Merge "Fastboot: Add new TEXT message to protocol to handle long lines."
diff --git a/fastboot/Android.bp b/fastboot/Android.bp
index 3c110ee..3b786e8 100644
--- a/fastboot/Android.bp
+++ b/fastboot/Android.bp
@@ -294,6 +294,7 @@
"udp.cpp",
"util.cpp",
"vendor_boot_img_utils.cpp",
+ "task.cpp",
],
// Only version the final binaries
diff --git a/fastboot/fastboot.cpp b/fastboot/fastboot.cpp
index a30b10c..1f7ef7e 100644
--- a/fastboot/fastboot.cpp
+++ b/fastboot/fastboot.cpp
@@ -44,8 +44,12 @@
#include <unistd.h>
#include <chrono>
+#include <fstream>
#include <functional>
+#include <iostream>
+#include <memory>
#include <regex>
+#include <sstream>
#include <string>
#include <thread>
#include <utility>
@@ -216,7 +220,7 @@
return std::string(dir) + "/" + img_name;
}
-static std::string find_item(const std::string& item) {
+std::string find_item(const std::string& item) {
for (size_t i = 0; i < images.size(); ++i) {
if (!images[i].nickname.empty() && item == images[i].nickname) {
return find_item_given_name(images[i].img_name);
@@ -550,8 +554,7 @@
usb_open(list_devices_callback);
NetworkDeviceConnected(/* print */ true);
}
-
-static void syntax_error(const char* fmt, ...) {
+void syntax_error(const char* fmt, ...) {
fprintf(stderr, "fastboot: usage: ");
va_list ap;
@@ -1414,9 +1417,8 @@
* partition names. If force_slot is true, it will fail if a slot is specified, and the given
* partition does not support slots.
*/
-static void do_for_partitions(const std::string& part, const std::string& slot,
- const std::function<void(const std::string&)>& func,
- bool force_slot) {
+void do_for_partitions(const std::string& part, const std::string& slot,
+ const std::function<void(const std::string&)>& func, bool force_slot) {
std::string has_slot;
// |part| can be vendor_boot:default. Query has-slot on the first token only.
auto part_tokens = android::base::Split(part, ":");
@@ -1512,7 +1514,7 @@
return partition;
}
-static void do_flash(const char* pname, const char* fname) {
+void do_flash(const char* pname, const char* fname) {
verbose("Do flash %s %s", pname, fname);
struct fastboot_buffer buf;
@@ -1541,12 +1543,12 @@
}
}
-static bool is_userspace_fastboot() {
+bool is_userspace_fastboot() {
std::string value;
return fb->GetVar("is-userspace", &value) == fastboot::SUCCESS && value == "yes";
}
-static void reboot_to_userspace_fastboot() {
+void reboot_to_userspace_fastboot() {
fb->RebootTo("fastboot");
auto* old_transport = fb->set_transport(nullptr);
@@ -2033,7 +2035,7 @@
}
}
-static bool should_flash_in_userspace(const std::string& partition_name) {
+bool should_flash_in_userspace(const std::string& partition_name) {
if (!get_android_product_out()) {
return false;
}
@@ -2422,7 +2424,6 @@
fb->Boot();
} else if (command == FB_CMD_FLASH) {
std::string pname = next_arg(&args);
-
std::string fname;
if (!args.empty()) {
fname = next_arg(&args);
@@ -2430,21 +2431,8 @@
fname = find_item(pname);
}
if (fname.empty()) die("cannot determine image filename for '%s'", pname.c_str());
-
- auto flash = [&](const std::string& partition) {
- if (should_flash_in_userspace(partition) && !is_userspace_fastboot() &&
- !force_flash) {
- die("The partition you are trying to flash is dynamic, and "
