029977d760
At least for T, we don't want to have a VM that is running a disk image
that is not protected by AVB (Android Verified Boot). This means that
the disk images must be from file in the built-in partitions (like
system) or their updates (because updates are guaranteed to be from the
same signer).
This rule is currently being enforced by selinux policies around crosvm.
However, there is one exception. It has the following allow rule.
allow crosvm app_data_file:file { read ...};
app_data_file is for any file that is owned and dynamically created by
apps. They could be a file downloaded from Internet, and therefore is
definitely not protected by AVB. The only reason we have the above allow
rule is the instance image. The file is mutable because it has per-VM
identity information that is written when a pVM is first created. The
file is owned by the owning app, otherwise other apps would be able to
start the same VM. In other words, we don't intend to allow any
app_data_file to be loadable in a pVM. But such an intention can't be
expressed in sepolicy.
This CL augments the sepolicy by adding a runtime check in
virtualizationservice. Specifically, it rejects to spawn a VM if any of
the disk images is labeled as app_data_file, except for the disk image
for the instance partition.
Bug: 204852957
Test: adb shell chcon u:object_r:app_data_file:s0 /data/local/tmp/virt/MicrodroidDemoApp.apk
adb shell /apex/com.android.virt/bin/vm run-app --debug full \
/data/local/tmp/virt/MicrodroidDemoApp.apk \
/data/local/tmp/virt/MicrodroidDemoApp.apk.idsig \
/data/local/tmp/virt/instance.img assets/vm_config.json \
gives the following error as expected.
Status(-8, EX_SERVICE_SPECIFIC): '-1: Partition microdroid-apk shouldn't
be labeld as u:object_r:app_data_file:s0'
Change-Id: Ia7081b8ecb2db1ecc1f7d4941a305ccff6016f3e
|
||
|---|---|---|
| apex | ||
| apkdmverity | ||
| apkverify | ||
| authfs | ||
| binder_common | ||
| compos | ||
| demo | ||
| docs/getting_started | ||
| idsig | ||
| javalib | ||
| launcher | ||
| libs/libavb_rs | ||
| microdroid | ||
| microdroid_manager | ||
| pvmfw | ||
| tests | ||
| virtualizationservice | ||
| vm | ||
| vmconfig | ||
| zipfuse | ||
| .clang-format | ||
| Android.bp | ||
| OWNERS | ||
| PREUPLOAD.cfg | ||
| README.md | ||
| TEST_MAPPING | ||
| rustfmt.toml | ||
README.md
Virtualization
This repository contains userspace services related to running virtual machines on Android, especially protected virtual machines. See the getting started documentation and Microdroid README for more information.