gs-common: move bootctrl hal aidl implementation to gs-common
copy from device/google/zuma/interfaces/boot
$ git log --oneline -1 interfaces/boot/
193e5e8 zuma:interfaces:boot: add aidl interface support
Bug: 265063384
Change-Id: I9b8318eee17e51f40577d7f4c6514703483b8eaa
Signed-off-by: Jason Chiu <jasoncschiu@google.com>
diff --git a/bootctrl/aidl/Android.bp b/bootctrl/aidl/Android.bp
new file mode 100644
index 0000000..f5ba503
--- /dev/null
+++ b/bootctrl/aidl/Android.bp
@@ -0,0 +1,71 @@
+//
+// Copyright (C) 2023 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+soong_namespace {
+ imports: [
+ "hardware/google/pixel",
+ ],
+}
+
+package {
+ // See: http://go/android-license-faq
+ // A large-scale-change added 'default_applicable_licenses' to import
+ // all of the 'license_kinds' from "//device/google/gs-common:device_google_gs-common_license"
+ // to get the below license kinds:
+ // SPDX-license-identifier-Apache-2.0
+ default_applicable_licenses: [
+ "//device/google/gs-common:device_google_gs-common_license",
+ ],
+}
+
+cc_defaults {
+ name: "android.hardware.boot-service_common-pixel",
+ relative_install_path: "hw",
+ defaults: ["libboot_control_defaults"],
+ shared_libs: [
+ "libbase",
+ "libbinder_ndk",
+ "libcutils",
+ "libz",
+ "libtrusty",
+ "android.hardware.boot@1.1",
+ "android.hardware.boot-V1-ndk",
+ ],
+ static_libs: [
+ "libboot_control",
+ "libbootloader_message_vendor",
+ ],
+ srcs: [
+ "BootControl.cpp",
+ "GptUtils.cpp",
+ "service.cpp"
+ ],
+}
+
+cc_binary {
+ name: "android.hardware.boot-service.default-pixel",
+ defaults: ["android.hardware.boot-service_common-pixel"],
+ init_rc: ["android.hardware.boot-service.default-pixel.rc"],
+ vendor: true,
+}
+
+cc_binary {
+ name: "android.hardware.boot-service.default_recovery-pixel",
+ defaults: ["android.hardware.boot-service_common-pixel"],
+ vintf_fragments: ["android.hardware.boot-service.default_recovery-pixel.xml"],
+ init_rc: ["android.hardware.boot-service.default_recovery-pixel.rc"],
+ recovery: true,
+}
diff --git a/bootctrl/aidl/BootControl.cpp b/bootctrl/aidl/BootControl.cpp
new file mode 100644
index 0000000..941b0d2
--- /dev/null
+++ b/bootctrl/aidl/BootControl.cpp
@@ -0,0 +1,538 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "bootcontrolhal"
+
+#include "BootControl.h"
+
+#include <android-base/file.h>
+#include <android-base/logging.h>
+#include <android-base/unique_fd.h>
+#include <bootloader_message/bootloader_message.h>
+#include <cutils/properties.h>
+#include <libboot_control/libboot_control.h>
+#include <log/log.h>
+#include <trusty/tipc.h>
+
+#include "DevInfo.h"
+#include "GptUtils.h"
+
+using HIDLMergeStatus = ::android::bootable::BootControl::MergeStatus;
+using ndk::ScopedAStatus;
+
+using android::bootable::GetMiscVirtualAbMergeStatus;
+using android::bootable::InitMiscVirtualAbMessageIfNeeded;
+using android::bootable::SetMiscVirtualAbMergeStatus;
+
+namespace aidl::android::hardware::boot {
+
+namespace {
+
+// clang-format off
+
+#define BOOT_A_PATH "/dev/block/by-name/boot_a"
+#define BOOT_B_PATH "/dev/block/by-name/boot_b"
+#define DEVINFO_PATH "/dev/block/by-name/devinfo"
+
+// slot flags
+#define AB_ATTR_PRIORITY_SHIFT 52
+#define AB_ATTR_PRIORITY_MASK (3UL << AB_ATTR_PRIORITY_SHIFT)
+#define AB_ATTR_ACTIVE_SHIFT 54
+#define AB_ATTR_ACTIVE (1UL << AB_ATTR_ACTIVE_SHIFT)
+#define AB_ATTR_RETRY_COUNT_SHIFT (55)
+#define AB_ATTR_RETRY_COUNT_MASK (7UL << AB_ATTR_RETRY_COUNT_SHIFT)
+#define AB_ATTR_SUCCESSFUL (1UL << 58)
+#define AB_ATTR_UNBOOTABLE (1UL << 59)
+
+#define AB_ATTR_MAX_PRIORITY 3UL