- "should be flashed via fastbootd. Please run:\n"
- "\n"
- " fastboot reboot fastboot\n"
- "\n"
- "And try again. If you are intentionally trying to "
- "overwrite a fixed partition, use --force.");
- }
- do_flash(partition.c_str(), fname.c_str());
- };
- do_for_partitions(pname, slot_override, flash, true);
+ FlashTask task(slot_override, force_flash, pname, fname);
+ task.Run();
} else if (command == "flash:raw") {
std::string partition = next_arg(&args);
std::string kernel = next_arg(&args);
diff --git a/fastboot/fastboot.h b/fastboot/fastboot.h
index d7ad5df..b5fb8c0 100644
--- a/fastboot/fastboot.h
+++ b/fastboot/fastboot.h
@@ -27,6 +27,8 @@
*/
#pragma once
+#include <string>
+
#include <bootimg.h>
class FastBootTool {
@@ -37,3 +39,12 @@
void ParseOsVersion(boot_img_hdr_v1*, const char*);
unsigned ParseFsOption(const char*);
};
+
+bool should_flash_in_userspace(const std::string& partition_name);
+bool is_userspace_fastboot();
+void do_flash(const char* pname, const char* fname);
+void do_for_partitions(const std::string& part, const std::string& slot,
+ const std::function<void(const std::string&)>& func, bool force_slot);
+std::string find_item(const std::string& item);
+void reboot_to_userspace_fastboot();
+void syntax_error(const char* fmt, ...);
diff --git a/fastboot/task.cpp b/fastboot/task.cpp
new file mode 100644
index 0000000..3f33c76
--- /dev/null
+++ b/fastboot/task.cpp
@@ -0,0 +1,46 @@
+//
+// Copyright (C) 2023 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+#include "task.h"
+
+#include "fastboot.h"
+#include "util.h"
+
+FlashTask::FlashTask(const std::string& _slot) : slot_(_slot){};
+FlashTask::FlashTask(const std::string& _slot, bool _force_flash)
+ : slot_(_slot), force_flash_(_force_flash) {}
+FlashTask::FlashTask(const std::string& _slot, bool _force_flash, const std::string& _pname)
+ : pname_(_pname), fname_(find_item(_pname)), slot_(_slot), force_flash_(_force_flash) {
+ if (fname_.empty()) die("cannot determine image filename for '%s'", pname_.c_str());
+}
+FlashTask::FlashTask(const std::string& _slot, bool _force_flash, const std::string& _pname,
+ const std::string& _fname)
+ : pname_(_pname), fname_(_fname), slot_(_slot), force_flash_(_force_flash) {}
+
+void FlashTask::Run() {
+ auto flash = [&](const std::string& partition) {
+ if (should_flash_in_userspace(partition) && !is_userspace_fastboot() && !force_flash_) {
+ die("The partition you are trying to flash is dynamic, and "
+ "should be flashed via fastbootd. Please run:\n"
+ "\n"
+ " fastboot reboot fastboot\n"
+ "\n"
+ "And try again. If you are intentionally trying to "
+ "overwrite a fixed partition, use --force.");
+ }
+ do_flash(partition.c_str(), fname_.c_str());
+ };
+ do_for_partitions(pname_, slot_, flash, true);
+}
diff --git a/fastboot/task.h b/fastboot/task.h
index 8b3fce9..216e658 100644
--- a/fastboot/task.h
+++ b/fastboot/task.h
@@ -26,6 +26,23 @@
public:
Task() = default;
virtual void Run() = 0;
- virtual bool Parse(const std::string& text) = 0;
virtual ~Task() = default;
};
+
+class FlashTask : public Task {
+ public:
+ FlashTask(const std::string& _slot);
+ FlashTask(const std::string& _slot, bool _force_flash);
+ FlashTask(const std::string& _slot, bool _force_flash, const std::string& _pname);
