service trusty_security_vm_launcher /system_ext/bin/trusty_security_vm_launcher \
--kernel /system_ext/etc/vm/trusty_vm/lk_trusty.elf \
--memory-size-mib 16
    disabled
    user system
    group system virtualmachine
    capabilities IPC_LOCK NET_BIND_SERVICE SYS_RESOURCE SYS_NICE
    stdio_to_kmsg

# Starts the non-secure Trusty VM in /system_ext when the feature is enabled through
# the system property set in vendor init.
on init && property:trusty.security_vm.enabled=1
    setprop trusty.security_vm.nonsecure_vm_ready 1
    setprop trusty.security_vm.vm_cid 200
    start trusty_security_vm_launcher