Test: looked at README in Markdown preview.
Change-Id: I254f9ea81d6dbc0267f2d2d3b36f779a55dc03cd

The protected version is only run if the kernel supports pKVM.

Bug: 181615964
Test: atest VirtualizationTestCases
Change-Id: I02fcead96b84b44f3138162a525f709c9f59ec73

... in preparation for running tests in presubmit builds

Bug: 181615964
Test: watch TH

Change-Id: Id2544a3324efd09521b6a60f392e9bba200886b9

As the payload is in a shared library, microdroid_launcher domain is
used as-is when running microdroid app. This changes the domain name to
microdroid_app, because microdroid_launcher does nothing but just launch
the microdroid app.

Bug: 189706019
Test: atest MicrodroidHostTestCases
Change-Id: Id30b4a85cc1b9023a93546d33b6071863e9268ee

This will eventually go away, but it's useful for verifying that the
service is working. But the cert -> RSAPublicKey code will end up
somewhere else eventually - either in C++ or Rust.

Bug: 191763370
Test: Manual - start service, generate key, verify. Inspect files.
Change-Id: I2181cf5331992a4236500545a9fdfd8640b57c1d

This is based on the interface prototyped in
system/security/ondevice-signing/FakeCompOs.h.

For now, to allow manual testing, this is a standalone binary.

Bug: 191763370
Test: Builds.
Change-Id: I307ba9144fa51cca7ebee2142980f3a1cd436ef2

The remaining entries are based on "adb root; adb getprop", and "adb
logcat | grep 'Access denied'".

Some processes try to access removed entries, resulting in denials to
default_prop. But it's enough to add them when we actually need them.

Bug: 191131624
Test: atest MicrodroidHostTestCases
Change-Id: I9159ff0d8c02dc9eaabfc31dfbf18c914a69bf72

This hasn't worked because the path /mnt/apk/lib/<abi> wasn't in the
search paths of the linker namespace that the library is loaded (which
is the default namespace).

Fixing that by creating a new linker namespace 'microdroid' that
inherits the settings from the default namespace but adds the library
directory to the search paths, and loading the library from that
namespace.

Bug: N/A
Test: atest MicrodroidHostTestCases

Change-Id: I30c4ce86a48b80fa65e3b5ffeb90561fa1d2544e

* changes:
  Support multiple files per partition.
  Create composite disk image in VirtualizationService.

In order to make modifications, pull in our own copy of the KeyMint
device from the reference implementation.

Bug: 190578423
Test: atest MicrodroidHostTestCases
Change-Id: I2671a0faf0f354a681ab2c988ecedb94b7adeb4b

KeyMint in microdroid will initially be a specialized version of the
software KeyMint reference implementation. Begin this specialization by
removing the services that aren't needed within VMs.

Bug: 190578423
Test: atest MicrodroidHostTestCases
Change-Id: I6eee95944ccc555656868dad193f29b83ebf46a4

After initially connecting to Keystore, continue to create a key to sign
and verify a message.

Bug: 190578423
Test: atest MicrodroidHostTestCases
Change-Id: I4ddd91839689c07ffa6b5f5396f025b1f0471653

Bug: N/A
Test: follow instructions
Change-Id: Ie072c16da0976418e90f6cf40288a5ef5b42a1c7

Test: atest VirtualizationTestCases
Change-Id: Ia6e605a73f6dd14e87fc7ad5e12bf973b1d2b499

Bug: 190503456
Test: Ran microdroid
Change-Id: I0461120a3eb9c7e8c70ebc61a170d686f9f8b0ea

This is simpler than spawning mk_cdisk, and will also be useful for
making the payload image.

Bug: 190503456
Test: Ran microdroid, compared log output
Change-Id: Id67d6280696c4221b675eec99c65ea44e1c549ab

file_contexts was copied from system/sepolicy/private. It's contained a
lot of redundant entries for microdroid.

Bug: 191131624
Test: atest MicrodroidHostTestCases
Change-Id: Ia4e2664822b9cb984dddb99c03faaa6f54f2dfc6

Loop up the Keystore service from the test payload to make sure it can
be found and communicated with.

Bug: 190578423
Test: atest MicrodroidHostTestCases
Change-Id: I1dd863202b7de5405658ee5e922b955e3cba6741

Test: N/A
Bug: 191491898
Change-Id: Idec898d9374f245da0b228a49aefef623f11784a

MicrodroidHostTestCases now uses the vm tool to create the VM. It no
longer directly interacts with crosvm and mk_cdisk.

The READMD.md file is rewritten to fully reflect the recent changes, and
also to add description about building an app for microdroid.

Bug: 185891097
Test: atest MicrodroidHostTestCases
Change-Id: I5fdc854390fd362ebead22a4a36af75c30500a81

No matter how microdroid system's sepolicy is built, microdroid vendor's
sepolicy will exist under packages/modules/Virtualization/microdroid,
and we need to trim vendor sepolicy first, to investigate further.

This commit removes almost all of vendor sepolicy files. Only the
keymint HAL and file_contexts stay.

Bug: 191131624
Test: atest MicordroidHostTestCases
Change-Id: Ib67507c1893d7768d2214c2bfbf2eaf299fb21f2

Original change: https://android-review.googlesource.com/c/platform/packages/modules/Virtualization/+/1740737

Change-Id: I069b7a163585842a886d5abdac6089713c20727f

Original change: https://android-review.googlesource.com/c/platform/packages/modules/Virtualization/+/1740736

Change-Id: I46866db2ff5e67d9b5acfe09ca03291daeb27b7a

load_persists_props_action is guaranteed to be triggered after /data is
mounted and adb is run. Changing the marker to fix flaky postsubmit.

Bug: 191153896
Test: atest
Change-Id: I4b4c732b1c5ae334e67486b73eb5143dc31af7de

Triggers like bpf, zygote, firmware are not needed in microdroid.

Bug: N/A
Test: boot microdroid
Change-Id: I1e924fa4810de7245c1d86ff797f6d4ca9e17c77

Original change: https://android-review.googlesource.com/c/platform/packages/modules/Virtualization/+/1735373

Change-Id: Id34e688fef49b066bbee49c93ba0a344ac94f648

Original change: https://android-review.googlesource.com/c/platform/packages/modules/Virtualization/+/1728672

Change-Id: I2f07812a1c4591ff728dfca73ecd163831f441cd