Link RELEASE_AVF_ENABLE_MULTI_TENANT_MICRODROID_VM to payload_not_root
Add plumbing in soong to conditionally enable payload_not_root rust cfg
if RELEASE_AVF_ENABLE_MULTI_TENANT_MICRODROID_VM build flag is set to true.
This patch also showcases how one can conditionally add files to
microdroid system image depending on the value of the build flag
Bug: 298008232
Test: build virt APEX with flag enabled
Test: verified payload runs as system_payload
Change-Id: I7e29b60a329ed4d7d8492bbe01b04ad4f895ff15
diff --git a/Android.bp b/Android.bp
index b655551..1fae793 100644
--- a/Android.bp
+++ b/Android.bp
@@ -27,3 +27,24 @@
],
// large-scale-change unable to identify any license_text files
}
+
+soong_config_module_type {
+ name: "avf_flag_aware_rust_defaults",
+ module_type: "rust_defaults",
+ config_namespace: "ANDROID",
+ bool_variables: [
+ "release_avf_enable_multi_tenant_microdroid_vm",
+ ],
+ properties: [
+ "cfgs",
+ ],
+}
+
+avf_flag_aware_rust_defaults {
+ name: "avf_build_flags_rust",
+ soong_config_variables: {
+ release_avf_enable_multi_tenant_microdroid_vm: {
+ cfgs: ["payload_not_root"],
+ },
+ },
+}
diff --git a/libs/microdroid_uids/Android.bp b/libs/microdroid_uids/Android.bp
index 497948d..ce62217 100644
--- a/libs/microdroid_uids/Android.bp
+++ b/libs/microdroid_uids/Android.bp
@@ -7,8 +7,7 @@
crate_name: "microdroid_uids",
srcs: ["src/lib.rs"],
edition: "2021",
- // TODO(b/296393106): Figure out how/when to enable this
- // cfgs: ["payload_not_root"],
+ defaults: ["avf_build_flags_rust"],
apex_available: [
"com.android.virt",
],
diff --git a/microdroid/Android.bp b/microdroid/Android.bp
index 1e594b7..00831dd 100644
--- a/microdroid/Android.bp
+++ b/microdroid/Android.bp
@@ -44,7 +44,19 @@
},
]
-android_system_image {
+soong_config_module_type {
+ name: "flag_aware_microdroid_system_image",
+ module_type: "android_system_image",
+ config_namespace: "ANDROID",
+ bool_variables: [
+ "release_avf_enable_multi_tenant_microdroid_vm",
+ ],
+ properties: [
+ "deps",
+ ],
+}
+
+flag_aware_microdroid_system_image {
name: "microdroid",
use_avb: true,
avb_private_key: ":microdroid_sign_key",
@@ -54,8 +66,6 @@
deps: [
"init_second_stage.microdroid",
"microdroid_build_prop",
- "microdroid_etc_passwd",
- "microdroid_etc_group",
"microdroid_init_debug_policy",
"microdroid_init_rc",
"microdroid_ueventd_rc",
@@ -141,6 +151,16 @@
fake_timestamp: "1611569676",
// python -c "import uuid; print(uuid.uuid5(uuid.NAMESPACE_URL, 'www.android.com/avf/microdroid/system'))"
uuid: "5fe079c6-f01a-52be-87d3-d415231a72ad",
+
+ // Below are dependencies that are conditionally enabled depending on value of build flags.
+ soong_config_variables: {
+ release_avf_enable_multi_tenant_microdroid_vm: {
+ deps: [
+ "microdroid_etc_passwd",
+ "microdroid_etc_group",
+ ],
+ },
+ },
}
prebuilt_etc {