Snap for 12667701 from 51ce4016cab6e480f2e0dead260c0d31513f1741 to 25Q1-release Change-Id: I715f5c4701a4382e36bd850b4860a3f7211be100

commit: 7e306c5146a28af3cddc9cd4a0f55f205810b0d5 [log] [tgz]
author: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> Sat Nov 16 23:09:15 2024 +0000
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> Sat Nov 16 23:09:15 2024 +0000
tree: 815e990c691e0cd207f75924b8ed693de56aa498
parent: 6d96be9dc89a25c85071846ca607c7b2809a1f20 [diff]
parent: 51ce4016cab6e480f2e0dead260c0d31513f1741 [diff]
diff --git a/init/init.cpp b/init/init.cpp
index 17498da..5b0b0dd 100644
--- a/init/init.cpp
+++ b/init/init.cpp

@@ -315,8 +315,7 @@
         if (apex_info_list.has_value()) {
             std::vector<std::string> subcontext_apexes;
             for (const auto& info : apex_info_list->getApexInfo()) {
-                if (info.hasPreinstalledModulePath() &&
-                    subcontext->PathMatchesSubcontext(info.getPreinstalledModulePath())) {
+                if (subcontext->PartitionMatchesSubcontext(info.getPartition())) {
                     subcontext_apexes.push_back(info.getModuleName());
                 }
             }

diff --git a/init/subcontext.cpp b/init/subcontext.cpp
index 6a095fb..3fe448f 100644
--- a/init/subcontext.cpp
+++ b/init/subcontext.cpp

@@ -263,6 +263,10 @@
     return false;
 }
 
+bool Subcontext::PartitionMatchesSubcontext(const std::string& partition) const {
+    return std::find(partitions_.begin(), partitions_.end(), partition) != partitions_.end();
+}
+
 void Subcontext::SetApexList(std::vector<std::string>&& apex_list) {
     apex_list_ = std::move(apex_list);
 }
@@ -352,12 +356,13 @@
     }
 
     if (SelinuxGetVendorAndroidVersion() >= __ANDROID_API_P__) {
-        subcontext.reset(
-                new Subcontext(std::vector<std::string>{"/vendor", "/odm"}, kVendorContext));
+        subcontext.reset(new Subcontext(std::vector<std::string>{"/vendor", "/odm"},
+                                        std::vector<std::string>{"VENDOR", "ODM"}, kVendorContext));
     }
 }
+
 void InitializeHostSubcontext(std::vector<std::string> vendor_prefixes) {
-    subcontext.reset(new Subcontext(vendor_prefixes, kVendorContext, /*host=*/true));
+    subcontext.reset(new Subcontext(vendor_prefixes, {}, kVendorContext, /*host=*/true));
 }
 
 Subcontext* GetSubcontext() {

diff --git a/init/subcontext.h b/init/subcontext.h
index 93ebace..23c4a24 100644
--- a/init/subcontext.h
+++ b/init/subcontext.h

@@ -36,8 +36,10 @@
 
 class Subcontext {
   public:
-    Subcontext(std::vector<std::string> path_prefixes, std::string_view context, bool host = false)
+    Subcontext(std::vector<std::string> path_prefixes, std::vector<std::string> partitions,
+               std::string_view context, bool host = false)
         : path_prefixes_(std::move(path_prefixes)),
+          partitions_(std::move(partitions)),
           context_(context.begin(), context.end()),
           pid_(0) {
         if (!host) {
@@ -49,6 +51,7 @@
     Result<std::vector<std::string>> ExpandArgs(const std::vector<std::string>& args);
     void Restart();
     bool PathMatchesSubcontext(const std::string& path) const;
+    bool PartitionMatchesSubcontext(const std::string& partition) const;
     void SetApexList(std::vector<std::string>&& apex_list);
 
     const std::string& context() const { return context_; }
@@ -59,6 +62,7 @@
     Result<SubcontextReply> TransmitMessage(const SubcontextCommand& subcontext_command);
 
     std::vector<std::string> path_prefixes_;
+    std::vector<std::string> partitions_;
     std::vector<std::string> apex_list_;
     std::string context_;
     pid_t pid_;

diff --git a/init/subcontext_benchmark.cpp b/init/subcontext_benchmark.cpp
index ccef2f3..172ee31 100644
--- a/init/subcontext_benchmark.cpp
+++ b/init/subcontext_benchmark.cpp

@@ -33,7 +33,7 @@
         return;
     }
 
-    auto subcontext = Subcontext({"path"}, context);
+    auto subcontext = Subcontext({"path"}, {"partition"}, context);
     free(context);
 
     while (state.KeepRunning()) {

diff --git a/init/subcontext_test.cpp b/init/subcontext_test.cpp
index da1f455..85a2f2a 100644
--- a/init/subcontext_test.cpp
+++ b/init/subcontext_test.cpp