+#define AB_ATTR_MAX_RETRY_COUNT 3UL
+
+// clang-format on
+
+static std::string getDevPath(int32_t in_slot) {
+ char real_path[PATH_MAX];
+
+ const char *path = in_slot == 0 ? BOOT_A_PATH : BOOT_B_PATH;
+
+ int ret = readlink(path, real_path, sizeof real_path);
+ if (ret < 0) {
+ ALOGE("readlink failed for boot device %s\n", strerror(errno));
+ return std::string();
+ }
+
+ std::string dp(real_path);
+ // extract /dev/sda.. part
+ return dp.substr(0, sizeof "/dev/block/sdX" - 1);
+}
+
+static bool isSlotFlagSet(int32_t in_slot, uint64_t flag) {
+ std::string dev_path = getDevPath(in_slot);
+ if (dev_path.empty()) {
+ ALOGI("Could not get device path for slot %d\n", in_slot);
+ return false;
+ }
+
+ GptUtils gpt(dev_path);
+ if (gpt.Load()) {
+ ALOGI("failed to load gpt data\n");
+ return false;
+ }
+
+ gpt_entry *e = gpt.GetPartitionEntry(in_slot ? "boot_b" : "boot_a");
+ if (e == nullptr) {
+ ALOGI("failed to get gpt entry\n");
+ return false;
+ }
+
+ return !!(e->attr & flag);
+}
+
+static bool setSlotFlag(int32_t in_slot, uint64_t flag) {
+ std::string dev_path = getDevPath(in_slot);
+ if (dev_path.empty()) {
+ ALOGI("Could not get device path for slot %d\n", in_slot);
+ return false;
+ }
+
+ GptUtils gpt(dev_path);
+ if (gpt.Load()) {
+ ALOGI("failed to load gpt data\n");
+ return false;
+ }
+
+ gpt_entry *e = gpt.GetPartitionEntry(in_slot ? "boot_b" : "boot_a");
+ if (e == nullptr) {
+ ALOGI("failed to get gpt entry\n");
+ return false;
+ }
+
+ e->attr |= flag;
+ gpt.Sync();
+
+ return true;
+}
+
+static bool is_devinfo_valid;
+static bool is_devinfo_initialized;
+static std::mutex devinfo_lock;
+static devinfo_t devinfo;
+
+static bool isDevInfoValid() {
+ const std::lock_guard<std::mutex> lock(devinfo_lock);
+
+ if (is_devinfo_initialized) {
+ return is_devinfo_valid;
+ }
+
+ is_devinfo_initialized = true;
+
+ ::android::base::unique_fd fd(open(DEVINFO_PATH, O_RDONLY));
+ ::android::base::ReadFully(fd, &devinfo, sizeof devinfo);
+
+ if (devinfo.magic != DEVINFO_MAGIC) {
+ return is_devinfo_valid;
+ }
+
+ uint32_t version = ((uint32_t)devinfo.ver_major << 16) | devinfo.ver_minor;
+ // only version 3.3+ supports A/B data
+ if (version >= 0x0003'0003) {
+ is_devinfo_valid = true;
+ }
+
+ return is_devinfo_valid;
+}
+
+static bool DevInfoSync() {
+ if (!isDevInfoValid()) {
+ return false;
+ }
+
+ ::android::base::unique_fd fd(open(DEVINFO_PATH, O_WRONLY | O_DSYNC));
+ return ::android::base::WriteFully(fd, &devinfo, sizeof devinfo);
+}
+
+static void DevInfoInitSlot(devinfo_ab_slot_data_t &slot_data) {
+ slot_data.retry_count = AB_ATTR_MAX_RETRY_COUNT;
+ slot_data.unbootable = 0;
+ slot_data.successful = 0;
+ slot_data.active = 1;
+ slot_data.fastboot_ok = 0;
+}
+
+static int blow_otp_AR(bool secure) {
+ static const char *dev_name = "/dev/trusty-ipc-dev0";
+ static const char *otp_name = "com.android.trusty.otp_manager.tidl";
+ int fd = 1, ret = 0;
+ uint32_t cmd = secure? OTP_CMD_write_antirbk_secure_ap : OTP_CMD_write_antirbk_non_secure_ap;
+ fd = tipc_connect(dev_name, otp_name);
+ if (fd < 0) {
+ ALOGI("Failed to connect to OTP_MGR ns TA - is it missing?\n");
+ ret = -1;
+ return ret;
+ }
+
+ struct otp_mgr_req_base req = {
+ .command = cmd,
+ .resp_payload_size = 0,
+ };
+ struct iovec iov[] = {
+ {
+ .iov_base = &req,
+ .iov_len = sizeof(req),
+ },
+ };
+
+ size_t rc = tipc_send(fd, iov, 1, NULL, 0);
+ if (rc != sizeof(req)) {
+ ALOGI("Send fail! %zx\n", rc);
+ return rc;
+ }
+
+ struct otp_mgr_rsp_base resp;
+ rc = read(fd, &resp, sizeof(resp));
+ if (rc < 0) {
+ ALOGI("Read fail! %zx\n", rc);
