Google is working on MicroDroid, a stripped-down version of Android for virtual machines
Google is making microdroid, which the company says is a “minimal Android-based Linux image.”
According to the commit description, microdroid will be used in virtual machines and is designed as a “stripped down version of the generic Android system image (GSI).” The GSI is already a barebones build of open-source Android, but microdroid seems to be even more trimmed down. The goal of this project may be to allow for running a minimal version of Android on top of a hypervisor in order to allow for virtualizing an individual Android app rather than providing a full secondary desktop environment.
The project is likely part of Google’s larger effort to enable virtualization on Android hardware, in an effort to improve security. Specifically, Google is working on bringing the Linux kernel virtualization mechanism called “KVM” to Android devices powered by ARM64 SoCs, according to Jake Edge over at LWN. (The LWN article presents a summary of a presentation called “Virtualization for the Masses: Exposing KVM on Android” [PDF warning] held by Googler Will Deacon at the KVM Forum.) Bringing KVM support is said to “de-privilege” third-party code running at one of Armv8’s highly-privileged exception levels. Third-party code, such as those for DRM, cryptography, and other binaries, can instead be run in a VM at the same level as the Android OS.
In order to manage these virtual machines, Google is adapting the Chrome OS VMM (crosvm), which is used to run Linux apps on Chrome OS, for Android. Google is preparing to deliver crosvm as part of a new APEX package called “Virtualization” while at the same time bringing its “protected KVM” project for ARM64 for Android’s Linux kernel forks.
With microdroid, we envision that Google wants to run little virtual machines alongside Android, possibly for DRM-related applications. Microdroid will have the bare minimum of components, such as the init and binder services, in order to communicate with the underlying Android host. It is possible that this effort will tie into the new Type-1 Hypervisor in the Snapdragon 888, which the company says allows for isolating data between apps and OSes on the same device and also instantly switching between isolated OSes with no performance degradations.
It is also possible that this is related to Google’s efforts to extend the idea behind crosvm to Android apps as part of the company’s ongoing “ARCVM” project. Without more information, we can’t say for sure what Google’s intentions are, but we’ll be keeping an eye on the AOSP Gerrit for more details.