Merge "Update kernel to builds 12934375" into main
diff --git a/android/TerminalApp/Android.bp b/android/TerminalApp/Android.bp
index 545ba0f..79f0094 100644
--- a/android/TerminalApp/Android.bp
+++ b/android/TerminalApp/Android.bp
@@ -40,6 +40,7 @@
//optimize: true,
proguard_flags_files: ["proguard.flags"],
shrink_resources: true,
+ keep_runtime_invisible_annotations: true,
},
apex_available: [
"com.android.virt",
diff --git a/android/TerminalApp/proguard.flags b/android/TerminalApp/proguard.flags
index 88b8a9c..04a2140 100644
--- a/android/TerminalApp/proguard.flags
+++ b/android/TerminalApp/proguard.flags
@@ -4,7 +4,10 @@
-keepattributes Signature
# For using GSON @Expose annotation
--keepattributes *Annotation*
+-keepattributes RuntimeVisibleAnnotations,
+ RuntimeVisibleParameterAnnotations,
+ RuntimeVisibleTypeAnnotations,
+ AnnotationDefault
# Gson specific classes
-dontwarn sun.misc.**
diff --git a/guest/pvmfw/src/dice.rs b/guest/pvmfw/src/dice.rs
index 78bd6b8..4df10b3 100644
--- a/guest/pvmfw/src/dice.rs
+++ b/guest/pvmfw/src/dice.rs
@@ -156,9 +156,7 @@
fn generate_config_descriptor(&self, instance_hash: Option<Hash>) -> Result<Vec<u8>> {
let mut config = Vec::with_capacity(4);
config.push((cbor!(COMPONENT_NAME_KEY)?, cbor!("vm_entry")?));
- if cfg!(dice_changes) {
- config.push((cbor!(SECURITY_VERSION_KEY)?, cbor!(self.security_version)?));
- }
+ config.push((cbor!(SECURITY_VERSION_KEY)?, cbor!(self.security_version)?));
if self.rkp_vm_marker {
config.push((cbor!(RKP_VM_MARKER_KEY)?, Value::Null))
}
@@ -245,14 +243,7 @@
assert_eq!(config_map.get(&COMPONENT_NAME_KEY).unwrap().as_text().unwrap(), "vm_entry");
assert_eq!(config_map.get(&COMPONENT_VERSION_KEY), None);
assert_eq!(config_map.get(&RESETTABLE_KEY), None);
- if cfg!(dice_changes) {
- assert_eq!(
- config_map.get(&SECURITY_VERSION_KEY).unwrap().as_integer().unwrap(),
- 42.into()
- );
- } else {
- assert_eq!(config_map.get(&SECURITY_VERSION_KEY), None);
- }
+ assert_eq!(config_map.get(&SECURITY_VERSION_KEY).unwrap().as_integer().unwrap(), 42.into());
assert_eq!(config_map.get(&RKP_VM_MARKER_KEY), None);
}
diff --git a/guest/rialto/tests/test.rs b/guest/rialto/tests/test.rs
index c94a0e3..d68c568 100644
--- a/guest/rialto/tests/test.rs
+++ b/guest/rialto/tests/test.rs
@@ -54,13 +54,9 @@
const INSTANCE_IMG_PATH: &str = "/data/local/tmp/rialto_test/arm64/instance.img";
const TEST_CERT_CHAIN_PATH: &str = "testdata/rkp_cert_chain.der";
-#[cfg(dice_changes)]
#[test]
fn process_requests_in_protected_vm() -> Result<()> {
if hypervisor_props::is_protected_vm_supported()? {
- // The test is skipped if the feature flag |dice_changes| is not enabled, because when
- // the flag is off, the DICE chain is truncated in the pvmfw, and the service VM cannot
- // verify the chain due to the missing entries in the chain.
check_processing_requests(VmType::ProtectedVm, None)
} else {
warn!("pVMs are not supported on device, skipping test");