+ return rc;
+ }
+
+ if (rc < sizeof(resp)) {
+ ALOGI("Not enough data! %zx\n", rc);
+ return -EIO;
+ }
+
+ if (resp.command != (cmd | OTP_RESP_BIT)) {
+ ALOGI("Wrong command! %x\n", resp.command);
+ return -EINVAL;
+ }
+
+ if (resp.result != 0) {
+ fprintf(stderr, "AR writing error! %x\n", resp.result);
+ return -EINVAL;
+ }
+
+ tipc_close(fd);
+ return 0;
+}
+
+static bool blowAR() {
+ int ret = blow_otp_AR(true);
+ if (ret) {
+ ALOGI("Blow secure anti-rollback OTP failed");
+ return false;
+ }
+
+ ret = blow_otp_AR(false);
+ if (ret) {
+ ALOGI("Blow non-secure anti-rollback OTP failed");
+ return false;
+ }
+
+ return true;
+}
+
+static constexpr MergeStatus ToAIDLMergeStatus(HIDLMergeStatus status) {
+ switch (status) {
+ case HIDLMergeStatus::NONE:
+ return MergeStatus::NONE;
+ case HIDLMergeStatus::UNKNOWN:
+ return MergeStatus::UNKNOWN;
+ case HIDLMergeStatus::SNAPSHOTTED:
+ return MergeStatus::SNAPSHOTTED;
+ case HIDLMergeStatus::MERGING:
+ return MergeStatus::MERGING;
+ case HIDLMergeStatus::CANCELLED:
+ return MergeStatus::CANCELLED;
+ }
+}
+
+static constexpr HIDLMergeStatus ToHIDLMergeStatus(MergeStatus status) {
+ switch (status) {
+ case MergeStatus::NONE:
+ return HIDLMergeStatus::NONE;
+ case MergeStatus::UNKNOWN:
+ return HIDLMergeStatus::UNKNOWN;
+ case MergeStatus::SNAPSHOTTED:
+ return HIDLMergeStatus::SNAPSHOTTED;
+ case MergeStatus::MERGING:
+ return HIDLMergeStatus::MERGING;
+ case MergeStatus::CANCELLED:
+ return HIDLMergeStatus::CANCELLED;
+ }
+}
+
+} // namespace
+
+BootControl::BootControl() {
+ CHECK(InitMiscVirtualAbMessageIfNeeded());
+}
+
+ScopedAStatus BootControl::getActiveBootSlot(int32_t* _aidl_return) {
+ int32_t slots = 0;
+ getNumberSlots(&slots);
+ if (slots == 0) {
+ *_aidl_return = 0;
+ return ScopedAStatus::ok();
+ }
+
+ if (isDevInfoValid()) {
+ *_aidl_return = devinfo.ab_data.slots[1].active ? 1 : 0;
+ return ScopedAStatus::ok();
+ }
+ *_aidl_return = isSlotFlagSet(1, AB_ATTR_ACTIVE) ? 1 : 0;
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus BootControl::getCurrentSlot(int32_t* _aidl_return) {
+ char suffix[PROPERTY_VALUE_MAX];
+ property_get("ro.boot.slot_suffix", suffix, "_a");
+ *_aidl_return = std::string(suffix) == "_b" ? 1 : 0;
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus BootControl::getNumberSlots(int32_t* _aidl_return) {
+ int32_t slots = 0;
+
+ if (access(BOOT_A_PATH, F_OK) == 0)
+ slots++;
+
+ if (access(BOOT_B_PATH, F_OK) == 0)
+ slots++;
+
+ *_aidl_return = slots;
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus BootControl::getSnapshotMergeStatus(MergeStatus* _aidl_return) {
+ HIDLMergeStatus status;
+ int32_t current_slot = 0;
+ getCurrentSlot(¤t_slot);
+ if (!GetMiscVirtualAbMergeStatus(current_slot, &status)) {
+ *_aidl_return = MergeStatus::UNKNOWN;
+ return ScopedAStatus::ok();
+ }
+ *_aidl_return = ToAIDLMergeStatus(status);
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus BootControl::getSuffix(int32_t in_slot, std::string* _aidl_return) {
+ *_aidl_return = in_slot == 0 ? "_a" : in_slot == 1 ? "_b" : "";
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus BootControl::isSlotBootable(int32_t in_slot, bool* _aidl_return) {
+ int32_t slots = 0;
+ getNumberSlots(&slots);
+ if (slots == 0) {
+ *_aidl_return = false;
+ return ScopedAStatus::ok();
+ }
+ if (in_slot >= slots)
+ return ScopedAStatus::fromServiceSpecificErrorWithMessage(
+ INVALID_SLOT, (std::string("Invalid slot ") + std::to_string(in_slot)).c_str());
+
+ bool unbootable;
+ if (isDevInfoValid()) {
+ auto &slot_data = devinfo.ab_data.slots[in_slot];