+ FlashTask(const std::string& _slot, bool _force_flash, const std::string& _pname,
+ const std::string& _fname);
+
+ void Run() override;
+ ~FlashTask() {}
+
+ private:
+ const std::string pname_;
+ const std::string fname_;
+ const std::string slot_;
+ bool force_flash_ = false;
+};
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 86c6eaa..2929da4 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -993,6 +993,7 @@
# Create directories for statsd
mkdir /data/misc/stats-active-metric/ 0770 statsd system
mkdir /data/misc/stats-data/ 0770 statsd system
+ mkdir /data/misc/stats-data/restricted-data 0770 statsd system
mkdir /data/misc/stats-metadata/ 0770 statsd system
mkdir /data/misc/stats-service/ 0770 statsd system
mkdir /data/misc/train-info/ 0770 statsd system
diff --git a/storaged/storaged_diskstats.cpp b/storaged/storaged_diskstats.cpp
index 1eae5a1..c315409 100644
--- a/storaged/storaged_diskstats.cpp
+++ b/storaged/storaged_diskstats.cpp
@@ -312,7 +312,7 @@
{
struct disk_perf perf = get_disk_perf(&mAccumulate_pub);
log_debug_disk_perf(&perf, "regular");
- log_event_disk_stats(&mAccumulate, "regular");
+ log_event_disk_stats(&mAccumulate_pub, "regular");
// Reset global structures
memset(&mAccumulate_pub, 0, sizeof(struct disk_stats));
}
diff --git a/trusty/gatekeeper/Android.bp b/trusty/gatekeeper/Android.bp
index 81f012f..0b43754 100644
--- a/trusty/gatekeeper/Android.bp
+++ b/trusty/gatekeeper/Android.bp
@@ -24,11 +24,10 @@
}
cc_binary {
- name: "android.hardware.gatekeeper@1.0-service.trusty",
- defaults: ["hidl_defaults"],
+ name: "android.hardware.gatekeeper-service.trusty",
vendor: true,
relative_install_path: "hw",
- init_rc: ["android.hardware.gatekeeper@1.0-service.trusty.rc"],
+ init_rc: ["android.hardware.gatekeeper-service.trusty.rc"],
srcs: [
"service.cpp",
@@ -42,16 +41,21 @@
"-Werror",
],
+ static_libs: [
+ "libgflags",
+ ],
+
shared_libs: [
- "android.hardware.gatekeeper@1.0",
+ "android.hardware.gatekeeper-V1-ndk",
"libbase",
- "libhidlbase",
+ "libbinder_ndk",
"libgatekeeper",
+ "libhardware",
"libutils",
"liblog",
"libcutils",
"libtrusty",
],
- vintf_fragments: ["android.hardware.gatekeeper@1.0-service.trusty.xml"],
+ vintf_fragments: ["android.hardware.gatekeeper-service.trusty.xml"],
}
diff --git a/trusty/gatekeeper/android.hardware.gatekeeper-service.trusty.rc b/trusty/gatekeeper/android.hardware.gatekeeper-service.trusty.rc
new file mode 100644
index 0000000..66ecbd1
--- /dev/null
+++ b/trusty/gatekeeper/android.hardware.gatekeeper-service.trusty.rc
@@ -0,0 +1,4 @@
+service vendor.gatekeeper_default /vendor/bin/hw/android.hardware.gatekeeper-service.trusty
+ class hal
+ user system
+ group system
diff --git a/trusty/gatekeeper/android.hardware.gatekeeper@1.0-service.trusty.xml b/trusty/gatekeeper/android.hardware.gatekeeper-service.trusty.xml
similarity index 60%
rename from trusty/gatekeeper/android.hardware.gatekeeper@1.0-service.trusty.xml
rename to trusty/gatekeeper/android.hardware.gatekeeper-service.trusty.xml
index 19714a8..c35421e 100644
--- a/trusty/gatekeeper/android.hardware.gatekeeper@1.0-service.trusty.xml
+++ b/trusty/gatekeeper/android.hardware.gatekeeper-service.trusty.xml
@@ -1,10 +1,9 @@
