Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 126fd511eb22867694aa8865589e6ec7b75278c5 / . / compos / src / compsvc.rs
blob: 0d32841fe2927d61368cfcc7363f7db1a48c3606 [file] [log] [blame]
Victor Hsieh272aa242021-02-01 14:19:20 -0800[diff] [blame]1/*
2 * Copyright (C) 2021 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Victor Hsieh51789de2021-08-06 16:50:49 -0700[diff] [blame]17//! compsvc is a service to run compilation tasks in a PVM upon request. It is able to set up
Victor Hsiehebb1d902021-08-06 13:00:18 -0700[diff] [blame]18//! file descriptors backed by authfs (via authfs_service) and pass the file descriptors to the
Victor Hsieh51789de2021-08-06 16:50:49 -0700[diff] [blame]19//! actual compiler.
Victor Hsieh272aa242021-02-01 14:19:20 -0800[diff] [blame]20
Alan Stokes126fd512021-12-16 15:00:01 +0000[diff] [blame^]21use anyhow::{Context, Result};
Alan Stokes3189af02021-09-30 17:51:19 +0100[diff] [blame]22use binder_common::new_binder_exception;
Alan Stokes126fd512021-12-16 15:00:01 +0000[diff] [blame^]23use compos_common::binder::to_binder_result;
Victor Hsieh9ed27182021-08-25 15:52:42 -0700[diff] [blame]24use log::warn;
25use std::default::Default;
Victor Hsieh18775b12021-10-12 17:42:48 -0700[diff] [blame]26use std::env;
Victor Hsieh51789de2021-08-06 16:50:49 -0700[diff] [blame]27use std::path::PathBuf;
Alan Stokes183d7d32021-12-08 16:10:45 +0000[diff] [blame]28use std::sync::RwLock;
Victor Hsieh272aa242021-02-01 14:19:20 -0800[diff] [blame]29
Alan Stokes46a1dff2021-12-14 10:56:05 +0000[diff] [blame]30use crate::compilation::{compile_cmd, odrefresh, CompilerOutput, OdrefreshContext};
31use crate::compos_key_service::{CompOsKeyService, Signer};
Victor Hsieh9ed27182021-08-25 15:52:42 -0700[diff] [blame]32use crate::fsverity;
Victor Hsieh51789de2021-08-06 16:50:49 -0700[diff] [blame]33use authfs_aidl_interface::aidl::com::android::virt::fs::IAuthFsService::IAuthFsService;
Victor Hsieh23f73592021-08-06 18:08:24 -0700[diff] [blame]34use compos_aidl_interface::aidl::com::android::compos::{
35 CompOsKeyData::CompOsKeyData,
Victor Hsieh9ed27182021-08-25 15:52:42 -0700[diff] [blame]36 CompilationResult::CompilationResult,
Victor Hsieh13333e82021-09-03 15:17:32 -0700[diff] [blame]37 FdAnnotation::FdAnnotation,
Victor Hsieh23f73592021-08-06 18:08:24 -0700[diff] [blame]38 ICompOsService::{BnCompOsService, ICompOsService},
Victor Hsieh272aa242021-02-01 14:19:20 -0800[diff] [blame]39};
Victor Hsieh272aa242021-02-01 14:19:20 -0800[diff] [blame]40use compos_aidl_interface::binder::{
Alan Stokes3189af02021-09-30 17:51:19 +0100[diff] [blame]41 BinderFeatures, ExceptionCode, Interface, Result as BinderResult, Strong,
Victor Hsieh272aa242021-02-01 14:19:20 -0800[diff] [blame]42};
Alan Stokes46a1dff2021-12-14 10:56:05 +0000[diff] [blame]43use compos_common::odrefresh::ODREFRESH_PATH;
Victor Hsieh272aa242021-02-01 14:19:20 -0800[diff] [blame]44
Victor Hsiehebb1d902021-08-06 13:00:18 -0700[diff] [blame]45const AUTHFS_SERVICE_NAME: &str = "authfs_service";
Victor Hsieh51789de2021-08-06 16:50:49 -0700[diff] [blame]46const DEX2OAT_PATH: &str = "/apex/com.android.art/bin/dex2oat64";
Alan Stokes9e2c5d52021-07-21 11:29:10 +0100[diff] [blame]47
Victor Hsieha64194b2021-08-06 17:43:36 -0700[diff] [blame]48/// Constructs a binder object that implements ICompOsService.