+ unbootable = !!slot_data.unbootable;
+ } else {
+ unbootable = isSlotFlagSet(in_slot, AB_ATTR_UNBOOTABLE);
+ }
+
+ *_aidl_return = unbootable ? false: true;
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus BootControl::isSlotMarkedSuccessful(int32_t in_slot, bool* _aidl_return) {
+ int32_t slots = 0;
+ getNumberSlots(&slots);
+ if (slots == 0) {
+ // just return true so that we don't we another call trying to mark it as successful
+ // when there is no slots
+ *_aidl_return = true;
+ return ScopedAStatus::ok();
+ }
+ if (in_slot >= slots)
+ return ScopedAStatus::fromServiceSpecificErrorWithMessage(
+ INVALID_SLOT, (std::string("Invalid slot ") + std::to_string(in_slot)).c_str());
+
+ bool successful;
+ if (isDevInfoValid()) {
+ auto &slot_data = devinfo.ab_data.slots[in_slot];
+ successful = !!slot_data.successful;
+ } else {
+ successful = isSlotFlagSet(in_slot, AB_ATTR_SUCCESSFUL);
+ }
+
+ *_aidl_return = successful ? true : false;
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus BootControl::markBootSuccessful() {
+ int32_t slots = 0;
+ getNumberSlots(&slots);
+ if (slots == 0) {
+ // no slots, just return true otherwise Android keeps trying
+ return ScopedAStatus::ok();
+ }
+
+ bool ret;
+ int32_t current_slot = 0;
+ getCurrentSlot(¤t_slot);
+ if (isDevInfoValid()) {
+ auto const slot = current_slot;
+ devinfo.ab_data.slots[slot].successful = 1;
+ ret = DevInfoSync();
+ } else {
+ ret = setSlotFlag(current_slot, AB_ATTR_SUCCESSFUL);
+ }
+
+ if (!ret) {
+ return ScopedAStatus::fromServiceSpecificErrorWithMessage(COMMAND_FAILED,
+ "Failed to set successful flag");
+ }
+
+ if (!blowAR()) {
+ ALOGE("Failed to blow anti-rollback counter");
+ // Ignore the error, since ABL will re-trigger it on reboot
+ }
+
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus BootControl::setActiveBootSlot(int32_t in_slot) {
+ if (in_slot >= 2) {
+ return ScopedAStatus::fromServiceSpecificErrorWithMessage(
+ INVALID_SLOT, (std::string("Invalid slot ") + std::to_string(in_slot)).c_str());
+ }
+
+ if (isDevInfoValid()) {
+ auto &active_slot_data = devinfo.ab_data.slots[in_slot];
+ auto &inactive_slot_data = devinfo.ab_data.slots[!in_slot];
+
+ inactive_slot_data.active = 0;
+ DevInfoInitSlot(active_slot_data);
+
+ if (!DevInfoSync()) {
+ return ScopedAStatus::fromServiceSpecificErrorWithMessage(
+ COMMAND_FAILED, "Could not update DevInfo data");
+ }
+ } else {
+ std::string dev_path = getDevPath(in_slot);
+ if (dev_path.empty()) {
+ return ScopedAStatus::fromServiceSpecificErrorWithMessage(
+ COMMAND_FAILED, "Could not get device path for slot");
+ }
+
+ GptUtils gpt(dev_path);
+ if (gpt.Load()) {
+ return ScopedAStatus::fromServiceSpecificErrorWithMessage(COMMAND_FAILED,
+ "failed to load gpt data");
+ }
+
+ gpt_entry *active_entry = gpt.GetPartitionEntry(in_slot == 0 ? "boot_a" : "boot_b");
+ gpt_entry *inactive_entry = gpt.GetPartitionEntry(in_slot == 0 ? "boot_b" : "boot_a");
+ if (active_entry == nullptr || inactive_entry == nullptr) {
+ return ScopedAStatus::fromServiceSpecificErrorWithMessage(
+ COMMAND_FAILED, "failed to get entries for boot partitions");
+ }
+
+ ALOGV("slot active attributes %lx\n", active_entry->attr);
+ ALOGV("slot inactive attributes %lx\n", inactive_entry->attr);
+
+ // update attributes for active and inactive
+ inactive_entry->attr &= ~AB_ATTR_ACTIVE;
+ active_entry->attr = AB_ATTR_ACTIVE | (AB_ATTR_MAX_PRIORITY << AB_ATTR_PRIORITY_SHIFT) |
+ (AB_ATTR_MAX_RETRY_COUNT << AB_ATTR_RETRY_COUNT_SHIFT);
+ }
+
+ char boot_dev[PROPERTY_VALUE_MAX];