<manifest version="1.0" type="device">
- <hal format="hidl">
+ <hal format="aidl">
<name>android.hardware.gatekeeper</name>
- <transport>hwbinder</transport>
- <version>1.0</version>
+ <version>1</version>
<interface>
- <name>IGatekeeper</name>
+ <name>IGatekeeper</name>
<instance>default</instance>
</interface>
</hal>
diff --git a/trusty/gatekeeper/android.hardware.gatekeeper@1.0-service.trusty.rc b/trusty/gatekeeper/android.hardware.gatekeeper@1.0-service.trusty.rc
deleted file mode 100644
index 5413a6c..0000000
--- a/trusty/gatekeeper/android.hardware.gatekeeper@1.0-service.trusty.rc
+++ /dev/null
@@ -1,4 +0,0 @@
-service vendor.gatekeeper-1-0 /vendor/bin/hw/android.hardware.gatekeeper@1.0-service.trusty
- class hal
- user system
- group system
diff --git a/trusty/gatekeeper/service.cpp b/trusty/gatekeeper/service.cpp
index c5ee488..d09804f 100644
--- a/trusty/gatekeeper/service.cpp
+++ b/trusty/gatekeeper/service.cpp
@@ -13,27 +13,28 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-#define LOG_TAG "android.hardware.gatekeeper@1.0-service.trusty"
+#define LOG_TAG "android.hardware.gatekeeper-service.trusty"
#include <android-base/logging.h>
-#include <android/hardware/gatekeeper/1.0/IGatekeeper.h>
-
-#include <hidl/LegacySupport.h>
+#include <android/binder_manager.h>
+#include <android/binder_process.h>
#include "trusty_gatekeeper.h"
-// Generated HIDL files
-using android::hardware::gatekeeper::V1_0::IGatekeeper;
-using gatekeeper::TrustyGateKeeperDevice;
+using aidl::android::hardware::gatekeeper::TrustyGateKeeperDevice;
int main() {
- ::android::hardware::configureRpcThreadpool(1, true /* willJoinThreadpool */);
- android::sp<TrustyGateKeeperDevice> gatekeeper(new TrustyGateKeeperDevice());
- auto status = gatekeeper->registerAsService();
- if (status != android::OK) {
- LOG(FATAL) << "Could not register service for Gatekeeper 1.0 (trusty) (" << status << ")";
- }
+ ABinderProcess_setThreadPoolMaxThreadCount(0);
- android::hardware::joinRpcThreadpool();
+ std::shared_ptr<TrustyGateKeeperDevice> gatekeeper =
+ ndk::SharedRefBase::make<TrustyGateKeeperDevice>();
+
+ const std::string instance = std::string() + TrustyGateKeeperDevice::descriptor + "/default";
+ binder_status_t status =
+ AServiceManager_addService(gatekeeper->asBinder().get(), instance.c_str());
+ CHECK_EQ(status, STATUS_OK);
+
+ ABinderProcess_joinThreadPool();
+
return -1; // Should never get here.
}
diff --git a/trusty/gatekeeper/trusty_gatekeeper.cpp b/trusty/gatekeeper/trusty_gatekeeper.cpp
index ec4f81b..d0647df 100644
--- a/trusty/gatekeeper/trusty_gatekeeper.cpp
+++ b/trusty/gatekeeper/trusty_gatekeeper.cpp
@@ -16,28 +16,26 @@
#define LOG_TAG "TrustyGateKeeper"
-#include <android-base/logging.h>
+#include <endian.h>
#include <limits>
+#include <android-base/logging.h>
+#include <gatekeeper/password_handle.h>
+#include <hardware/hw_auth_token.h>
+
+#include "gatekeeper_ipc.h"
#include "trusty_gatekeeper.h"
#include "trusty_gatekeeper_ipc.h"
-#include "gatekeeper_ipc.h"
-using ::android::hardware::hidl_vec;
-using ::android::hardware::Return;
-using ::android::hardware::gatekeeper::V1_0::GatekeeperStatusCode;
-using ::gatekeeper::EnrollRequest;
-using ::gatekeeper::EnrollResponse;
+namespace aidl::android::hardware::gatekeeper {
