blob: 8acfdd38ddfdc7e1e9b526a4f9c992d9d20f709d [file] [log] [blame]
Andrew Walbranb12a43e2020-11-10 14:22:42 +00001// Copyright 2021, The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
Andrew Walbranf6bf6862021-05-21 12:41:13 +000015//! Android VirtualizationService
Andrew Walbranb12a43e2020-11-10 14:22:42 +000016
David Brazdil33a31022023-01-12 16:55:16 +000017mod aidl;
18mod atom;
Alan Stokesea1f0462024-02-19 16:25:47 +000019mod maintenance;
Alice Wang15f6d082023-08-25 09:11:07 +000020mod remote_provisioning;
Alice Wangc2fec932023-02-23 16:24:02 +000021mod rkpvm;
Andrew Walbrand6dce6f2021-03-05 16:39:08 +000022
Alan Stokes72820a92024-05-13 13:38:50 +010023use crate::aidl::{remove_temporary_dir, VirtualizationServiceInternal, TEMPORARY_DIRECTORY};
Jiyong Park6c60fea2022-10-24 16:10:01 +090024use android_logger::{Config, FilterBuilder};
Alan Stokes72820a92024-05-13 13:38:50 +010025use android_system_virtualizationmaintenance::aidl::android::system::virtualizationmaintenance;
26use android_system_virtualizationservice_internal::aidl::android::system::virtualizationservice_internal;
Alan Stokesea1f0462024-02-19 16:25:47 +000027use anyhow::{bail, Context, Error, Result};
David Drysdale79af2662024-02-19 14:50:31 +000028use binder::{register_lazy_service, BinderFeatures, ProcessState, ThreadState};
Alan Stokesea1f0462024-02-19 16:25:47 +000029use log::{error, info, LevelFilter};
Seungjae Yoo9d3c20a2023-09-07 15:36:44 +090030use std::fs::{create_dir, read_dir};
David Brazdil1f530702022-10-03 12:18:10 +010031use std::os::unix::raw::{pid_t, uid_t};
Seungjae Yoo9d3c20a2023-09-07 15:36:44 +090032use std::path::Path;
Alan Stokes72820a92024-05-13 13:38:50 +010033use virtualizationmaintenance::IVirtualizationMaintenance::BnVirtualizationMaintenance;
34use virtualizationservice_internal::IVirtualizationServiceInternal::BnVirtualizationServiceInternal;
Andrew Walbranb12a43e2020-11-10 14:22:42 +000035
Andrew Walbranf6bf6862021-05-21 12:41:13 +000036const LOG_TAG: &str = "VirtualizationService";
Alice Wangbff017f2023-11-09 14:43:28 +000037pub(crate) const REMOTELY_PROVISIONED_COMPONENT_SERVICE_NAME: &str =
Alice Wangb5b90322023-11-14 07:38:18 +000038 "android.hardware.security.keymint.IRemotelyProvisionedComponent/avf";
Alan Stokesea1f0462024-02-19 16:25:47 +000039const INTERNAL_SERVICE_NAME: &str = "android.system.virtualizationservice";
40const MAINTENANCE_SERVICE_NAME: &str = "android.system.virtualizationmaintenance";
Andrew Walbranbf1fb042021-03-15 16:54:09 +000041
David Brazdil1f530702022-10-03 12:18:10 +010042fn get_calling_pid() -> pid_t {
43 ThreadState::get_calling_pid()
44}
45
46fn get_calling_uid() -> uid_t {
47 ThreadState::get_calling_uid()
48}
49
Andrew Walbranb12a43e2020-11-10 14:22:42 +000050fn main() {
Alan Stokesea1f0462024-02-19 16:25:47 +000051 if let Err(e) = try_main() {
52 error!("failed with {e:?}");
53 std::process::exit(1);
54 }
55}
56
57fn try_main() -> Result<()> {
Andrew Walbran0909bc52021-03-17 12:11:56 +000058 android_logger::init_once(
Jiyong Park6c60fea2022-10-24 16:10:01 +090059 Config::default()
Alan Stokes9c069a42022-02-25 16:10:23 +000060 .with_tag(LOG_TAG)
Jeff Vander Stoep57da1572024-01-31 10:52:16 +010061 .with_max_level(LevelFilter::Info)
62 .with_log_buffer(android_logger::LogId::System)
Jiyong Park6c60fea2022-10-24 16:10:01 +090063 .with_filter(
64 // Reduce logspam by silencing logs from the disk crate which don't provide much
65 // information to us.