+ property_get("ro.boot.bootdevice", boot_dev, "");
+ if (boot_dev[0] == '\0') {
+ return ScopedAStatus::fromServiceSpecificErrorWithMessage(
+ COMMAND_FAILED, "invalid ro.boot.bootdevice prop");
+ }
+
+ std::string boot_lun_path =
+ std::string("/sys/devices/platform/") + boot_dev + "/pixel/boot_lun_enabled";
+ int fd = open(boot_lun_path.c_str(), O_RDWR | O_DSYNC);
+ if (fd < 0) {
+ // Try old path for kernels < 5.4
+ // TODO: remove once kernel 4.19 support is deprecated
+ std::string boot_lun_path =
+ std::string("/sys/devices/platform/") + boot_dev + "/attributes/boot_lun_enabled";
+ fd = open(boot_lun_path.c_str(), O_RDWR | O_DSYNC);
+ if (fd < 0) {
+ return ScopedAStatus::fromServiceSpecificErrorWithMessage(
+ COMMAND_FAILED, "failed to open ufs attr boot_lun_enabled");
+ }
+ }
+
+ //
+ // bBootLunEn
+ // 0x1 => Boot LU A = enabled, Boot LU B = disable
+ // 0x2 => Boot LU A = disable, Boot LU B = enabled
+ //
+ int ret = ::android::base::WriteStringToFd(in_slot == 0 ? "1" : "2", fd);
+ close(fd);
+ if (ret < 0) {
+ return ScopedAStatus::fromServiceSpecificErrorWithMessage(
+ COMMAND_FAILED, "faied to write boot_lun_enabled attribute");
+ }
+
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus BootControl::setSlotAsUnbootable(int32_t in_slot) {
+ if (in_slot >= 2)
+ return ScopedAStatus::fromServiceSpecificErrorWithMessage(
+ INVALID_SLOT, (std::string("Invalid slot ") + std::to_string(in_slot)).c_str());
+
+ if (isDevInfoValid()) {
+ auto &slot_data = devinfo.ab_data.slots[in_slot];
+ slot_data.unbootable = 1;
+ if (!DevInfoSync()) {
+ return ScopedAStatus::fromServiceSpecificErrorWithMessage(
+ COMMAND_FAILED, "Could not update DevInfo data");
+ }
+ } else {
+ std::string dev_path = getDevPath(in_slot);
+ if (dev_path.empty()) {
+ return ScopedAStatus::fromServiceSpecificErrorWithMessage(
+ COMMAND_FAILED, "Could not get device path for slot");
+ }
+
+ GptUtils gpt(dev_path);
+ gpt.Load();
+
+ gpt_entry *e = gpt.GetPartitionEntry(in_slot ? "boot_b" : "boot_a");
+ e->attr |= AB_ATTR_UNBOOTABLE;
+
+ gpt.Sync();
+ }
+
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus BootControl::setSnapshotMergeStatus(MergeStatus in_status) {
+ int32_t current_slot = 0;
+ getCurrentSlot(¤t_slot);
+ if (!SetMiscVirtualAbMergeStatus(current_slot, ToHIDLMergeStatus(in_status)))
+ return ScopedAStatus::fromServiceSpecificErrorWithMessage(COMMAND_FAILED,
+ "Operation failed");
+ return ScopedAStatus::ok();
+}
+
+} // namespace aidl::android::hardware::boot
diff --git a/bootctrl/aidl/BootControl.h b/bootctrl/aidl/BootControl.h
new file mode 100644
index 0000000..a54f66d
--- /dev/null
+++ b/bootctrl/aidl/BootControl.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <aidl/android/hardware/boot/BnBootControl.h>
+#include <libboot_control/libboot_control.h>
+
+namespace aidl::android::hardware::boot {
+
+class BootControl final : public BnBootControl {
+ public:
+ BootControl();
+ ::ndk::ScopedAStatus getActiveBootSlot(int32_t* _aidl_return) override;
+ ::ndk::ScopedAStatus getCurrentSlot(int32_t* _aidl_return) override;
+ ::ndk::ScopedAStatus getNumberSlots(int32_t* _aidl_return) override;
+ ::ndk::ScopedAStatus getSnapshotMergeStatus(
+ ::aidl::android::hardware::boot::MergeStatus* _aidl_return) override;
+ ::ndk::ScopedAStatus getSuffix(int32_t in_slot, std::string* _aidl_return) override;
+ ::ndk::ScopedAStatus isSlotBootable(int32_t in_slot, bool* _aidl_return) override;
+ ::ndk::ScopedAStatus isSlotMarkedSuccessful(int32_t in_slot, bool* _aidl_return) override;
+ ::ndk::ScopedAStatus markBootSuccessful() override;