+
using ::gatekeeper::ERROR_INVALID;
-using ::gatekeeper::ERROR_MEMORY_ALLOCATION_FAILED;
using ::gatekeeper::ERROR_NONE;
using ::gatekeeper::ERROR_RETRY;
using ::gatekeeper::SizedBuffer;
using ::gatekeeper::VerifyRequest;
using ::gatekeeper::VerifyResponse;
-namespace gatekeeper {
-
constexpr const uint32_t SEND_BUF_SIZE = 8192;
constexpr const uint32_t RECV_BUF_SIZE = 8192;
@@ -54,89 +52,101 @@
trusty_gatekeeper_disconnect();
}
-SizedBuffer hidl_vec2sized_buffer(const hidl_vec<uint8_t>& vec) {
+SizedBuffer vec2sized_buffer(const std::vector<uint8_t>& vec) {
if (vec.size() == 0 || vec.size() > std::numeric_limits<uint32_t>::max()) return {};
auto buffer = new uint8_t[vec.size()];
std::copy(vec.begin(), vec.end(), buffer);
return {buffer, static_cast<uint32_t>(vec.size())};
}
-Return<void> TrustyGateKeeperDevice::enroll(uint32_t uid,
- const hidl_vec<uint8_t>& currentPasswordHandle,
- const hidl_vec<uint8_t>& currentPassword,
- const hidl_vec<uint8_t>& desiredPassword,
- enroll_cb _hidl_cb) {
+void sizedBuffer2AidlHWToken(SizedBuffer& buffer,
+ android::hardware::security::keymint::HardwareAuthToken* aidlToken) {
+ const hw_auth_token_t* authToken =
+ reinterpret_cast<const hw_auth_token_t*>(buffer.Data<uint8_t>());
+ aidlToken->challenge = authToken->challenge;
+ aidlToken->userId = authToken->user_id;
+ aidlToken->authenticatorId = authToken->authenticator_id;
+ // these are in network order: translate to host
+ aidlToken->authenticatorType =
+ static_cast<android::hardware::security::keymint::HardwareAuthenticatorType>(
+ be32toh(authToken->authenticator_type));
+ aidlToken->timestamp.milliSeconds = be64toh(authToken->timestamp);
+ aidlToken->mac.insert(aidlToken->mac.begin(), std::begin(authToken->hmac),
+ std::end(authToken->hmac));
+}
+
+::ndk::ScopedAStatus TrustyGateKeeperDevice::enroll(
+ int32_t uid, const std::vector<uint8_t>& currentPasswordHandle,
+ const std::vector<uint8_t>& currentPassword, const std::vector<uint8_t>& desiredPassword,
+ GatekeeperEnrollResponse* rsp) {
if (error_ != 0) {
- _hidl_cb({GatekeeperStatusCode::ERROR_GENERAL_FAILURE, 0, {}});
- return {};
+ return ndk::ScopedAStatus(AStatus_fromServiceSpecificError(ERROR_GENERAL_FAILURE));
}
if (desiredPassword.size() == 0) {
- _hidl_cb({GatekeeperStatusCode::ERROR_GENERAL_FAILURE, 0, {}});
- return {};
+ return ndk::ScopedAStatus(AStatus_fromServiceSpecificError(ERROR_GENERAL_FAILURE));
}
- EnrollRequest request(uid, hidl_vec2sized_buffer(currentPasswordHandle),
- hidl_vec2sized_buffer(desiredPassword),
- hidl_vec2sized_buffer(currentPassword));
+ EnrollRequest request(uid, vec2sized_buffer(currentPasswordHandle),
+ vec2sized_buffer(desiredPassword), vec2sized_buffer(currentPassword));
EnrollResponse response;
auto error = Send(request, &response);
if (error != ERROR_NONE) {
- _hidl_cb({GatekeeperStatusCode::ERROR_GENERAL_FAILURE, 0, {}});
+ return ndk::ScopedAStatus(AStatus_fromServiceSpecificError(ERROR_GENERAL_FAILURE));
} else if (response.error == ERROR_RETRY) {
- _hidl_cb({GatekeeperStatusCode::ERROR_RETRY_TIMEOUT, response.retry_timeout, {}});
+ *rsp = {ERROR_RETRY_TIMEOUT, static_cast<int32_t>(response.retry_timeout), 0, {}};
+ return ndk::ScopedAStatus::ok();