Victor Hsieh9ebf7ee2021-09-03 16:14:14 -0700[diff] [blame]49pub fn new_binder() -> Result<Strong<dyn ICompOsService>> {
Victor Hsieh23f73592021-08-06 18:08:24 -0700[diff] [blame]50 let service = CompOsService {
51 dex2oat_path: PathBuf::from(DEX2OAT_PATH),
Victor Hsiehf9968692021-11-18 11:34:39 -0800[diff] [blame]52 odrefresh_path: PathBuf::from(ODREFRESH_PATH),
Victor Hsieh9ebf7ee2021-09-03 16:14:14 -0700[diff] [blame]53 key_service: CompOsKeyService::new()?,
Alan Stokes183d7d32021-12-08 16:10:45 +0000[diff] [blame]54 key_blob: RwLock::new(Vec::new()),
Victor Hsieh23f73592021-08-06 18:08:24 -0700[diff] [blame]55 };
Victor Hsieha64194b2021-08-06 17:43:36 -0700[diff] [blame]56 Ok(BnCompOsService::new_binder(service, BinderFeatures::default()))
Alan Stokes9e2c5d52021-07-21 11:29:10 +0100[diff] [blame]57}
58
Victor Hsieha64194b2021-08-06 17:43:36 -0700[diff] [blame]59struct CompOsService {
Victor Hsieh51789de2021-08-06 16:50:49 -0700[diff] [blame]60 dex2oat_path: PathBuf,
Victor Hsiehf9968692021-11-18 11:34:39 -0800[diff] [blame]61 odrefresh_path: PathBuf,
Victor Hsieha64194b2021-08-06 17:43:36 -0700[diff] [blame]62 key_service: CompOsKeyService,
Alan Stokes183d7d32021-12-08 16:10:45 +0000[diff] [blame]63 key_blob: RwLock<Vec<u8>>,
Victor Hsieh272aa242021-02-01 14:19:20 -0800[diff] [blame]64}
65
Victor Hsieh9ed27182021-08-25 15:52:42 -0700[diff] [blame]66impl CompOsService {
67 fn generate_raw_fsverity_signature(
68 &self,
Victor Hsieh9ed27182021-08-25 15:52:42 -0700[diff] [blame]69 fsverity_digest: &fsverity::Sha256Digest,
Alan Stokes46a1dff2021-12-14 10:56:05 +0000[diff] [blame]70 ) -> BinderResult<Vec<u8>> {
Victor Hsieh9ed27182021-08-25 15:52:42 -0700[diff] [blame]71 let formatted_digest = fsverity::to_formatted_digest(fsverity_digest);
Alan Stokes126fd512021-12-16 15:00:01 +0000[diff] [blame^]72 to_binder_result(self.new_signer()?.sign(&formatted_digest[..]))