+ ::ndk::ScopedAStatus setActiveBootSlot(int32_t in_slot) override;
+ ::ndk::ScopedAStatus setSlotAsUnbootable(int32_t in_slot) override;
+ ::ndk::ScopedAStatus setSnapshotMergeStatus(
+ ::aidl::android::hardware::boot::MergeStatus in_status) override;
+};
+
+enum otpmgr_command : uint32_t {
+ OTP_REQ_SHIFT = 1,
+ OTP_RESP_BIT = 1,
+ OTP_CMD_write_antirbk_non_secure_ap = (7 << OTP_REQ_SHIFT),
+ OTP_CMD_write_antirbk_secure_ap = (8 << OTP_REQ_SHIFT),
+};
+
+struct otp_mgr_req_base {
+ uint32_t command;
+ uint32_t resp_payload_size;
+ uint8_t handle;
+}__packed;
+
+struct otp_mgr_rsp_base {
+ uint32_t command;
+ uint32_t resp_payload_size;
+ int result;
+}__packed;
+
+} // namespace aidl::android::hardware::boot
\ No newline at end of file
diff --git a/bootctrl/aidl/DevInfo.h b/bootctrl/aidl/DevInfo.h
new file mode 100644
index 0000000..aa5f5d3
--- /dev/null
+++ b/bootctrl/aidl/DevInfo.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+namespace aidl::android::hardware::boot {
+
+//
+// definitions taken from ABL code
+//
+
+constexpr uint32_t DEVINFO_MAGIC = 0x49564544;
+constexpr size_t DEVINFO_AB_SLOT_COUNT = 2;
+
+struct devinfo_ab_slot_data_t {
+ uint8_t retry_count;
+ uint8_t unbootable : 1;
+ uint8_t successful : 1;
+ uint8_t active : 1;
+ uint8_t fastboot_ok : 1;
+ uint8_t : 4;
+ uint8_t unused[2];
+} __attribute__((packed));
+
+typedef struct {
+ devinfo_ab_slot_data_t slots[DEVINFO_AB_SLOT_COUNT];
+} __attribute__((packed)) devinfo_ab_data_t;
+
+struct devinfo_t {
+ uint32_t magic;
+ uint16_t ver_major;
+ uint16_t ver_minor;
+ uint8_t unused[40];
+ devinfo_ab_data_t ab_data;
+ uint8_t unused1[72]; // use remaining up to complete 128 bytes
+} __attribute__((packed));
+
+static_assert(sizeof(devinfo_t) == 128, "invalid devinfo struct size");
+
+} // namespace aidl::android::hardware::boot
\ No newline at end of file
diff --git a/bootctrl/aidl/GptUtils.cpp b/bootctrl/aidl/GptUtils.cpp
new file mode 100644
index 0000000..34dec11
--- /dev/null
+++ b/bootctrl/aidl/GptUtils.cpp
@@ -0,0 +1,185 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "bootcontrolhal"
+
+#include "GptUtils.h"
+
+#include <android-base/file.h>
+#include <errno.h>
+#include <linux/fs.h>
+#include <log/log.h>
+#include <zlib.h>
+
+namespace aidl::android::hardware::boot {
+
+namespace {
+
+static int ValidateGptHeader(gpt_header *gpt) {
+ if (gpt->signature != GPT_SIGNATURE) {
+ ALOGE("invalid gpt signature 0x%lx\n", gpt->signature);
+ return -1;
+ }
+
+ if (gpt->header_size != sizeof(gpt_header)) {
+ ALOGE("invalid gpt header size %u\n", gpt->header_size);
+ return -1;
+ }
+
+ if (gpt->entry_size != sizeof(gpt_entry)) {
+ ALOGE("invalid gpt entry size %u\n", gpt->entry_size);
+ return -1;
+ }
+
+ return 0;
+}
+
+} // namespace
+
+GptUtils::GptUtils(const std::string dev_path) : dev_path(dev_path), fd(0) {}
+
+int GptUtils::Load(void) {
+ fd = open(dev_path.c_str(), O_RDWR);
+ if (fd < 0) {
+ ALOGE("failed to open block dev %s, %d\n", dev_path.c_str(), errno);
+ return -1;
+ }
+
+ int ret = ioctl(fd, BLKSSZGET, &block_size);
+ if (ret < 0) {
+ ALOGE("failed to get block size %d\n", errno);
+ return -1;
+ }
+
+ // read primary header
+ lseek64(fd, block_size, SEEK_SET);
+ ret = read(fd, &gpt_primary, sizeof gpt_primary);
+ if (ret < 0) {
+ ALOGE("failed to read gpt primary header %d\n", errno);
+ return -1;
+ }
+
+ if (ValidateGptHeader(&gpt_primary)) {
+ ALOGE("error validating gpt header\n");
+ return -1;
+ }
+
+ // read partition entries
+ entry_array.resize(gpt_primary.entry_count);