} else if (response.error != ERROR_NONE) {
- _hidl_cb({GatekeeperStatusCode::ERROR_GENERAL_FAILURE, 0, {}});
+ return ndk::ScopedAStatus(AStatus_fromServiceSpecificError(ERROR_GENERAL_FAILURE));
} else {
- hidl_vec<uint8_t> new_handle(response.enrolled_password_handle.Data<uint8_t>(),
- response.enrolled_password_handle.Data<uint8_t>() +
- response.enrolled_password_handle.size());
- _hidl_cb({GatekeeperStatusCode::STATUS_OK, response.retry_timeout, new_handle});
+ const ::gatekeeper::password_handle_t* password_handle =
+ response.enrolled_password_handle.Data<::gatekeeper::password_handle_t>();
+ *rsp = {STATUS_OK,
+ 0,
+ static_cast<int64_t>(password_handle->user_id),
+ {response.enrolled_password_handle.Data<uint8_t>(),
+ (response.enrolled_password_handle.Data<uint8_t>() +
+ response.enrolled_password_handle.size())}};
}
- return {};
+ return ndk::ScopedAStatus::ok();
}
-Return<void> TrustyGateKeeperDevice::verify(
- uint32_t uid, uint64_t challenge,
- const ::android::hardware::hidl_vec<uint8_t>& enrolledPasswordHandle,
- const ::android::hardware::hidl_vec<uint8_t>& providedPassword, verify_cb _hidl_cb) {
+::ndk::ScopedAStatus TrustyGateKeeperDevice::verify(
+ int32_t uid, int64_t challenge, const std::vector<uint8_t>& enrolledPasswordHandle,
+ const std::vector<uint8_t>& providedPassword, GatekeeperVerifyResponse* rsp) {
if (error_ != 0) {
- _hidl_cb({GatekeeperStatusCode::ERROR_GENERAL_FAILURE, 0, {}});
- return {};
+ return ndk::ScopedAStatus(AStatus_fromServiceSpecificError(ERROR_GENERAL_FAILURE));
}
if (enrolledPasswordHandle.size() == 0) {
- _hidl_cb({GatekeeperStatusCode::ERROR_GENERAL_FAILURE, 0, {}});
- return {};
+ return ndk::ScopedAStatus(AStatus_fromServiceSpecificError(ERROR_GENERAL_FAILURE));
}
- VerifyRequest request(uid, challenge, hidl_vec2sized_buffer(enrolledPasswordHandle),
- hidl_vec2sized_buffer(providedPassword));
+ VerifyRequest request(uid, challenge, vec2sized_buffer(enrolledPasswordHandle),
+ vec2sized_buffer(providedPassword));
VerifyResponse response;
auto error = Send(request, &response);
if (error != ERROR_NONE) {
- _hidl_cb({GatekeeperStatusCode::ERROR_GENERAL_FAILURE, 0, {}});
+ return ndk::ScopedAStatus(AStatus_fromServiceSpecificError(ERROR_GENERAL_FAILURE));
} else if (response.error == ERROR_RETRY) {
- _hidl_cb({GatekeeperStatusCode::ERROR_RETRY_TIMEOUT, response.retry_timeout, {}});
+ *rsp = {ERROR_RETRY_TIMEOUT, static_cast<int32_t>(response.retry_timeout), {}};
+ return ndk::ScopedAStatus::ok();
} else if (response.error != ERROR_NONE) {
- _hidl_cb({GatekeeperStatusCode::ERROR_GENERAL_FAILURE, 0, {}});
+ return ndk::ScopedAStatus(AStatus_fromServiceSpecificError(ERROR_GENERAL_FAILURE));
} else {
- hidl_vec<uint8_t> auth_token(
- response.auth_token.Data<uint8_t>(),
- response.auth_token.Data<uint8_t>() + response.auth_token.size());
-
- _hidl_cb({response.request_reenroll ? GatekeeperStatusCode::STATUS_REENROLL
- : GatekeeperStatusCode::STATUS_OK,
- response.retry_timeout, auth_token});
+ // On Success, return GatekeeperVerifyResponse with Success Status, timeout{0} and
+ // valid HardwareAuthToken.
+ *rsp = {response.request_reenroll ? STATUS_REENROLL : STATUS_OK, 0, {}};
+ // Convert the hw_auth_token_t to HardwareAuthToken in the response.