66 FilterBuilder::new().parse("info,disk=off").build(),
67 ),
Andrew Walbran0909bc52021-03-17 12:11:56 +000068 );
Andrew Walbranbf1fb042021-03-15 16:54:09 +000069
Alan Stokesea1f0462024-02-19 16:25:47 +000070 clear_temporary_files().context("Failed to delete old temporary files")?;
Andrew Walbran488bd072021-07-14 13:29:51 +000071
Seungjae Yoo9d3c20a2023-09-07 15:36:44 +090072 let common_dir_path = Path::new(TEMPORARY_DIRECTORY).join("common");
Alan Stokesea1f0462024-02-19 16:25:47 +000073 create_dir(common_dir_path).context("Failed to create common directory")?;
Seungjae Yoo9d3c20a2023-09-07 15:36:44 +090074
Alice Wangc206b9b2023-08-28 14:13:51 +000075 ProcessState::start_thread_pool();
David Drysdale79af2662024-02-19 14:50:31 +000076
77 // One instance of `VirtualizationServiceInternal` implements both the internal interface
78 // and (optionally) the maintenance interface.
79 let service = VirtualizationServiceInternal::init();
80 let internal_service =
81 BnVirtualizationServiceInternal::new_binder(service.clone(), BinderFeatures::default());
82 register(INTERNAL_SERVICE_NAME, internal_service)?;
Alice Wang15f6d082023-08-25 09:11:07 +000083
Alice Wangb5b90322023-11-14 07:38:18 +000084 if cfg!(remote_attestation) {
85 // The IRemotelyProvisionedComponent service is only supposed to be triggered by rkpd for
86 // RKP VM attestation.
David Drysdale79af2662024-02-19 14:50:31 +000087 let remote_provisioning_service = remote_provisioning::new_binder();
88 register(REMOTELY_PROVISIONED_COMPONENT_SERVICE_NAME, remote_provisioning_service)?;
Alan Stokesea1f0462024-02-19 16:25:47 +000089 }
90
91 if cfg!(llpvm_changes) {
David Drysdale79af2662024-02-19 14:50:31 +000092 let maintenance_service =
93 BnVirtualizationMaintenance::new_binder(service.clone(), BinderFeatures::default());
94 register(MAINTENANCE_SERVICE_NAME, maintenance_service)?;
Alice Wangb5b90322023-11-14 07:38:18 +000095 }
Alice Wang15f6d082023-08-25 09:11:07 +000096
Andrew Walbrand6dce6f2021-03-05 16:39:08 +000097 ProcessState::join_thread_pool();
Alan Stokesea1f0462024-02-19 16:25:47 +000098 bail!("Thread pool unexpectedly ended");
99}
100
101fn register<T: binder::FromIBinder + ?Sized>(name: &str, service: binder::Strong<T>) -> Result<()> {
102 register_lazy_service(name, service.as_binder())
103 .with_context(|| format!("Failed to register {name}"))?;
104 info!("Registered Binder service {name}.");
105 Ok(())
Andrew Walbranb12a43e2020-11-10 14:22:42 +0000106}
Andrew Walbran488bd072021-07-14 13:29:51 +0000107
108/// Remove any files under `TEMPORARY_DIRECTORY`.
109fn clear_temporary_files() -> Result<(), Error> {
110 for dir_entry in read_dir(TEMPORARY_DIRECTORY)? {
David Brazdil4b4c5102022-12-19 22:56:20 +0000111 remove_temporary_dir(&dir_entry?.path())?
Andrew Walbran488bd072021-07-14 13:29:51 +0000112 }
113 Ok(())
114}