Define a symbole file for libvm_payload, and request stubs. Make sure
the clients build against the stubs.
Mark the implementation as not required, to prevent the missing
dependencies check triggering; it is actually present at runtime
inside Microdroid.
Bug: 243512108
Bug: 255920361
Test: atest MicrodroidTests
Test: composd-cmd test-compile
Change-Id: I78c33b6fba706fd0e52435ac13d02a25171862f1
This is based on Michael's comments on aosp/2280849. For methods which
should never fail unless the VM is already dying, and for which
clients cannot take any meaningful action, panic instead of returning
false. Make sure we log the cause first.
Update client code to match. Update doc comments in the header file.
Also clarify that calling notify read more than once is harmless
(otherwise it would panic).
Incidentally, rename vs_payload_service.rs because it was confusing me
(we have a file of the same name in microdroid manager which actually
implements the service.)
Changes to AVmPayload_runVsockRpcServer will come later.
Bug: 243512108
Test: atest MicrodroidTests
Test: composd_cmd --test-compile
Change-Id: Ie6f6203ba54246cac669f4a68e8ab76f0a5792ae
Remove the "restricted" functions from vm_payload.h and move them into
vm_payload_restricted.h. Update build rules so that we use
vm_payload_restricted.h in the places we need to.
The restricted APIs will not be made available for priv apps, so they
don't need to be in the headers made available to priv apps.
Add a test to make sure the restricted APIs are in fact restricted.
Bug: 243512108
Test: atest MicrodroidTests ComposTestCase
Change-Id: I0bf0618b1fb572075ba7fb55644300ae1784cada
- Give functions a `AVmPayload_` prefix followed by lower camel case
name (hopefully better branding comes later, but this makes it easy
to grep).
- Let callers find out how big the attestation chain is.
Bug: 243514248
Test: atest MicrodroidTests ComposHostTestCases MicrodroidBenchmarks
Change-Id: I93c37787eae296d97a44cc369e8ea0c3c670c6cb
The new interface to the VM instance secrets already provides a
context-specific secret so it can be used directly as the seed for the
key without requiring another derivation.
Bug: 243514248
Test: atest ComposHostTestCases
Test: atest compos_key_tests
Change-Id: Ibbff27cc6e4e8f499bf70ff6ce171f6cd7765288
The chains are currently around the 2k limit previously chosen. Bump
this to 4k to avoid running out of space before the retrieveal API gets
replaced with something that's actually useful.
Fix: 252775935
Test: atest MicrodroidTests
Test: atest ComposHostTestCases
Change-Id: I97a8d0c3aa2dfcd1adedf79b22d6c057b908ce2a
Change the API from offering the raw sealing CDI to offering VM instance
secrets that happend to be derived from the sealing CDI. This makes it
harder for the payload to leak its sealing CDI and losing the ability to
have secrets in the VM.
Bug: 243514248
Test: atest MicrodroidTests
Test: atest ComposHostTestCases
Change-Id: I0e72dabe7daca4d72a35788412d2ee19a3b446a5
Migrate from direct use of IDiceNode over binder to calling the payload
support library. The functions exposed by the library are expected to
change so this is just the initial migration.
Bug: 243514248
Test: atest MicrodroidTests
Test: atest ComposHostTestCases
Change-Id: Ifadfab090b61ab3240331d381641f6dc33ad8ee9
We don't use it yet, but this is a helpful first step.
Bug: 225177477
Test: composd_cmd staged-apex-compile
Test: See /data/misc/apexdata/com.android.compos/current/bcc
Change-Id: I81daaa9f8e1bb3e81cea0bcfddb8f0455c0d3c21
Extend compos_helper to support signing, use it from CompOS.
Expose the public key from the VM. Rename compos_verify_key to
compos_verify and get it to verify the signature against the current
instance's public key.
Also move DICE access to compos_key_main. There's no use having it in
the library - neither the tests nor compos_verify can use it - and it
complicates the build rules.
There's a lot more that can be deleted, but I'll do that in a
follow-up; this is big enough already.
Bug: 218494522
Test: atest CompOsSigningHostTest CompOsDenialHostTest
Change-Id: I2d71f68a595d5ddadb2e7b16937fa6855f5db0ab
Create a small library to do key-related operations (derive, sign,
verify). Add tests.
Create a small standlone executable to expose these functions.
Bug: 218494522
Test: atest compos_key_tests
Change-Id: I5c984178b822510fd32784d01cf4322e592e5d2a
Alan Stokes
Andrew Scull
Alice Wang