Add diced.microdroid diced.microdroid is diced built for microdroid. The only difference is that it's built with `bootstrap: true` so that it can start early when APEXes are not activated. Previously, diced was started after APEXes are activated. However, it actually has to be started before because microdroid_manager depends on diced to get the per-VM secret that it uses to decrypt the instance disk where the list of APEXes to be activated is stored. Bug: 214231981 Test: run microdroid Change-Id: I74767667b0fa3a5c83c3b62f591b7f5a862791f7

commit: a4c669c409a1691c05187038139d81090f252fae [log] [tgz]
author: Jiyong Park <jiyong@google.com> Fri Jan 21 12:50:12 2022 +0900
committer: Jiyong Park <jiyong@google.com> Fri Jan 21 12:50:12 2022 +0900
tree: 7ae6215d4b9f4d1c272d3eef3d6b89dc9d057232
parent: 5b3de84318dc6b88f9bbfa8a6b412b21fa31ae58 [diff] [blame]
diff --git a/diced/diced.microdroid.rc b/diced/diced.microdroid.rc
new file mode 100644
index 0000000..2226f47
--- /dev/null
+++ b/diced/diced.microdroid.rc

@@ -0,0 +1,13 @@
+# Start the Diced service.
+#
+# See system/core/init/README.md for information on the init.rc language.
+
+service diced /system/bin/diced.microdroid
+    class main
+    user diced
+    group diced
+    # The diced service must not be allowed to restart.
+    # If it crashes for any reason security critical state is lost.
+    # The only remedy is to restart the device.
+    oneshot
+    writepid /dev/cpuset/foreground/tasks
commit	a4c669c409a1691c05187038139d81090f252fae	[log] [tgz]
author	Jiyong Park <jiyong@google.com>	Fri Jan 21 12:50:12 2022 +0900
committer	Jiyong Park <jiyong@google.com>	Fri Jan 21 12:50:12 2022 +0900
tree	7ae6215d4b9f4d1c272d3eef3d6b89dc9d057232
parent	5b3de84318dc6b88f9bbfa8a6b412b21fa31ae58 [diff] [blame]