Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / d0ef400bd145dcde0fcab4bb9694cec51cbb7657 / . / compos / composd / src / instance_starter.rs
blob: 340e8b7135bcbafdac60373df02c22ff3781318b [file] [log] [blame]
Alan Stokes6b2d0a82021-09-29 11:30:39 +0100[diff] [blame]1/*
2 * Copyright (C) 2021 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17//! Responsible for validating and starting an existing instance of the CompOS VM, or creating and
18//! starting a new instance if necessary.
19
20use android_system_virtualizationservice::aidl::android::system::virtualizationservice::{
21 IVirtualizationService::IVirtualizationService, PartitionType::PartitionType,
22};
Alan Stokes6542fdd2022-02-17 15:21:46 +0000[diff] [blame]23use anyhow::{Context, Result};
Alan Stokes9ca14ca2021-10-20 14:25:57 +0100[diff] [blame]24use binder_common::lazy_service::LazyServiceGuard;
Alan Stokes6b2d0a82021-09-29 11:30:39 +0100[diff] [blame]25use compos_aidl_interface::aidl::com::android::compos::ICompOsService::ICompOsService;
26use compos_aidl_interface::binder::{ParcelFileDescriptor, Strong};
Andrew Walbrand0ef4002022-05-16 16:14:10 +0000[diff] [blame^]27use compos_common::compos_client::{ComposClient, VmParameters};
Alan Stokes6542fdd2022-02-17 15:21:46 +0000[diff] [blame]28use compos_common::{COMPOS_DATA_ROOT, IDSIG_FILE, IDSIG_MANIFEST_APK_FILE, INSTANCE_IMAGE_FILE};
29use log::info;
Alan Stokes6b2d0a82021-09-29 11:30:39 +0100[diff] [blame]30use std::fs;
31use std::path::{Path, PathBuf};
32
33pub struct CompOsInstance {
Alan Stokes9ca14ca2021-10-20 14:25:57 +0100[diff] [blame]34 service: Strong<dyn ICompOsService>,
Alan Stokes6b2d0a82021-09-29 11:30:39 +0100[diff] [blame]35 #[allow(dead_code)] // Keeps VirtualizationService & the VM alive
Andrew Walbrand0ef4002022-05-16 16:14:10 +0000[diff] [blame^]36 vm_instance: ComposClient,
Alan Stokes9ca14ca2021-10-20 14:25:57 +0100[diff] [blame]37 #[allow(dead_code)] // Keeps composd process alive
38 lazy_service_guard: LazyServiceGuard,
Alan Stokes6b2d0a82021-09-29 11:30:39 +0100[diff] [blame]39}
40
41impl CompOsInstance {
42 pub fn get_service(&self) -> Strong<dyn ICompOsService> {
43 self.service.clone()
44 }
45}
46
47pub struct InstanceStarter {
48 instance_name: String,
49 instance_root: PathBuf,
50 instance_image: PathBuf,
Jooyung Hanccae66d2021-12-20 11:54:36 +0900[diff] [blame]51 idsig: PathBuf,
Victor Hsieh0a5ab4b2022-01-05 11:45:52 -0800[diff] [blame]52 idsig_manifest_apk: PathBuf,
Alan Stokesd21764c2021-10-25 15:33:40 +0100[diff] [blame]53 vm_parameters: VmParameters,
Alan Stokes6b2d0a82021-09-29 11:30:39 +0100[diff] [blame]54}
55
56impl InstanceStarter {
Alan Stokesd21764c2021-10-25 15:33:40 +0100[diff] [blame]57 pub fn new(instance_name: &str, vm_parameters: VmParameters) -> Self {
Alan Stokes6b2d0a82021-09-29 11:30:39 +0100[diff] [blame]58 let instance_root = Path::new(COMPOS_DATA_ROOT).join(instance_name);
Jooyung Hanccae66d2021-12-20 11:54:36 +0900[diff] [blame]59 let instance_root_path = instance_root.as_path();
60 let instance_image = instance_root_path.join(INSTANCE_IMAGE_FILE);
61 let idsig = instance_root_path.join(IDSIG_FILE);
Victor Hsieh0a5ab4b2022-01-05 11:45:52 -0800[diff] [blame]62 let idsig_manifest_apk = instance_root_path.join(IDSIG_MANIFEST_APK_FILE);
Alan Stokes6b2d0a82021-09-29 11:30:39 +0100[diff] [blame]63 Self {
64 instance_name: instance_name.to_owned(),
65 instance_root,
66 instance_image,
Jooyung Hanccae66d2021-12-20 11:54:36 +0900[diff] [blame]67 idsig,
Victor Hsieh0a5ab4b2022-01-05 11:45:52 -0800[diff] [blame]68 idsig_manifest_apk,
Alan Stokesd21764c2021-10-25 15:33:40 +0100[diff] [blame]69 vm_parameters,
Alan Stokes6b2d0a82021-09-29 11:30:39 +0100[diff] [blame]70 }
71 }
72
Alan Stokes6542fdd2022-02-17 15:21:46 +0000[diff] [blame]73 pub fn start_new_instance(
Alan Stokes6b2d0a82021-09-29 11:30:39 +0100[diff] [blame]74 &self,
75 virtualization_service: &dyn IVirtualizationService,
76 ) -> Result<CompOsInstance> {
77 info!("Creating {} CompOs instance", self.instance_name);
78
79 // Ignore failure here - the directory may already exist.