Alan Stokes46a1dff2021-12-14 10:56:05 +0000[diff] [blame]73 }
74
75 fn new_signer(&self) -> BinderResult<Signer> {
76 let key = &*self.key_blob.read().unwrap();
77 if key.is_empty() {
78 Err(new_binder_exception(ExceptionCode::ILLEGAL_STATE, "Key is not initialized"))
79 } else {
80 Ok(self.key_service.new_signer(key))
81 }
Victor Hsieh9ed27182021-08-25 15:52:42 -0700[diff] [blame]82 }
83}
84
Victor Hsieha64194b2021-08-06 17:43:36 -0700[diff] [blame]85impl Interface for CompOsService {}
Victor Hsieh272aa242021-02-01 14:19:20 -0800[diff] [blame]86
Victor Hsieha64194b2021-08-06 17:43:36 -0700[diff] [blame]87impl ICompOsService for CompOsService {
Victor Hsieh8fd03f02021-08-24 17:23:01 -0700[diff] [blame]88 fn initializeSigningKey(&self, key_blob: &[u8]) -> BinderResult<()> {
89 let mut w = self.key_blob.write().unwrap();
90 if w.is_empty() {
91 *w = Vec::from(key_blob);
92 Ok(())
93 } else {
94 Err(new_binder_exception(ExceptionCode::ILLEGAL_STATE, "Cannot re-initialize the key"))
95 }
96 }
97
Victor Hsieh18775b12021-10-12 17:42:48 -0700[diff] [blame]98 fn initializeClasspaths(
99 &self,
100 boot_classpath: &str,
101 dex2oat_boot_classpath: &str,
Victor Hsieh64290a52021-11-17 13:34:46 -0800[diff] [blame]102 system_server_classpath: &str,
Victor Hsieh18775b12021-10-12 17:42:48 -0700[diff] [blame]103 ) -> BinderResult<()> {
104 // TODO(198211396): Implement correctly.
105 env::set_var("BOOTCLASSPATH", boot_classpath);
106 env::set_var("DEX2OATBOOTCLASSPATH", dex2oat_boot_classpath);
Victor Hsieh64290a52021-11-17 13:34:46 -0800[diff] [blame]107 env::set_var("SYSTEMSERVERCLASSPATH", system_server_classpath);
Victor Hsieh18775b12021-10-12 17:42:48 -0700[diff] [blame]108 Ok(())
109 }
110
Victor Hsiehf9968692021-11-18 11:34:39 -0800[diff] [blame]111 fn odrefresh(
112 &self,
113 system_dir_fd: i32,
114 output_dir_fd: i32,
Alan Stokes9646db92021-12-14 13:22:33 +0000[diff] [blame]115 staging_dir_fd: i32,
116 target_dir_name: &str,
Victor Hsiehf9968692021-11-18 11:34:39 -0800[diff] [blame]117 zygote_arch: &str,
Alan Stokes9646db92021-12-14 13:22:33 +0000[diff] [blame]118 ) -> BinderResult<i8> {
Alan Stokes126fd512021-12-16 15:00:01 +0000[diff] [blame^]119 let context = to_binder_result(OdrefreshContext::new(
Victor Hsiehf9968692021-11-18 11:34:39 -0800[diff] [blame]120 system_dir_fd,
121 output_dir_fd,
Alan Stokes9646db92021-12-14 13:22:33 +0000[diff] [blame]122 staging_dir_fd,
Alan Stokes46a1dff2021-12-14 10:56:05 +0000[diff] [blame]123 target_dir_name,
Victor Hsiehf9968692021-11-18 11:34:39 -0800[diff] [blame]124 zygote_arch,
Alan Stokes126fd512021-12-16 15:00:01 +0000[diff] [blame^]125 ))?;
Alan Stokes46a1dff2021-12-14 10:56:05 +0000[diff] [blame]126
127 let authfs_service = get_authfs_service()?;
Alan Stokes126fd512021-12-16 15:00:01 +0000[diff] [blame^]128 let exit_code = to_binder_result(
129 odrefresh(&self.odrefresh_path, context, authfs_service, self.new_signer()?)
