Introduce ro.boot.hypervisor properties

In virtualized deployments of Android, it can be useful to have access to a description of the hypervisor/host environment being used to run the guest OS instance. This is represented by means of a new system property ro.boot.hypervisor.version, which is meant to convey a free-form descriptor of the current host/hypervisor version The property is meant to be provided to Android as androidboot. by whatever host-specific means are used to supply other boot properties to the target Android instance. Access could be later opened to other vendor processes to set if needed for specific setups where init is not a sufficiently-early stage for host/guest communication. Such setups are not known at this time. For a native Android incantation, the property defaults to being missing Other properties could later be added to this same namespace and context if they turn out to be useful in specific scenarios. Bug: 178749018 Test: build cuttlefish Change-Id: Id721c14ef1958b525c2866a660dcae8fd176a79d Merged-In: Id721c14ef1958b525c2866a660dcae8fd176a79d
2021-10-01 13:11:36 -06:00 · 2021-10-01 13:11:36 -06:00 · ad4874479d
commit ad4874479d
parent ac15c76a51
5 changed files with 10 additions and 0 deletions
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@ -70,6 +70,7 @@
    hal_uwb_service
    hal_weaver_service
    hw_timeout_multiplier_prop
+    hypervisor_prop
    keystore_compat_hal_service
    keystore_maintenance_service
    keystore_metrics_service
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@ -91,6 +91,9 @@ set_prop(dumpstate, ctl_dumpstate_prop)
 set_prop(dumpstate, lpdumpd_prop)
 binder_call(dumpstate, lpdumpd)

+# For dumping hypervisor information.
+get_prop(dumpstate, hypervisor_prop)
+
 # For dumping device-mapper and snapshot information.
 allow dumpstate gsid_exec:file rx_file_perms;
 set_prop(dumpstate, ctl_gsid_prop)
--- a/private/init.te
+++ b/private/init.te
@ -92,6 +92,9 @@ neverallow { domain -init } vts_status_prop:property_service set;
 # Only init can write normal ro.boot. properties
 neverallow { domain -init } bootloader_prop:property_service set;

+# Only init can write ro.boot.hypervisor properties
+neverallow { domain -init } hypervisor_prop:property_service set;
+
 # Only init can write hal.instrumentation.enable
 neverallow { domain -init } hal_instrumentation_prop:property_service set;

--- a/private/property_contexts
+++ b/private/property_contexts
@ -675,6 +675,8 @@ ro.boot.revision           u:object_r:bootloader_prop:s0 exact string
 ro.boot.vbmeta.avb_version u:object_r:bootloader_prop:s0 exact string
 ro.boot.verifiedbootstate  u:object_r:bootloader_prop:s0 exact string
 ro.boot.veritymode         u:object_r:bootloader_prop:s0 exact string
+# Properties specific to virtualized deployments of Android
+ro.boot.hypervisor.version                  u:object_r:hypervisor_prop:s0 exact string

 # These ro.X properties are set to values of ro.boot.X by property_service.
 ro.baseband   u:object_r:bootloader_prop:s0 exact string
--- a/public/property.te
+++ b/public/property.te
@ -69,6 +69,7 @@ system_restricted_prop(device_config_runtime_native_boot_prop)
 system_restricted_prop(device_config_runtime_native_prop)
 system_restricted_prop(fingerprint_prop)
 system_restricted_prop(hal_instrumentation_prop)
+system_restricted_prop(hypervisor_prop)
 system_restricted_prop(init_service_status_prop)
 system_restricted_prop(libc_debug_prop)
 system_restricted_prop(module_sdkextensions_prop)