pa-fazil
/
android_packages_modules_Virtualization
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't mount the extra apk if VM isn't given one 

Extra APK is given to the VM when it boots (via various of
vm_config*.json) depending on whether the build manifest APK exists or
not. On the request, the directory FD of /system_ext needs to come with
the request accordingly, so that authfs can set up the remote file
access.

The current implementation is problematic when there's inconsistency.
Even if /system_ext exists, we shouldn't pass the FD in the compilation
request because the VM may not be set up with a build manifest APK for
/system_ext. This can happen when /system_ext exists but without
BuildManifestSystemExt.apk.

The simple fix is to condition the FD passing on whether the extra APK
exists.

Bug: 267262026
Bug: 273393637
Test: rm /system_ext/etc/security/fsverity/BuildManifestSystemExt.apk
      ComposHostTestCases only after this change
Change-Id: I415343ddb69e4c8cac0b77274db9f629da33fbdd
This commit is contained in:
Victor Hsieh 2023-03-16 11:37:52 -07:00
parent f74674e960
commit de76d90b76
1 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
compos/composd/src/odrefresh_task.rs
View File

@ -31,6 +31,7 @@ use compos_common::odrefresh::{
is_system_property_interesting, ExitCode, CURRENT_ARTIFACTS_SUBDIR, ODREFRESH_OUTPUT_ROOT_DIR,
PENDING_ARTIFACTS_SUBDIR,
};
use compos_common::BUILD_MANIFEST_SYSTEM_EXT_APK_PATH;
use log::{error, info, warn};
use odsign_proto::odsign_info::OdsignInfo;
use protobuf::Message;
@ -178,13 +179,20 @@ fn run_in_vm(
let output_dir_raw_fd = output_dir_fd.as_raw_fd();
let staging_dir_raw_fd = staging_dir_fd.as_raw_fd();
// Get the /system_ext FD differently because it may not exist.
let (system_ext_dir_raw_fd, ro_dir_fds) =
if let Ok(system_ext_dir_fd) = open_dir(Path::new("/system_ext")) {
(system_ext_dir_fd.as_raw_fd(), vec![system_dir_fd, system_ext_dir_fd])
} else {
(-1, vec![system_dir_fd])
};
// When the VM starts, it starts with or without mouting the extra build manifest APK from
// /system_ext. Later on request (here), we need to pass the directory FD of /system_ext, but
// only if the VM is configured to need it.
//
// It is possible to plumb the information from ComposClient to here, but it's extra complexity
// and feel slightly weird to encode the VM's state to the task itself, as it is a request to
// the VM.
let need_system_ext = Path::new(BUILD_MANIFEST_SYSTEM_EXT_APK_PATH).exists();
let (system_ext_dir_raw_fd, ro_dir_fds) = if need_system_ext {
let system_ext_dir_fd = open_dir(Path::new("/system_ext"))?;
(system_ext_dir_fd.as_raw_fd(), vec![system_dir_fd, system_ext_dir_fd])
} else {
(-1, vec![system_dir_fd])
};
// Spawn a fd_server to serve the FDs.
let fd_server_config = FdServerConfig {