Snap for 11973804 from 4a3d4c1a08ba1d3d248eb09bed3bef6a7d3f9307 to 24Q3-release
Change-Id: I575d9846c12f3fe72dba5993c6a72eed40cc7d78
diff --git a/gnss/aidl/default/GnssMeasurementInterface.cpp b/gnss/aidl/default/GnssMeasurementInterface.cpp
index f324213..db1b8c6 100644
--- a/gnss/aidl/default/GnssMeasurementInterface.cpp
+++ b/gnss/aidl/default/GnssMeasurementInterface.cpp
@@ -146,15 +146,18 @@
mIsActive = false;
mGnss->setGnssMeasurementEnabled(false);
mThreadBlocker.notify();
- for (auto iter = mThreads.begin(); iter != mThreads.end(); ++iter) {
+ for (auto iter = mThreads.begin(); iter != mThreads.end();) {
if (iter->joinable()) {
- mFutures.push_back(std::async(std::launch::async, [this, iter] {
- iter->join();
- mThreads.erase(iter);
- }));
- } else {
- mThreads.erase(iter);
+ // Store the thread object by value
+ std::thread threadToMove = std::move(*iter);
+
+ mFutures.push_back(std::async(std::launch::async,
+ [threadToMove = std::move(threadToMove)]() mutable {
+ ALOGD("joining thread");
+ threadToMove.join();
+ }));
}
+ iter = mThreads.erase(iter);
}
}
diff --git a/gnss/aidl/default/GnssNavigationMessageInterface.cpp b/gnss/aidl/default/GnssNavigationMessageInterface.cpp
index c262dc6..eb1d655 100644
--- a/gnss/aidl/default/GnssNavigationMessageInterface.cpp
+++ b/gnss/aidl/default/GnssNavigationMessageInterface.cpp
@@ -90,15 +90,18 @@
ALOGD("stop");
mIsActive = false;
mThreadBlocker.notify();
- for (auto iter = mThreads.begin(); iter != mThreads.end(); ++iter) {
+ for (auto iter = mThreads.begin(); iter != mThreads.end();) {
if (iter->joinable()) {
- mFutures.push_back(std::async(std::launch::async, [this, iter] {
- iter->join();
- mThreads.erase(iter);
- }));
- } else {
- mThreads.erase(iter);
+ // Store the thread object by value
+ std::thread threadToMove = std::move(*iter);
+
+ mFutures.push_back(std::async(std::launch::async,
+ [threadToMove = std::move(threadToMove)]() mutable {
+ ALOGD("joining thread");
+ threadToMove.join();
+ }));
}
+ iter = mThreads.erase(iter);
}
}
diff --git a/light/OWNERS b/light/OWNERS
index d1da8a7..9f312b0 100644
--- a/light/OWNERS
+++ b/light/OWNERS
@@ -1,5 +1,3 @@
# Bug Component: 185877106
-michaelwr@google.com
-santoscordon@google.com
-philipjunker@google.com
+file:platform/frameworks/base:/services/core/java/com/android/server/display/OWNERS
\ No newline at end of file
diff --git a/security/secretkeeper/aidl/vts/secretkeeper_cli.rs b/security/secretkeeper/aidl/vts/secretkeeper_cli.rs
index 377ed37..9fbfb45 100644
--- a/security/secretkeeper/aidl/vts/secretkeeper_cli.rs
+++ b/security/secretkeeper/aidl/vts/secretkeeper_cli.rs
@@ -25,7 +25,7 @@
use clap::{Args, Parser, Subcommand};
use coset::CborSerializable;
use dice_policy_builder::{
- policy_for_dice_chain, CertIndex, ConstraintSpec, ConstraintType, MissingAction,
+ policy_for_dice_chain, ConstraintSpec, ConstraintType, MissingAction, TargetEntry,
WILDCARD_FULL_ARRAY,
};
@@ -131,33 +131,35 @@
}
/// Construct a sealing policy on the DICE chain with constraints:
- /// 1. `ExactMatch` on `AUTHORITY_HASH` (non-optional).
- /// 2. `ExactMatch` on `MODE` (non-optional).
- /// 3. `GreaterOrEqual` on `SECURITY_VERSION` (optional).
+ /// 1. `ExactMatch` on `AUTHORITY_HASH` (non-optional) on all nodes.
+ /// 2. `ExactMatch` on `MODE` (non-optional) on all nodes.
+ /// 3. `GreaterOrEqual` on `SECURITY_VERSION` (optional) on all nodes.
