1 // Copyright 2022, The Android Open Source Project
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 //! Android Virtualization Manager
16
17 mod aidl;
18 mod atom;
19 mod composite;
20 mod crosvm;
21 mod debug_config;
22 mod dt_overlay;
23 mod payload;
24 mod selinux;
25
26 use crate::aidl::{GLOBAL_SERVICE, VirtualizationService};
27 use android_system_virtualizationservice::aidl::android::system::virtualizationservice::IVirtualizationService::BnVirtualizationService;
28 use anyhow::{bail, Context, Result};
29 use binder::{BinderFeatures, ProcessState};
30 use lazy_static::lazy_static;
31 use log::{info, LevelFilter};
32 use rpcbinder::{FileDescriptorTransportMode, RpcServer};
33 use std::os::unix::io::{AsFd, FromRawFd, OwnedFd, RawFd};
34 use clap::Parser;
35 use nix::fcntl::{fcntl, F_GETFD, F_SETFD, FdFlag};
36 use nix::unistd::{write, Pid, Uid};
37 use std::os::unix::raw::{pid_t, uid_t};
38
39 const LOG_TAG: &str = "virtmgr";
40
41 lazy_static! {
42 static ref PID_CURRENT: Pid = Pid::this();
43 static ref PID_PARENT: Pid = Pid::parent();
44 static ref UID_CURRENT: Uid = Uid::current();
45 }
46
get_this_pid() -> pid_t47 fn get_this_pid() -> pid_t {
48 // Return the process ID of this process.
49 PID_CURRENT.as_raw()
50 }
51
get_calling_pid() -> pid_t52 fn get_calling_pid() -> pid_t {
53 // The caller is the parent of this process.
54 PID_PARENT.as_raw()
55 }
56
get_calling_uid() -> uid_t57 fn get_calling_uid() -> uid_t {
58 // The caller and this process share the same UID.
59 UID_CURRENT.as_raw()
60 }
61
62 #[derive(Parser)]
63 struct Args {
64 /// File descriptor inherited from the caller to run RpcBinder server on.
65 /// This should be one end of a socketpair() compatible with RpcBinder's
66 /// UDS bootstrap transport.
67 #[clap(long)]
68 rpc_server_fd: RawFd,
69 /// File descriptor inherited from the caller to signal RpcBinder server
70 /// readiness. This should be one end of pipe() and the caller should be
71 /// waiting for HUP on the other end.
72 #[clap(long)]
73 ready_fd: RawFd,
74 }
75
take_fd_ownership(raw_fd: RawFd, owned_fds: &mut Vec<RawFd>) -> Result<OwnedFd, anyhow::Error>76 fn take_fd_ownership(raw_fd: RawFd, owned_fds: &mut Vec<RawFd>) -> Result<OwnedFd, anyhow::Error> {
77 // Basic check that the integer value does correspond to a file descriptor.
78 fcntl(raw_fd, F_GETFD).with_context(|| format!("Invalid file descriptor {raw_fd}"))?;
79
80 // The file descriptor had CLOEXEC disabled to be inherited from the parent.
81 // Re-enable it to make sure it is not accidentally inherited further.
82 fcntl(raw_fd, F_SETFD(FdFlag::FD_CLOEXEC))
83 .with_context(|| format!("Could not set CLOEXEC on file descriptor {raw_fd}"))?;
84
85 // Creating OwnedFd for stdio FDs is not safe.
86 if [libc::STDIN_FILENO, libc::STDOUT_FILENO, libc::STDERR_FILENO].contains(&raw_fd) {
87 bail!("File descriptor {raw_fd} is standard I/O descriptor");
88 }
89
90 // Reject RawFds that already have a corresponding OwnedFd.
91 if owned_fds.contains(&raw_fd) {
92 bail!("File descriptor {raw_fd} already owned");
93 }
94 owned_fds.push(raw_fd);
95
96 // SAFETY: Initializing OwnedFd for a RawFd provided in cmdline arguments.
97 // We checked that the integer value corresponds to a valid FD and that this
98 // is the first argument to claim its ownership.
99 Ok(unsafe { OwnedFd::from_raw_fd(raw_fd) })
100 }
101
check_vm_support() -> Result<()>102 fn check_vm_support() -> Result<()> {
103 if hypervisor_props::is_any_vm_supported()? {
104 Ok(())
105 } else {
106 // This should never happen, it indicates a misconfigured device where the virt APEX
107 // is present but VMs are not supported. If it does happen, fail fast to avoid wasting
108 // resources trying.
109 bail!("Device doesn't support protected or non-protected VMs")
110 }
111 }
112
main()113 fn main() {
114 android_logger::init_once(
115 android_logger::Config::default()
116 .with_tag(LOG_TAG)
117 .with_max_level(LevelFilter::Info)
118 .with_log_buffer(android_logger::LogId::System),
119 );
120
121 check_vm_support().unwrap();
122
123 let args = Args::parse();
124
125 let mut owned_fds = vec![];
126 let rpc_server_fd = take_fd_ownership(args.rpc_server_fd, &mut owned_fds)
127 .expect("Failed to take ownership of rpc_server_fd");
128 let ready_fd = take_fd_ownership(args.ready_fd, &mut owned_fds)
129 .expect("Failed to take ownership of ready_fd");
130
131 // Start thread pool for kernel Binder connection to VirtualizationServiceInternal.
132 ProcessState::start_thread_pool();
133
134 GLOBAL_SERVICE.removeMemlockRlimit().expect("Failed to remove memlock rlimit");
135
136 let service = VirtualizationService::init();
137 let service =
138 BnVirtualizationService::new_binder(service, BinderFeatures::default()).as_binder();
139
140 let server = RpcServer::new_unix_domain_bootstrap(service, rpc_server_fd)
141 .expect("Failed to start RpcServer");
142 server.set_supported_file_descriptor_transport_modes(&[FileDescriptorTransportMode::Unix]);
143
144 info!("Started VirtualizationService RpcServer. Ready to accept connections");
145
146 // Signal readiness to the caller by closing our end of the pipe.
147 write(ready_fd.as_fd(), "o".as_bytes())
148 .expect("Failed to write a single character through ready_fd");
149 drop(ready_fd);
150
151 server.join();
152 info!("Shutting down VirtualizationService RpcServer");
153 }
154