+ uint32_t entries_size = gpt_primary.entry_size * gpt_primary.entry_count;
+ lseek64(fd, block_size * gpt_primary.start_lba, SEEK_SET);
+ ret = read(fd, entry_array.data(), entries_size);
+ if (ret < 0) {
+ ALOGE("failed to read gpt partition entries %d\n", errno);
+ return -1;
+ }
+
+ // read gpt back header
+ lseek64(fd, block_size * gpt_primary.backup_lba, SEEK_SET);
+ ret = read(fd, &gpt_backup, sizeof gpt_backup);
+ if (ret < 0) {
+ ALOGE("failed to read gpt backup header %d\n", errno);
+ return -1;
+ }
+
+ if (ValidateGptHeader(&gpt_backup)) {
+ ALOGW("error validating gpt backup\n"); // just warn about it, not fail
+ }
+
+ // Create map <partition name, gpt_entry pointer>
+ auto get_name = [](const uint16_t *efi_name) {
+ char name[37] = {};
+ for (size_t i = 0; efi_name[i] && i < sizeof name - 1; ++i) name[i] = efi_name[i];
+ return std::string(name);
+ };
+
+ for (auto const &e : entry_array) {
+ if (e.name[0] == 0)
+ break; // stop at the first partition with no name
+ std::string s = get_name(e.name);
+ entries[s] = const_cast<gpt_entry *>(&e);
+ }
+
+ return 0;
+}
+
+gpt_entry *GptUtils::GetPartitionEntry(std::string name) {
+ return entries.find(name) != entries.end() ? entries[name] : nullptr;
+}
+
+int GptUtils::Sync(void) {
+ if (!fd)
+ return -1;
+
+ // calculate crc and check if we need to update gpt
+ gpt_primary.entries_crc32 = crc32(0, reinterpret_cast<uint8_t *>(entry_array.data()),
+ entry_array.size() * sizeof(gpt_entry));
+
+ // save old crc
+ uint32_t crc = gpt_primary.crc32;
+ gpt_primary.crc32 = 0;
+
+ gpt_primary.crc32 = crc32(0, reinterpret_cast<uint8_t *>(&gpt_primary), sizeof gpt_primary);
+ if (crc == gpt_primary.crc32)
+ return 0; // nothing to do (no changes)
+
+ ALOGI("updating GPT\n");
+
+ lseek64(fd, block_size * gpt_primary.current_lba, SEEK_SET);
+ int ret = write(fd, &gpt_primary, sizeof gpt_primary);
+ if (ret < 0) {
+ ALOGE("failed to write gpt primary header %d\n", errno);
+ return -1;
+ }
+
+ lseek64(fd, block_size * gpt_primary.start_lba, SEEK_SET);
+ ret = write(fd, entry_array.data(), entry_array.size() * sizeof(gpt_entry));
+ if (ret < 0) {
+ ALOGE("failed to write gpt partition entries %d\n", errno);
+ return -1;
+ }
+
+ // update GPT backup entries and backup
+ lseek64(fd, block_size * gpt_backup.start_lba, SEEK_SET);
+ ret = write(fd, entry_array.data(), entry_array.size() * sizeof(gpt_entry));
+ if (ret < 0) {
+ ALOGE("failed to write gpt backup partition entries %d\n", errno);
+ return -1;
+ }
+
+ gpt_backup.entries_crc32 = gpt_primary.entries_crc32;
+ gpt_backup.crc32 = 0;
+ gpt_backup.crc32 = crc32(0, reinterpret_cast<uint8_t *>(&gpt_backup), sizeof gpt_backup);
+ lseek64(fd, block_size * gpt_primary.backup_lba, SEEK_SET);
+ ret = write(fd, &gpt_backup, sizeof gpt_backup);
+ if (ret < 0) {
+ ALOGE("failed to write gpt backup header %d\n", errno);
+ return -1;
+ }
+
+ fsync(fd);
+
+ return 0;
+}
+
+GptUtils::~GptUtils() {
+ if (fd) {
+ Sync();
+ close(fd);
+ }
+}
+
+} // namespace aidl::android::hardware::boot
\ No newline at end of file
diff --git a/bootctrl/aidl/GptUtils.h b/bootctrl/aidl/GptUtils.h
new file mode 100644
index 0000000..ec68cf6
--- /dev/null
+++ b/bootctrl/aidl/GptUtils.h
@@ -0,0 +1,71 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <map>
+#include <string>
+#include <vector>
+
+namespace aidl::android::hardware::boot {
+
+#define GPT_SIGNATURE 0x5452415020494645UL
+
+typedef struct {
+ uint8_t type_guid[16];
+ uint8_t guid[16];
+ uint64_t first_lba;
+ uint64_t last_lba;
+ uint64_t attr;
+ uint16_t name[36];
+} __attribute__((packed)) gpt_entry;
+