+ /// 4. The DiceChainEntry corresponding to "AVB" contains SubcomponentDescriptor, for each of those:
+ /// a) GreaterOrEqual on SECURITY_VERSION (Required)
+ // b) ExactMatch on AUTHORITY_HASH (Required).
fn sealing_policy(&self) -> Result<Vec<u8>> {
let dice =
self.dice_artifacts.explicit_key_dice_chain().context("extract explicit DICE chain")?;
- let constraint_spec = [
+ let constraint_spec = vec![
ConstraintSpec::new(
ConstraintType::ExactMatch,
vec![AUTHORITY_HASH],
MissingAction::Fail,
- CertIndex::All,
+ TargetEntry::All,
),
ConstraintSpec::new(
ConstraintType::ExactMatch,
vec![MODE],
MissingAction::Fail,
- CertIndex::All,
+ TargetEntry::All,
),
ConstraintSpec::new(
ConstraintType::GreaterOrEqual,
vec![CONFIG_DESC, SECURITY_VERSION],
MissingAction::Ignore,
- CertIndex::All,
+ TargetEntry::All,
),
- // Constraints on sub components in the second last DiceChainEntry
ConstraintSpec::new(
ConstraintType::GreaterOrEqual,
vec![
@@ -167,7 +169,7 @@
SUBCOMPONENT_SECURITY_VERSION,
],
MissingAction::Fail,
- CertIndex::FromEnd(1),
+ TargetEntry::ByName("AVB".to_string()),
),
ConstraintSpec::new(
ConstraintType::ExactMatch,
@@ -178,10 +180,10 @@
SUBCOMPONENT_AUTHORITY_HASH,
],
MissingAction::Fail,
- CertIndex::FromEnd(1),
+ TargetEntry::ByName("AVB".to_string()),
),
];
- policy_for_dice_chain(dice, &constraint_spec)
+ policy_for_dice_chain(dice, constraint_spec)
.unwrap()
.to_vec()
.context("serialize DICE policy")
diff --git a/security/secretkeeper/aidl/vts/secretkeeper_test_client.rs b/security/secretkeeper/aidl/vts/secretkeeper_test_client.rs
index 595dc7a..449a99a 100644
--- a/security/secretkeeper/aidl/vts/secretkeeper_test_client.rs
+++ b/security/secretkeeper/aidl/vts/secretkeeper_test_client.rs
@@ -20,7 +20,7 @@
use authgraph_boringssl as boring;
use authgraph_core::key;
use coset::{CborOrdering, CborSerializable, CoseEncrypt0, CoseKey};
-use dice_policy_builder::{CertIndex, ConstraintSpec, ConstraintType, MissingAction, WILDCARD_FULL_ARRAY, policy_for_dice_chain};
+use dice_policy_builder::{TargetEntry, ConstraintSpec, ConstraintType, MissingAction, WILDCARD_FULL_ARRAY, policy_for_dice_chain};
use rdroidtest::{ignore_if, rdroidtest};
use secretkeeper_client::dice::OwnedDiceArtifactsWithExplicitKey;
use secretkeeper_client::{SkSession, Error as SkClientError};
@@ -312,30 +312,29 @@
/// 1. ExactMatch on AUTHORITY_HASH (non-optional).
/// 2. ExactMatch on MODE (non-optional).
/// 3. GreaterOrEqual on SECURITY_VERSION (optional).
-/// 4. The second last DiceChainEntry contain SubcomponentDescriptor, for each of those:
+/// 4. The DiceChainEntry corresponding to "AVB" contains SubcomponentDescriptor, for each of those:
/// a) GreaterOrEqual on SECURITY_VERSION (Required)
// b) ExactMatch on AUTHORITY_HASH (Required).
fn sealing_policy(dice: &[u8]) -> Vec<u8> {
- let constraint_spec = [
+ let constraint_spec = vec![
ConstraintSpec::new(
ConstraintType::ExactMatch,
vec![AUTHORITY_HASH],
MissingAction::Fail,
- CertIndex::All,
+ TargetEntry::All,
),
ConstraintSpec::new(
ConstraintType::ExactMatch,
vec![MODE],
MissingAction::Fail,
- CertIndex::All,
+ TargetEntry::All,
),
ConstraintSpec::new(
ConstraintType::GreaterOrEqual,
vec![CONFIG_DESC, SECURITY_VERSION],
MissingAction::Ignore,
- CertIndex::All,
+ TargetEntry::All,
),
- // Constraints on sub components in the second last DiceChainEntry
ConstraintSpec::new(
ConstraintType::GreaterOrEqual,
vec![
@@ -345,7 +344,7 @@
SUBCOMPONENT_SECURITY_VERSION,
],
MissingAction::Fail,
- CertIndex::FromEnd(1),
+ TargetEntry::ByName("AVB".to_string()),
),
ConstraintSpec::new(
ConstraintType::ExactMatch,
@@ -356,11 +355,11 @@
SUBCOMPONENT_AUTHORITY_HASH,
],
MissingAction::Fail,
- CertIndex::FromEnd(1),
+ TargetEntry::ByName("AVB".to_string()),
),
];
- policy_for_dice_chain(dice, &constraint_spec).unwrap().to_vec().unwrap()
+ policy_for_dice_chain(dice, constraint_spec).unwrap().to_vec().unwrap()
}
/// Perform AuthGraph key exchange, returning the session keys and session ID.