Don't create vendor_init in microdroid

vendor_init is a subcontext of init which is responsible for handling the vendor-defined services and vendor-defined actions. This is mainly to enforce the Treble architecture in which the vendor components are provided with a less-privileged context than the system components because they are less-trusted. However, in case of microdroid, both the system and the vendor partitions are from the same entity. As VMs don't have direct access to any of the underlying hardware, the vendor partition is targeting the virtual platform, not the real hw platform. There really is no need for the discrimination. This CL disables the creation of the vendor_init subcontext when init runs in microdroid. Bug: 201363575 Test: atest MicrodroidHostTestCases Change-Id: Ie5e47d84e9e245565239b4f2159e8182b457699d
2021-09-28 16:11:26 +09:00 · 2021-09-28 16:11:26 +09:00 · 3b3d87de79
commit 3b3d87de79
parent 0a0e4793e3
4 changed files with 13 additions and 5 deletions
--- a/init/mount_namespace.cpp
+++ b/init/mount_namespace.cpp
@ -82,11 +82,6 @@ static bool IsApexUpdatable() {
    return updatable;
 }

-static bool IsMicrodroid() {
-    static bool is_microdroid = android::base::GetProperty("ro.hardware", "") == "microdroid";
-    return is_microdroid;
-}
-
 // In case we have two sets of APEXes (non-updatable, updatable), we need two separate mount
 // namespaces.
 static bool NeedsTwoMountNamespaces() {
--- a/init/subcontext.cpp
+++ b/init/subcontext.cpp
@ -44,6 +44,7 @@
 #endif

 using android::base::GetExecutablePath;
+using android::base::GetProperty;
 using android::base::Join;
 using android::base::Socketpair;
 using android::base::Split;
@ -337,6 +338,11 @@ Result<std::vector<std::string>> Subcontext::ExpandArgs(const std::vector<std::s
 }

 void InitializeSubcontext() {
+    if (IsMicrodroid()) {
+        LOG(INFO) << "Not using subcontext for microdroid";
+        return;
+    }
+
    if (SelinuxGetVendorAndroidVersion() >= __ANDROID_API_P__) {
        subcontext.reset(
                new Subcontext(std::vector<std::string>{"/vendor", "/odm"}, kVendorContext));
--- a/init/util.cpp
+++ b/init/util.cpp
@ -757,5 +757,10 @@ void SetDefaultMountNamespaceReady() {
    is_default_mount_namespace_ready = true;
 }

+bool IsMicrodroid() {
+    static bool is_microdroid = android::base::GetProperty("ro.hardware", "") == "microdroid";
+    return is_microdroid;
+}
+
 }  // namespace init
 }  // namespace android
--- a/init/util.h
+++ b/init/util.h
@ -103,5 +103,7 @@ bool IsRecoveryMode();

 bool IsDefaultMountNamespaceReady();
 void SetDefaultMountNamespaceReady();
+
+bool IsMicrodroid();
 }  // namespace init
 }  // namespace android