, BinderFeatures::default()).as_binder(); |
| 108 | |
| 109 | let server = RpcServer::new_unix_domain_bootstrap(service, rpc_server_fd) |
| 110 | .expect("Failed to start RpcServer"); |
| 111 | server.set_supported_file_descriptor_transport_modes(&[FileDescriptorTransportMode::Unix]); |
| 112 | |
| 113 | info!("Started VirtualizationService RpcServer. Ready to accept connections"); |
| 114 | |
| 115 | // Signal readiness to the caller by closing our end of the pipe. |
| 116 | drop(ready_fd); |
| 117 | |
| 118 | server.join(); |
| 119 | info!("Shutting down VirtualizationService RpcServer"); |
| 120 | } |