+ sizedBuffer2AidlHWToken(response.auth_token, &rsp->hardwareAuthToken);
}
- return {};
+ return ndk::ScopedAStatus::ok();
}
-Return<void> TrustyGateKeeperDevice::deleteUser(uint32_t uid, deleteUser_cb _hidl_cb) {
+::ndk::ScopedAStatus TrustyGateKeeperDevice::deleteUser(int32_t uid) {
if (error_ != 0) {
- _hidl_cb({GatekeeperStatusCode::ERROR_GENERAL_FAILURE, 0, {}});
- return {};
+ return ndk::ScopedAStatus(AStatus_fromServiceSpecificError(ERROR_GENERAL_FAILURE));
}
DeleteUserRequest request(uid);
@@ -144,21 +154,19 @@
auto error = Send(request, &response);
if (error != ERROR_NONE) {
- _hidl_cb({GatekeeperStatusCode::ERROR_GENERAL_FAILURE, 0, {}});
+ return ndk::ScopedAStatus(AStatus_fromServiceSpecificError(ERROR_GENERAL_FAILURE));
} else if (response.error == ERROR_NOT_IMPLEMENTED) {
- _hidl_cb({GatekeeperStatusCode::ERROR_NOT_IMPLEMENTED, 0, {}});
+ return ndk::ScopedAStatus(AStatus_fromServiceSpecificError(ERROR_NOT_IMPLEMENTED));
} else if (response.error != ERROR_NONE) {
- _hidl_cb({GatekeeperStatusCode::ERROR_GENERAL_FAILURE, 0, {}});
+ return ndk::ScopedAStatus(AStatus_fromServiceSpecificError(ERROR_GENERAL_FAILURE));
} else {
- _hidl_cb({GatekeeperStatusCode::STATUS_OK, response.retry_timeout, {}});
+ return ndk::ScopedAStatus::ok();
}
- return {};
}
-Return<void> TrustyGateKeeperDevice::deleteAllUsers(deleteAllUsers_cb _hidl_cb) {
+::ndk::ScopedAStatus TrustyGateKeeperDevice::deleteAllUsers() {
if (error_ != 0) {
- _hidl_cb({GatekeeperStatusCode::ERROR_GENERAL_FAILURE, 0, {}});
- return {};
+ return ndk::ScopedAStatus(AStatus_fromServiceSpecificError(ERROR_GENERAL_FAILURE));
}
DeleteAllUsersRequest request;
@@ -166,16 +174,14 @@
auto error = Send(request, &response);
if (error != ERROR_NONE) {
- _hidl_cb({GatekeeperStatusCode::ERROR_GENERAL_FAILURE, 0, {}});
+ return ndk::ScopedAStatus(AStatus_fromServiceSpecificError(ERROR_GENERAL_FAILURE));
} else if (response.error == ERROR_NOT_IMPLEMENTED) {
- _hidl_cb({GatekeeperStatusCode::ERROR_NOT_IMPLEMENTED, 0, {}});
+ return ndk::ScopedAStatus(AStatus_fromServiceSpecificError(ERROR_NOT_IMPLEMENTED));
} else if (response.error != ERROR_NONE) {
- _hidl_cb({GatekeeperStatusCode::ERROR_GENERAL_FAILURE, 0, {}});
+ return ndk::ScopedAStatus(AStatus_fromServiceSpecificError(ERROR_GENERAL_FAILURE));
} else {
- _hidl_cb({GatekeeperStatusCode::STATUS_OK, response.retry_timeout, {}});
+ return ndk::ScopedAStatus::ok();
}
-
- return {};
}
gatekeeper_error_t TrustyGateKeeperDevice::Send(uint32_t command, const GateKeeperMessage& request,
@@ -201,4 +207,4 @@
return response->Deserialize(payload, payload + response_size);
}
-};
+} // namespace aidl::android::hardware::gatekeeper
diff --git a/trusty/gatekeeper/trusty_gatekeeper.h b/trusty/gatekeeper/trusty_gatekeeper.h
index 420dd7a..5cb5d4b 100644
--- a/trusty/gatekeeper/trusty_gatekeeper.h
+++ b/trusty/gatekeeper/trusty_gatekeeper.h
@@ -17,18 +17,30 @@
#ifndef TRUSTY_GATEKEEPER_H
#define TRUSTY_GATEKEEPER_H
-#include <android/hardware/gatekeeper/1.0/IGatekeeper.h>
-#include <hidl/Status.h>
-
#include <memory>
+#include <aidl/android/hardware/gatekeeper/BnGatekeeper.h>
+
#include <gatekeeper/gatekeeper_messages.h>
#include "gatekeeper_ipc.h"
-namespace gatekeeper {
+namespace aidl::android::hardware::gatekeeper {
-class TrustyGateKeeperDevice : public ::android::hardware::gatekeeper::V1_0::IGatekeeper {
+using aidl::android::hardware::gatekeeper::GatekeeperEnrollResponse;
+using aidl::android::hardware::gatekeeper::GatekeeperVerifyResponse;
+using ::gatekeeper::DeleteAllUsersRequest;
+using ::gatekeeper::DeleteAllUsersResponse;
+using ::gatekeeper::DeleteUserRequest;
+using ::gatekeeper::DeleteUserResponse;
+using ::gatekeeper::EnrollRequest;
+using ::gatekeeper::EnrollResponse;
+using ::gatekeeper::gatekeeper_error_t;
+using ::gatekeeper::GateKeeperMessage;
+using ::gatekeeper::VerifyRequest;
+using ::gatekeeper::VerifyResponse;
+
+class TrustyGateKeeperDevice : public BnGatekeeper {
public:
explicit TrustyGateKeeperDevice();
~TrustyGateKeeperDevice();
@@ -40,11 +52,10 @@
* Returns: 0 on success or an error code less than 0 on error.
