• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2022 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.system.virtualization.payload;
18 
19 /**
20  * This interface regroups the tasks that payloads delegate to
21  * Microdroid Manager for execution.
22  */
23 interface IVmPayloadService {
24     /** Socket name of the service IVmPayloadService. */
25     const String VM_PAYLOAD_SERVICE_SOCKET_NAME = "vm_payload_service";
26 
27     /** Path to the APK contents path. */
28     const String VM_APK_CONTENTS_PATH = "/mnt/apk";
29 
30     /**
31      * Path to the encrypted storage. Note the path will not exist if encrypted storage
32      * is not enabled.
33      */
34     const String ENCRYPTEDSTORE_MOUNTPOINT = "/mnt/encryptedstore";
35 
36     /** Notifies that the payload is ready to serve. */
notifyPayloadReady()37     void notifyPayloadReady();
38 
39     /**
40      * Gets a secret that is uniquely bound to this VM instance.
41      *
42      * @param identifier the identifier of the secret to return.
43      * @param size the number of bytes of the secret to return.
44      * @return size bytes of the identified secret.
45      */
getVmInstanceSecret(in byte[] identifier, int size)46     byte[] getVmInstanceSecret(in byte[] identifier, int size);
47 
48     /**
49      * Gets the DICE attestation chain for the VM.
50      *
51      * The DICE chain must not be made available to all VMs as it contains privacy breaking
52      * identifiers.
53      *
54      * @return the VM's raw DICE certificate chain.
55      * @throws SecurityException if the use of test APIs is not permitted.
56      */
getDiceAttestationChain()57     byte[] getDiceAttestationChain();
58 
59     /**
60      * Gets the DICE attestation CDI for the VM.
61      *
62      * The raw attestation CDI isn't very useful but is used for smoke tests. A better API would
63      * handle key derivation on behalf of the payload so they can't forget to do it themselves and
64      * would also mean the payload doesn't get the raw CDI which reduces the chance of it leaking.
65      *
66      * @return the VM's raw attestation CDI.
67      * @throws SecurityException if the use of test APIs is not permitted.
68      */
getDiceAttestationCdi()69     byte[] getDiceAttestationCdi();
70 }
71