130 .context("odrefresh failed"),
131 )?;
Alan Stokes46a1dff2021-12-14 10:56:05 +0000[diff] [blame]132 Ok(exit_code as i8)
Victor Hsiehf9968692021-11-18 11:34:39 -0800[diff] [blame]133 }
134
Victor Hsieh3c044c42021-10-01 17:17:10 -0700[diff] [blame]135 fn compile_cmd(
Victor Hsieh13333e82021-09-03 15:17:32 -0700[diff] [blame]136 &self,
137 args: &[String],
138 fd_annotation: &FdAnnotation,
139 ) -> BinderResult<CompilationResult> {
Victor Hsieh51789de2021-08-06 16:50:49 -0700[diff] [blame]140 let authfs_service = get_authfs_service()?;
Alan Stokes126fd512021-12-16 15:00:01 +0000[diff] [blame^]141 let output = to_binder_result(
142 compile_cmd(&self.dex2oat_path, args, authfs_service, fd_annotation)
143 .context("Compilation failed"),
144 )?;
Victor Hsieh6e340382021-08-13 12:18:02 -0700[diff] [blame]145 match output {
146 CompilerOutput::Digests { oat, vdex, image } => {
Alan Stokes46a1dff2021-12-14 10:56:05 +0000[diff] [blame]147 let oat_signature = self.generate_raw_fsverity_signature(&oat)?;
148 let vdex_signature = self.generate_raw_fsverity_signature(&vdex)?;
149 let image_signature = self.generate_raw_fsverity_signature(&image)?;
150 Ok(CompilationResult {
151 exitCode: 0,
152 oatSignature: oat_signature,
153 vdexSignature: vdex_signature,
154 imageSignature: image_signature,
155 })
Victor Hsieh6e340382021-08-13 12:18:02 -0700[diff] [blame]156 }
Victor Hsieh9ed27182021-08-25 15:52:42 -0700[diff] [blame]157 CompilerOutput::ExitCode(exit_code) => {
158 Ok(CompilationResult { exitCode: exit_code, ..Default::default() })
159 }
Victor Hsieh6e340382021-08-13 12:18:02 -0700[diff] [blame]160 }
Victor Hsieh272aa242021-02-01 14:19:20 -0800[diff] [blame]161 }
Victor Hsieh23f73592021-08-06 18:08:24 -0700[diff] [blame]162
Victor Hsieh3c044c42021-10-01 17:17:10 -0700[diff] [blame]163 fn compile(&self, _marshaled: &[u8], _fd_annotation: &FdAnnotation) -> BinderResult<i8> {
164 Err(new_binder_exception(ExceptionCode::UNSUPPORTED_OPERATION, "Not yet implemented"))
165 }
166
Victor Hsieh23f73592021-08-06 18:08:24 -0700[diff] [blame]167 fn generateSigningKey(&self) -> BinderResult<CompOsKeyData> {
Alan Stokes126fd512021-12-16 15:00:01 +0000[diff] [blame^]168 to_binder_result(self.key_service.generate())
Victor Hsieh23f73592021-08-06 18:08:24 -0700[diff] [blame]169 }
170
171 fn verifySigningKey(&self, key_blob: &[u8], public_key: &[u8]) -> BinderResult<bool> {
Alan Stokes183d7d32021-12-08 16:10:45 +0000[diff] [blame]172 Ok(if let Err(e) = self.key_service.verify(key_blob, public_key) {
Alan Stokes126fd512021-12-16 15:00:01 +0000[diff] [blame^]173 warn!("Signing key verification failed: {:?}", e);
Victor Hsieh23f73592021-08-06 18:08:24 -0700[diff] [blame]174 false
175 } else {
176 true
177 })
178 }
179
Victor Hsieh8fd03f02021-08-24 17:23:01 -0700[diff] [blame]180 fn sign(&self, data: &[u8]) -> BinderResult<Vec<u8>> {
Alan Stokes126fd512021-12-16 15:00:01 +0000[diff] [blame^]181 to_binder_result(self.new_signer()?.sign(data))
Victor Hsieh23f73592021-08-06 18:08:24 -0700[diff] [blame]182 }
Victor Hsieh272aa242021-02-01 14:19:20 -0800[diff] [blame]183}
Victor Hsiehebb1d902021-08-06 13:00:18 -0700[diff] [blame]184
185fn get_authfs_service() -> BinderResult<Strong<dyn IAuthFsService>> {
186 Ok(authfs_aidl_interface::binder::get_interface(AUTHFS_SERVICE_NAME)?)
187}