1 // Copyright 2022, The Android Open Source Project
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 //! Android Virtualization Manager
16 
17 mod aidl;
18 mod atom;
19 mod composite;
20 mod crosvm;
21 mod debug_config;
22 mod dt_overlay;
23 mod payload;
24 mod selinux;
25 
26 use crate::aidl::{GLOBAL_SERVICE, VirtualizationService};
27 use android_system_virtualizationservice::aidl::android::system::virtualizationservice::IVirtualizationService::BnVirtualizationService;
28 use anyhow::{bail, Result};
29 use binder::{BinderFeatures, ProcessState};
30 use log::{info, LevelFilter};
31 use rpcbinder::{FileDescriptorTransportMode, RpcServer};
32 use std::os::unix::io::{AsFd, RawFd};
33 use std::sync::LazyLock;
34 use clap::Parser;
35 use nix::unistd::{write, Pid, Uid};
36 use rustutils::inherited_fd::take_fd_ownership;
37 use std::os::unix::raw::{pid_t, uid_t};
38 
39 const LOG_TAG: &str = "virtmgr";
40 
41 static PID_CURRENT: LazyLock<Pid> = LazyLock::new(Pid::this);
42 static PID_PARENT: LazyLock<Pid> = LazyLock::new(Pid::parent);
43 static UID_CURRENT: LazyLock<Uid> = LazyLock::new(Uid::current);
44 
get_this_pid() -> pid_t45 fn get_this_pid() -> pid_t {
46     // Return the process ID of this process.
47     PID_CURRENT.as_raw()
48 }
49 
get_calling_pid() -> pid_t50 fn get_calling_pid() -> pid_t {
51     // The caller is the parent of this process.
52     PID_PARENT.as_raw()
53 }
54 
get_calling_uid() -> uid_t55 fn get_calling_uid() -> uid_t {
56     // The caller and this process share the same UID.
57     UID_CURRENT.as_raw()
58 }
59 
60 #[derive(Parser)]
61 struct Args {
62     /// File descriptor inherited from the caller to run RpcBinder server on.
63     /// This should be one end of a socketpair() compatible with RpcBinder's
64     /// UDS bootstrap transport.
65     #[clap(long)]
66     rpc_server_fd: RawFd,
67     /// File descriptor inherited from the caller to signal RpcBinder server
68     /// readiness. This should be one end of pipe() and the caller should be
69     /// waiting for HUP on the other end.
70     #[clap(long)]
71     ready_fd: RawFd,
72 }
73 
check_vm_support() -> Result<()>74 fn check_vm_support() -> Result<()> {
75     if hypervisor_props::is_any_vm_supported()? {
76         Ok(())
77     } else {
78         // This should never happen, it indicates a misconfigured device where the virt APEX
79         // is present but VMs are not supported. If it does happen, fail fast to avoid wasting
80         // resources trying.
81         bail!("Device doesn't support protected or non-protected VMs")
82     }
83 }
84 
main()85 fn main() {
86     // SAFETY: This is very early in the process. Nobody has taken ownership of the inherited FDs
87     // yet.
88     unsafe { rustutils::inherited_fd::init_once() }
89         .expect("Failed to take ownership of inherited FDs");
90 
91     android_logger::init_once(
92         android_logger::Config::default()
93             .with_tag(LOG_TAG)
94             .with_max_level(LevelFilter::Info)
95             .with_log_buffer(android_logger::LogId::System),
96     );
97 
98     check_vm_support().unwrap();
99 
100     let args = Args::parse();
101 
102     let rpc_server_fd =
103         take_fd_ownership(args.rpc_server_fd).expect("Failed to take ownership of rpc_server_fd");
104     let ready_fd = take_fd_ownership(args.ready_fd).expect("Failed to take ownership of ready_fd");
105 
106     // Start thread pool for kernel Binder connection to VirtualizationServiceInternal.
107     ProcessState::start_thread_pool();
108 
109     if cfg!(early) {
110         // we can't access VirtualizationServiceInternal, so directly call rlimit
111         let pid = i32::from(*PID_CURRENT);
112         let lim = libc::rlimit { rlim_cur: libc::RLIM_INFINITY, rlim_max: libc::RLIM_INFINITY };
113 
114         // SAFETY: borrowing the new limit struct only. prlimit doesn't use lim outside its lifetime
115         let ret = unsafe { libc::prlimit(pid, libc::RLIMIT_MEMLOCK, &lim, std::ptr::null_mut()) };
116         if ret == -1 {
117             panic!("rlimit error: {}", std::io::Error::last_os_error());
118         } else if ret != 0 {
119             panic!("Unexpected return value from prlimit(): {ret}");
120         }
121     } else {
122         GLOBAL_SERVICE.removeMemlockRlimit().expect("Failed to remove memlock rlimit");
123     }
124 
125     let service = VirtualizationService::init();
126     let service =
127         BnVirtualizationService::new_binder(service, BinderFeatures::default()).as_binder();
128 
129     let server = RpcServer::new_unix_domain_bootstrap(service, rpc_server_fd)
130         .expect("Failed to start RpcServer");
131     server.set_supported_file_descriptor_transport_modes(&[FileDescriptorTransportMode::Unix]);
132 
133     info!("Started VirtualizationService RpcServer. Ready to accept connections");
134 
135     // Signal readiness to the caller by closing our end of the pipe.
136     write(ready_fd.as_fd(), "o".as_bytes())
137         .expect("Failed to write a single character through ready_fd");
138     drop(ready_fd);
139 
140     server.join();
141     info!("Shutting down VirtualizationService RpcServer");
142 }
143