Add diced.microdroid
diced.microdroid is diced built for microdroid. The only difference is
that it's built with `bootstrap: true` so that it can start early when
APEXes are not activated.
Previously, diced was started after APEXes are activated. However, it
actually has to be started before because microdroid_manager depends on
diced to get the per-VM secret that it uses to decrypt the instance disk
where the list of APEXes to be activated is stored.
Bug: 214231981
Test: run microdroid
Change-Id: I74767667b0fa3a5c83c3b62f591b7f5a862791f7
diff --git a/diced/Android.bp b/diced/Android.bp
index 525828e..e13d863 100644
--- a/diced/Android.bp
+++ b/diced/Android.bp
@@ -138,6 +138,24 @@
init_rc: ["diced.rc"],
}
+rust_binary {
+ name: "diced.microdroid",
+ srcs: ["src/diced_main.rs"],
+ prefer_rlib: true,
+ rustlibs: [
+ "android.hardware.security.dice-V1-rust",
+ "libandroid_logger",
+ "libbinder_rs",
+ "libdiced",
+ "libdiced_open_dice_cbor",
+ "libdiced_sample_inputs",
+ "libdiced_utils",
+ "liblog_rust",
+ ],
+ init_rc: ["diced.microdroid.rc"],
+ bootstrap: true,
+}
+
rust_test {
name: "diced_test",
crate_name: "diced_test",
diff --git a/diced/diced.microdroid.rc b/diced/diced.microdroid.rc
new file mode 100644
index 0000000..2226f47
--- /dev/null
+++ b/diced/diced.microdroid.rc
@@ -0,0 +1,13 @@
+# Start the Diced service.
+#
+# See system/core/init/README.md for information on the init.rc language.
+
+service diced /system/bin/diced.microdroid
+ class main
+ user diced
+ group diced
+ # The diced service must not be allowed to restart.
+ # If it crashes for any reason security critical state is lost.
+ # The only remedy is to restart the device.
+ oneshot
+ writepid /dev/cpuset/foreground/tasks