+typedef struct {
+ uint64_t signature;
+ uint32_t revision;
+ uint32_t header_size;
+ uint32_t crc32;
+ uint32_t reserved;
+ uint64_t current_lba;
+ uint64_t backup_lba;
+ uint64_t first_usable_lba;
+ uint64_t last_usable_lba;
+ uint8_t disk_guid[16];
+ uint64_t start_lba;
+ uint32_t entry_count;
+ uint32_t entry_size;
+ uint32_t entries_crc32;
+} __attribute__((packed)) gpt_header;
+
+class GptUtils {
+ public:
+ GptUtils(const std::string dev_path);
+ int Load(void);
+ gpt_entry *GetPartitionEntry(std::string name);
+ int Sync(void);
+ ~GptUtils();
+
+ private:
+ std::string dev_path;
+ int fd;
+ uint32_t block_size;
+ gpt_header gpt_primary;
+ gpt_header gpt_backup;
+ std::vector<gpt_entry> entry_array;
+ std::map<std::string, gpt_entry *> entries;
+};
+
+} // namespace aidl::android::hardware::boot
\ No newline at end of file
diff --git a/bootctrl/aidl/android.hardware.boot-service.default-pixel.rc b/bootctrl/aidl/android.hardware.boot-service.default-pixel.rc
new file mode 100644
index 0000000..a9887b9
--- /dev/null
+++ b/bootctrl/aidl/android.hardware.boot-service.default-pixel.rc
@@ -0,0 +1,5 @@
+service vendor.boot-default /vendor/bin/hw/android.hardware.boot-service.default-pixel
+ class early_hal
+ user root
+ group root drmrpc
+
diff --git a/bootctrl/aidl/android.hardware.boot-service.default_recovery-pixel.rc b/bootctrl/aidl/android.hardware.boot-service.default_recovery-pixel.rc
new file mode 100644
index 0000000..e58617e
--- /dev/null
+++ b/bootctrl/aidl/android.hardware.boot-service.default_recovery-pixel.rc
@@ -0,0 +1,7 @@
+service vendor.boot-default /system/bin/hw/android.hardware.boot-service.default_recovery-pixel
+ class early_hal
+ user root
+ group root
+ seclabel u:r:hal_bootctl_default:s0
+ interface aidl android.hardware.boot.IBootControl/default
+
diff --git a/bootctrl/aidl/android.hardware.boot-service.default_recovery-pixel.xml b/bootctrl/aidl/android.hardware.boot-service.default_recovery-pixel.xml
new file mode 100644
index 0000000..23ccc4e
--- /dev/null
+++ b/bootctrl/aidl/android.hardware.boot-service.default_recovery-pixel.xml
@@ -0,0 +1,6 @@
+<manifest version="1.0" type="device">
+ <hal format="aidl">
+ <name>android.hardware.boot</name>
+ <fqname>IBootControl/default</fqname>
+ </hal>
+</manifest>
diff --git a/bootctrl/aidl/service.cpp b/bootctrl/aidl/service.cpp
new file mode 100644
index 0000000..41b6c25
--- /dev/null
+++ b/bootctrl/aidl/service.cpp
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "aidl.android.hardware.boot-service.default"
+
+#include <android-base/logging.h>
+#include <android/binder_manager.h>
+#include <android/binder_process.h>
+#include <hidl/HidlSupport.h>
+#include <hidl/HidlTransportSupport.h>
+
+#include "BootControl.h"
+
+using aidl::android::hardware::boot::BootControl;
+using aidl::android::hardware::boot::IBootControl;
+using ::android::hardware::configureRpcThreadpool;
+using ::android::hardware::joinRpcThreadpool;
+
+int main(int, char* argv[]) {
+ android::base::InitLogging(argv, android::base::KernelLogger);
+ ABinderProcess_setThreadPoolMaxThreadCount(0);
+ std::shared_ptr<IBootControl> service = ndk::SharedRefBase::make<BootControl>();
+
+ const std::string instance = std::string(BootControl::descriptor) + "/default";
+ auto status = AServiceManager_addService(service->asBinder().get(), instance.c_str());
+ CHECK_EQ(status, STATUS_OK) << "Failed to add service " << instance << " " << status;
+ LOG(INFO) << "IBootControl AIDL service running...";
+
+ ABinderProcess_joinThreadPool();
+ return EXIT_FAILURE; // should not reach
+}