Digital Machine as a core Android Primitive

Posted by Sandeep Patil – Principal Software program Engineer, and Irene Ang – Product Supervisor

The Android Virtualization Framework (AVF) can be obtainable on upcoming choose Android 14 units. The AVF, first launched in Android 13 on Pixel units, gives new capabilities for platform builders engaged on privileged functions.

With AVF, we’re extra broadly supporting virtualization to Android. Virtualization is extensively used and deployed to isolate workloads and working techniques from one another. It permits environment friendly scaling of infrastructure, testing environments, legacy software program compatibility, creating digital desktops and way more.

With AVF digital machines turn out to be a core assemble of the Android working system, just like the way in which Android makes use of Linux processes. Builders have the pliability to decide on the extent of isolation for a digital machine:

    • One-way isolation: Android (the host) can management and examine the contents of the VM. These are mostly used for sandboxing and separation, enabling a number of working techniques to run on the identical machine / machine, with one working system host (Android) controlling and watching over all others.
    • Two-way isolation (Remoted VM): Android (the host) and the digital machine (the visitor) are utterly remoted from one another. Builders who cope with or retailer delicate knowledge could profit from an remoted digital machine. An remoted digital machine has a two-way barrier, the place neither the host (Android) nor the VM have entry to one another, besides through explicitly-agreed-upon communication channels. This has 2 predominant properties:
  1. The workload and knowledge contained in the VM is inaccessible (confidential) from the host (Android).
  2. Even when Android is compromised all the way in which as much as (and together with) the host kernel, the remoted VM stays uncompromised.

Advantages of AVF


With an remoted VM, builders now have a substitute for Trustzone to be used circumstances that want isolation from Android with out escalated privilege.


Digital machines and the functions working inside them are much more moveable than trusted applets. For instance, a Linux-based digital machine with a Linux-application payload will work on all units that help AVF. Because of this builders can construct an software as soon as and deploy it all over the place. VMs additionally make porting of present Linux primarily based functions seamless and straightforward, in comparison with porting right into a Trustzone working system.


AVF is designed to be light-weight, environment friendly and versatile. Digital machines can:

    • be as small as a single C program and as massive as a complete working system relying on the developer’s want;
    • be persistent or intermittent;
    • develop in reminiscence or shrink relying on the general system well being; and
    • honor Android’s scheduler hints and low-memory warnings.


AVF is designed with builders in thoughts. Digital machines could be custom-made to fulfill particular use-case wants. Builders can deploy any VM payload so long as it conforms to sure boot and communication protocols specified by AVF.

Along with bringing the ability of virtualization to Android and enabling all the probabilities of digital desktops, sandboxing, AVF’s use of remoted digital machines can profit the next frequent Android use circumstances (and lots of extra):

    • Biometrics: By deploying biometric trusted applets in an remoted digital machine, builders could have the isolation assure, entry to extra compute energy for biometric algorithms, straightforward updatability whatever the Trustzone working system, and a extra streamlined deployment.
    • DRM: Widevine permits streaming DRM on Android units. As soon as deployed in an remoted Digital Machine, updates to Widevine turn out to be a lot simpler throughout Android units, whatever the particulars of the assorted Trustzone working techniques being deployed on these units.

AVF Utilization

AVF gives straightforward APIs to question the machine’s capacity to create digital machines and their supported sorts, and to arrange safe communication channels with these digital machines from functions and providers that create them.

For instance, to examine for the provision of the AVF APIs, and of remoted and common VM:

VirtualMachineManager supervisor =
if (supervisor == null) {
    // AVF not supported
} else {
    int capabilities = supervisor.getCapabilities();
    if ((capabilities & CAPABILITY_PROTECTED_VM) != 0) {
        // protected VM is supported
    if ((capabilities & CAPABILITY_NON_PROTECTED_VM) != 0) {
        // non protected VM is supported

Please discover further documentation on AVF and its APIs here.

AVF Parts

AVF Component architecture

AVF consists of the framework APIs, the hypervisor, and the Digital Machine Supervisor. The hypervisor ensures digital machines (together with Android) are remoted from one another, very similar to how the Linux kernel does it for processes. The AVF hypervisor (pKVM), nonetheless, does that with a considerably smaller (~50x) code base in comparison with the Linux kernel.

The Hypervisor (pKVM)

The hypervisor is targeted on open supply availability, safety, machine task to VMs and safety by isolation between digital machines. It has a small assault floor that meets the next safety assurance degree. AVF APIs and options are totally supported by the protected KVM hypervisor (pKVM).

pKVM is constructed on high of the business commonplace Kernel-based Digital Machine (KVM) in Linux. It means all present working techniques and workloads that depend on KVM-based digital machines can work seamlessly on Android units with pKVM.

Digital Machine Supervisor (crosvm)

crosvm, a Rust-based Digital Machine Supervisor (VMM), gives the glue between the hypervisor and the AVF framework. It’s chargeable for creating, managing and destroying digital machines. As well as, it gives an abstraction layer throughout a number of hypervisor implementations.

Remoted Digital Machines

Remoted digital machines are invisible to Android i.e. any course of working in Android can not examine, see, tamper with the content material of such a digital machine. This assure is offered by the hypervisor.

Digital Machines

Digital machines are the identical as remoted VMs, besides they’re accessible to Android processes with the best permissions and privilege.


Microdroid is a trimmed down Android OS package deal that’s created to function a template for beginning a digital machine (VM). It gives builders with a well-known surroundings to construct and run their workloads in a VM. Microdroid makes use of acquainted Android instruments and libraries, comparable to Bionic, Binder IPC and keystore help.

Virtualization Service

VirtualizationService manages all visitor VMs, remoted or in any other case. It does so, primarily by managing situations of crosvm. It additionally exposes an AIDL API, which system providers or privileged apps can use to begin, monitor, and cease VMs.


RpcBinder is an all-new backend developed for the Android Interface Definition Language (AIDL). RpcBinder permits communication to and from digital machines utilizing the present binder wire protocol. This implies:

  1. Builders can write interfaces to digital machines utilizing the language and infrastructure they’re already aware of – AIDL.
  2. Merely proceed utilizing present AIDL interfaces even when the binder endpoint strikes right into a digital machine.

What’s new in Android 14?

Android 14, not solely makes AVF obtainable on extra units, it additionally gives a brand new toolkit to allow constructing extra with AVF and its parts:

    • Android System API for AVF 

Privileged functions can now use VMs for executing their essential workload needing isolation; 

    • Hypervisor DevEx toolkit 

Added tracing functionality, improved debuggability and monitoring capabilities to supply insights and help platform builders in growing inside Remoted VMs; 

    • Hypervisor Vendor Modules 

With vendor module extensions, our companions can customise Google’s hypervisor (pKVM) to fulfill their particular want and differentiate themselves; 

    • System Well being Enhancements 

With Android 14, a microdroid primarily based VM boots 2 instances sooner in comparison with Android 13 whereas utilizing half the reminiscence.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also
Back to top button