Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3e735b07 authored by Nikita Ioffe's avatar Nikita Ioffe
Browse files

Introduce IVmCapabilitiesService HAL 

This HAL can be used to provide vendor-specific extensions to VMs. First
use case for this HAL is custom smc filtering project, which provides a
way for some vendor-owner VMs to allow issue vendor-specific smcs. See
go/pkvm-pvm-allow-vendor-tz-services-access for more details

Bug: 360102915
Test: presubmit
Change-Id: Iaf8e3e066f5bda9eae079252720860d362d14426
parent d34cb3bb

compatibility_matrices/compatibility_matrix.202504.xml

+9 −0
Original line number Diff line number Diff line
@@ -652,6 +652,15 @@ 
            <instance>default</instance>

        </interface>

    </hal>

    <hal format="aidl">

      <name>android.hardware.virtualization.capabilities</name>

        <version>1</version>

        <interface>

            <name>IVmCapabilitiesService</name>

            <instance>default</instance>

            <instance>noop</instance>

        </interface>

    </hal>

    <hal format="aidl">

        <name>android.hardware.weaver</name>

        <version>2</version>

virtualization/capabilities_service/aidl/Android.bp

0 → 100644
+35 −0
Original line number Diff line number Diff line 
// Copyright (C) 2024 The Android Open Source Project

//

// Licensed under the Apache License, Version 2.0 (the "License");

// you may not use this file except in compliance with the License.

// You may obtain a copy of the License at

//

//      http://www.apache.org/licenses/LICENSE-2.0

//

// Unless required by applicable law or agreed to in writing, software

// distributed under the License is distributed on an "AS IS" BASIS,

// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

// See the License for the specific language governing permissions and

// limitations under the License.



package {

    default_team: "trendy_team_virtualization",

    default_applicable_licenses: ["Android-Apache-2.0"],

}



aidl_interface {

    name: "android.hardware.virtualization.capabilities.capabilities_service",

    vendor_available: true,

    srcs: ["android/**/*.aidl"],

    stability: "vintf",

    backend: {

        rust: {

            enabled: true,

            apex_available: [

                "//apex_available:platform",

                "com.android.virt",

            ],

        },

    },

    frozen: false,

}

virtualization/capabilities_service/aidl/aidl_api/android.hardware.virtualization.capabilities.capabilities_service/current/android/hardware/virtualization/capabilities/IVmCapabilitiesService.aidl

0 → 100644
+38 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2024 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

///////////////////////////////////////////////////////////////////////////////

// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //

///////////////////////////////////////////////////////////////////////////////



// This file is a snapshot of an AIDL file. Do not edit it manually. There are

// two cases:

// 1). this is a frozen version file - do not edit this in any case.

// 2). this is a 'current' file. If you make a backwards compatible change to

//     the interface (from the latest frozen version), the build system will

//     prompt you to update this file with `m <name>-update-api`.

//

// You must not make a backward incompatible change to any AIDL file built

// with the aidl_interface module type with versions property set. The module

// type is used to build AIDL files in a way that they can be used across

// independently updatable components of the system. If a device is shipped

// with such a backward incompatible change, it has a high risk of breaking

// later when a module using the interface is updated, e.g., Mainline modules.



package android.hardware.virtualization.capabilities;

@VintfStability

interface IVmCapabilitiesService {

  void grantAccessToVendorTeeServices(in ParcelFileDescriptor vmFd, in String[] vendorTeeServices);

}

virtualization/capabilities_service/aidl/android/hardware/virtualization/capabilities/IVmCapabilitiesService.aidl

0 → 100644
+33 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2024 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



package android.hardware.virtualization.capabilities;



/**

 * Encapsulates vendor-specific capabilities that can be granted to VMs.

 */

@VintfStability

interface IVmCapabilitiesService {

    /**

     * Grant access for the VM represented by the given vm_fd to the given vendor-owned tee

     * services. The names in |vendorTeeServices| must match the ones defined in the

     * tee_service_contexts files.

     * TODO(ioffe): link to the integration doc for custom smc filtering feature once

     * it's ready.

     */

    void grantAccessToVendorTeeServices(

            in ParcelFileDescriptor vmFd, in String[] vendorTeeServices);

}