pa-fazil
/
android_packages_modules_Virtualization
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Prepare diced before microdroid_manager runs 

microdroid_manager needs to access diced to get the per-VM secret that
it uses to encrypt/decrypt the instance disk. This is not trivial
because previously diced (and servicemanager it depends on) were not
bootstrap processes, which means they can start only after APEXes are
activated. However, microdroid_manager can't do that before the instance
disk is decrypted. So, there's a circular dependency between
microdroid_manager and diced.

This CL fixes the issue by making diced and servicemanager bootstrap
processes. They now can start before APEXes are activated. The start of
microdroid_manager is moved to after diced.

Bug: 214231981
Test: run microdroid

Change-Id: I8ada5324000f9731a5709982fbb45cbf101f94c6
This commit is contained in:
Jiyong Park 2022-01-21 12:54:57 +09:00
parent 7930ef8847
commit c516684a63
2 changed files with 26 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
microdroid/Android.bp
View File

@ -72,11 +72,11 @@ android_system_image {
"apexd",
"debuggerd",
"diced",
"diced.microdroid",
"keystore2_microdroid",
"linker",
"linkerconfig",
"servicemanager",
"servicemanager.microdroid",
"tombstoned",
"cgroups.json",
"public.libraries.android.txt",

50
microdroid/init.rc
View File

@ -17,25 +17,6 @@ on early-init
start ueventd
mkdir /mnt/apk 0755 system system
mkdir /mnt/extra-apk 0755 root root
# Microdroid_manager starts apkdmverity/zipfuse/apexd
start microdroid_manager
# restorecon so microdroid_manager can create subdirectories
restorecon /mnt/extra-apk
# Wait for apexd to finish activating APEXes before starting more processes.
wait_for_prop apexd.status activated
perform_apex_config
# Notify to microdroid_manager that perform_apex_config is done.
# Microdroid_manager shouldn't execute payload before this, because app
# payloads are not designed to run with bootstrap bionic
setprop apex_config.done true
setprop ro.debuggable ${ro.boot.microdroid.debuggable:-0}
on init
# Mount binderfs
mkdir /dev/binderfs
@ -78,18 +59,35 @@ on init
chmod 0664 /dev/cpuset/background/tasks
chmod 0664 /dev/cpuset/system-background/tasks
on init && property:ro.boot.logd.enabled=1
# Start logd before any other services run to ensure we capture all of their logs.
start logd
on init
start servicemanager
start diced
mkdir /mnt/apk 0755 system system
mkdir /mnt/extra-apk 0755 root root
# Microdroid_manager starts apkdmverity/zipfuse/apexd
start microdroid_manager
# restorecon so microdroid_manager can create subdirectories
restorecon /mnt/extra-apk
# Wait for apexd to finish activating APEXes before starting more processes.
wait_for_prop apexd.status activated
perform_apex_config
# Notify to microdroid_manager that perform_apex_config is done.
# Microdroid_manager shouldn't execute payload before this, because app
# payloads are not designed to run with bootstrap bionic
setprop apex_config.done true
setprop ro.debuggable ${ro.boot.microdroid.debuggable:-0}
# TODO(b/185767624): remove hidl after full keymint support
start hwservicemanager
# TODO(b/214231981): start diced (and servicemanager) earlier than microdroid_manager.
start diced
on init && property:ro.boot.logd.enabled=1
# Start logd before any other services run to ensure we capture all of their logs.
start logd
on init && property:ro.boot.adb.enabled=1
start adbd