1 /* 2 * Copyright (C) 2022 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <stdbool.h> 20 #include <stddef.h> 21 #include <stdint.h> 22 #include <stdnoreturn.h> 23 #include <sys/cdefs.h> 24 25 #include "vm_main.h" 26 27 __BEGIN_DECLS 28 29 struct AIBinder; 30 typedef struct AIBinder AIBinder; 31 32 /** 33 * Notifies the host that the payload is ready. 34 * 35 * If the host app has set a `VirtualMachineCallback` for the VM, its 36 * `onPayloadReady` method will be called. 37 * 38 * Note that subsequent calls to this function after the first have no effect; 39 * `onPayloadReady` is never called more than once. 40 */ 41 void AVmPayload_notifyPayloadReady(void); 42 43 /** 44 * Runs a binder RPC server, serving the supplied binder service implementation on the given vsock 45 * port. 46 * 47 * If and when the server is ready for connections (it is listening on the port), `on_ready` is 48 * called to allow appropriate action to be taken - e.g. to notify clients that they may now 49 * attempt to connect with `AVmPayload_notifyPayloadReady`. 50 * 51 * Note that this function does not return. The calling thread joins the binder 52 * thread pool to handle incoming messages. 53 * 54 * \param service the service to bind to the given port. 55 * \param port vsock port. 56 * \param on_ready the callback to execute once the server is ready for connections. If not null the 57 * callback will be called at most once. 58 * \param param parameter to be passed to the `on_ready` callback. 59 */ 60 noreturn void AVmPayload_runVsockRpcServer(AIBinder* _Nonnull service, uint32_t port, 61 void (*_Nullable on_ready)(void* _Nullable param), 62 void* _Nullable param); 63 64 /** 65 * Returns all or part of a 32-byte secret that is bound to this unique VM 66 * instance and the supplied identifier. The secret can be used e.g. as an 67 * encryption key. 68 * 69 * Every VM has a secret that is derived from a device-specific value known to 70 * the hypervisor, the code that runs in the VM and its non-modifiable 71 * configuration; it is not made available to the host OS. 72 * 73 * This function performs a further derivation from the VM secret and the 74 * supplied identifier. As long as the VM identity doesn't change the same value 75 * will be returned for the same identifier, even if the VM is stopped & 76 * restarted or the device rebooted. 77 * 78 * If multiple secrets are required for different purposes, a different 79 * identifier should be used for each. The identifiers otherwise are arbitrary 80 * byte sequences and do not need to be kept secret; typically they are 81 * hardcoded in the calling code. 82 * 83 * \param identifier identifier of the secret to return. 84 * \param identifier_size size of the secret identifier. 85 * \param secret pointer to size bytes where the secret is written. 86 * \param size number of bytes of the secret to get, <= 32. 87 */ 88 void AVmPayload_getVmInstanceSecret(const void* _Nonnull identifier, size_t identifier_size, 89 void* _Nonnull secret, size_t size); 90 91 /** 92 * Gets the path to the APK contents. It is a directory, under which are 93 * the unzipped contents of the APK containing the payload, all read-only 94 * but accessible to the payload. 95 * 96 * \return the path to the APK contents. The returned string should not be 97 * deleted or freed by the application. The string remains valid for the 98 * lifetime of the VM. 99 */ 100 const char* _Nonnull AVmPayload_getApkContentsPath(void); 101 102 /** 103 * Gets the path to the encrypted persistent storage for the VM, if any. This is 104 * a directory under which any files or directories created will be stored on 105 * behalf of the VM by the host app. All data is encrypted using a key known 106 * only to the VM, so the host cannot decrypt it, but may delete it. 107 * 108 * \return the path to the APK contents, or NULL if no encrypted storage was 109 * requested in the VM configuration. If non-null the returned string should not 110 * be deleted or freed by the application and remains valid for the lifetime of 111 * the VM. 112 */ 113 const char* _Nullable AVmPayload_getEncryptedStoragePath(void); 114 115 __END_DECLS 116