80 let _ = fs::create_dir(&self.instance_root);
81
Alan Stokes6542fdd2022-02-17 15:21:46 +0000[diff] [blame]82 // Overwrite any existing instance - it's unlikely to be valid with the current set
83 // of APEXes, and finding out it isn't is much more expensive than creating a new one.
Alan Stokes6b2d0a82021-09-29 11:30:39 +0100[diff] [blame]84 self.create_instance_image(virtualization_service)?;
Alan Stokes6542fdd2022-02-17 15:21:46 +0000[diff] [blame]85
Victor Hsieh0a5ab4b2022-01-05 11:45:52 -0800[diff] [blame]86 // Delete existing idsig files. Ignore error in case idsig doesn't exist.
Jooyung Hanccae66d2021-12-20 11:54:36 +0900[diff] [blame]87 let _ = fs::remove_file(&self.idsig);
Victor Hsieh0a5ab4b2022-01-05 11:45:52 -0800[diff] [blame]88 let _ = fs::remove_file(&self.idsig_manifest_apk);
Alan Stokes6b2d0a82021-09-29 11:30:39 +0100[diff] [blame]89
Alan Stokes5430eca2022-03-21 14:02:09 +0000[diff] [blame]90 let instance = self.start_vm(virtualization_service)?;
91
92 // Retrieve the VM's attestation chain as a BCC and save it in the instance directory.
93 let bcc = instance.service.getAttestationChain().context("Getting attestation chain")?;
94 fs::write(self.instance_root.join("bcc"), bcc).context("Writing BCC")?;
95
96 Ok(instance)
Alan Stokes16e027f2021-10-04 17:57:31 +0100[diff] [blame]97 }
98
Alan Stokesd21764c2021-10-25 15:33:40 +0100[diff] [blame]99 fn start_vm(
100 &self,
101 virtualization_service: &dyn IVirtualizationService,
102 ) -> Result<CompOsInstance> {
Alan Stokes16e027f2021-10-04 17:57:31 +0100[diff] [blame]103 let instance_image = fs::OpenOptions::new()
104 .read(true)
105 .write(true)
106 .open(&self.instance_image)
107 .context("Failed to open instance image")?;
Andrew Walbrand0ef4002022-05-16 16:14:10 +0000[diff] [blame^]108 let vm_instance = ComposClient::start(
Jooyung Hanccae66d2021-12-20 11:54:36 +0900[diff] [blame]109 virtualization_service,
110 instance_image,
111 &self.idsig,
Victor Hsieh0a5ab4b2022-01-05 11:45:52 -0800[diff] [blame]112 &self.idsig_manifest_apk,
Jooyung Hanccae66d2021-12-20 11:54:36 +0900[diff] [blame]113 &self.vm_parameters,
114 )
115 .context("Starting VM")?;
Alan Stokes16e027f2021-10-04 17:57:31 +0100[diff] [blame]116 let service = vm_instance.get_service().context("Connecting to CompOS")?;
Alan Stokes9ca14ca2021-10-20 14:25:57 +0100[diff] [blame]117 Ok(CompOsInstance { vm_instance, service, lazy_service_guard: Default::default() })
Alan Stokes6b2d0a82021-09-29 11:30:39 +0100[diff] [blame]118 }
119
120 fn create_instance_image(
121 &self,
122 virtualization_service: &dyn IVirtualizationService,
123 ) -> Result<()> {
124 let instance_image = fs::OpenOptions::new()
125 .create(true)
Alan Stokes23b90ee2021-10-28 11:36:14 +0100[diff] [blame]126 .truncate(true)
Alan Stokes6b2d0a82021-09-29 11:30:39 +0100[diff] [blame]127 .read(true)
128 .write(true)
129 .open(&self.instance_image)
130 .context("Creating instance image file")?;
131 let instance_image = ParcelFileDescriptor::new(instance_image);
132 // TODO: Where does this number come from?
133 let size = 10 * 1024 * 1024;
134 virtualization_service
135 .initializeWritablePartition(&instance_image, size, PartitionType::ANDROID_VM_INSTANCE)
136 .context("Writing instance image file")?;
137 Ok(())
138 }
Alan Stokes6b2d0a82021-09-29 11:30:39 +0100[diff] [blame]139}