* On error, enrolled_password_handle will not be allocated.
*/
- ::android::hardware::Return<void> enroll(
- uint32_t uid, const ::android::hardware::hidl_vec<uint8_t>& currentPasswordHandle,
- const ::android::hardware::hidl_vec<uint8_t>& currentPassword,
- const ::android::hardware::hidl_vec<uint8_t>& desiredPassword,
- enroll_cb _hidl_cb) override;
+ ::ndk::ScopedAStatus enroll(int32_t uid, const std::vector<uint8_t>& currentPasswordHandle,
+ const std::vector<uint8_t>& currentPassword,
+ const std::vector<uint8_t>& desiredPassword,
+ GatekeeperEnrollResponse* _aidl_return) override;
/**
* Verifies provided_password matches enrolled_password_handle.
@@ -59,25 +70,24 @@
* Returns: 0 on success or an error code less than 0 on error
* On error, verification token will not be allocated
*/
- ::android::hardware::Return<void> verify(
- uint32_t uid, uint64_t challenge,
- const ::android::hardware::hidl_vec<uint8_t>& enrolledPasswordHandle,
- const ::android::hardware::hidl_vec<uint8_t>& providedPassword,
- verify_cb _hidl_cb) override;
+ ::ndk::ScopedAStatus verify(int32_t uid, int64_t challenge,
+ const std::vector<uint8_t>& enrolledPasswordHandle,
+ const std::vector<uint8_t>& providedPassword,
+ GatekeeperVerifyResponse* _aidl_return) override;
- ::android::hardware::Return<void> deleteUser(uint32_t uid, deleteUser_cb _hidl_cb) override;
+ ::ndk::ScopedAStatus deleteAllUsers() override;
- ::android::hardware::Return<void> deleteAllUsers(deleteAllUsers_cb _hidl_cb) override;
+ ::ndk::ScopedAStatus deleteUser(int32_t uid) override;
private:
gatekeeper_error_t Send(uint32_t command, const GateKeeperMessage& request,
GateKeeperMessage* response);
- gatekeeper_error_t Send(const EnrollRequest& request, EnrollResponse *response) {
+ gatekeeper_error_t Send(const EnrollRequest& request, EnrollResponse* response) {
return Send(GK_ENROLL, request, response);
}
- gatekeeper_error_t Send(const VerifyRequest& request, VerifyResponse *response) {
+ gatekeeper_error_t Send(const VerifyRequest& request, VerifyResponse* response) {
return Send(GK_VERIFY, request, response);
}
@@ -93,7 +103,6 @@
int error_;
};
-} // namespace gatekeeper
+} // namespace aidl::android::hardware::gatekeeper
#endif
-
diff --git a/trusty/trusty-base.mk b/trusty/trusty-base.mk
index 7b4aa26..5a3a320 100644
--- a/trusty/trusty-base.mk
+++ b/trusty/trusty-base.mk
@@ -37,7 +37,7 @@
PRODUCT_PACKAGES += \
$(LOCAL_KEYMINT_PRODUCT_PACKAGE) \
- android.hardware.gatekeeper@1.0-service.trusty \
+ android.hardware.gatekeeper-service.trusty \
trusty_apploader \
RemoteProvisioner