@@ -41,7 +41,7 @@
 
 template <typename F>
 void RunTest(F&& test_function) {
-    auto subcontext = Subcontext({"dummy_path"}, kTestContext);
+    auto subcontext = Subcontext({"dummy_path"}, {"dummy_partition"}, kTestContext);
     ASSERT_NE(0, subcontext.pid());
 
     test_function(subcontext);
@@ -177,6 +177,19 @@
     });
 }
 
+TEST(subcontext, PartitionMatchesSubcontext) {
+    RunTest([](auto& subcontext) {
+        static auto& existent_partition = "dummy_partition";
+        static auto& non_existent_partition = "not_dummy_partition";
+
+        auto existent_result = subcontext.PartitionMatchesSubcontext(existent_partition);
+        auto non_existent_result = subcontext.PartitionMatchesSubcontext(non_existent_partition);
+
+        ASSERT_TRUE(existent_result);
+        ASSERT_FALSE(non_existent_result);
+    });
+}
+
 BuiltinFunctionMap BuildTestFunctionMap() {
     // For CheckDifferentPid
     auto do_return_pids_as_error = [](const BuiltinArguments& args) -> Result<void> {

diff --git a/trusty/utils/rpmb_dev/Android.bp b/trusty/utils/rpmb_dev/Android.bp
index 13f151d..ef23cc5 100644
--- a/trusty/utils/rpmb_dev/Android.bp
+++ b/trusty/utils/rpmb_dev/Android.bp

@@ -49,3 +49,12 @@
         "rpmb_dev.system.rc",
     ],
 }
+
+cc_binary {
+    name: "rpmb_dev.wv.system",
+    defaults: ["rpmb_dev.cc_defaults"],
+    system_ext_specific: true,
+    init_rc: [
+        "rpmb_dev.wv.system.rc",
+    ],
+}

diff --git a/trusty/utils/rpmb_dev/rpmb_dev.wv.system.rc b/trusty/utils/rpmb_dev/rpmb_dev.wv.system.rc
new file mode 100644
index 0000000..3e7f8b4
--- /dev/null
+++ b/trusty/utils/rpmb_dev/rpmb_dev.wv.system.rc

@@ -0,0 +1,62 @@
+service storageproxyd_wv_system /system_ext/bin/storageproxyd.system \
+        -d ${storageproxyd_wv_system.trusty_ipc_dev:-/dev/trusty-ipc-dev0} \
+        -r /dev/socket/rpmb_mock_wv_system \
+        -p /data/secure_storage_wv_system \
+        -t sock
+    disabled
+    class hal
+    user system
+    group system
+
+service rpmb_mock_init_wv_system /system_ext/bin/rpmb_dev.wv.system \
+        --dev /mnt/secure_storage_rpmb_wv_system/persist/RPMB_DATA --init --size 2048
+    disabled
+    user system
+    group system
+    oneshot
+
+service rpmb_mock_wv_system /system_ext/bin/rpmb_dev.wv.system \
+        --dev /mnt/secure_storage_rpmb_wv_system/persist/RPMB_DATA \
+        --sock rpmb_mock_wv_system
+    disabled
+    user system
+    group system
+    socket rpmb_mock_wv_system stream 660 system system
+
+# storageproxyd
+on boot && \
+    property:trusty.widevine_vm.nonsecure_vm_ready=1 && \
+    property:storageproxyd_wv_system.trusty_ipc_dev=*
+    wait /dev/socket/rpmb_mock_wv_system
+    enable storageproxyd_wv_system
+
+
+# RPMB Mock
+on early-boot && \
+    property:ro.hardware.security.trusty.widevine_vm.system=1 && \
+    property:trusty.widevine_vm.vm_cid=* && \
+    property:ro.boot.vendor.apex.com.android.services.widevine=\
+com.android.services.widevine.cf_guest_trusty_nonsecure
+    # Create a persistent location for the RPMB data
+    # (work around lack of RPMb block device on CF).
+    # file contexts secure_storage_rpmb_system_file
+    # (only used on Cuttlefish as this is non secure)
+    mkdir /metadata/secure_storage_rpmb_wv_system 0770 system system
+    mkdir /mnt/secure_storage_rpmb_wv_system 0770 system system
+    symlink /metadata/secure_storage_rpmb_wv_system \
+            /mnt/secure_storage_rpmb_wv_system/persist
+    # Create a system persist directory in /metadata
+    # (work around lack of dedicated system persist partition).
+    # file contexts secure_storage_persist_system_file
+    mkdir /metadata/secure_storage_persist_wv_system 0770 system system
+    mkdir /mnt/secure_storage_persist_wv_system 0770 system system
+    symlink /metadata/secure_storage_persist_wv_system \
+            /mnt/secure_storage_persist_wv_system/persist
+    # file contexts secure_storage_system_file
+    mkdir /data/secure_storage_wv_system 0770 root system
+    symlink /mnt/secure_storage_persist_wv_system/persist \
+            /data/secure_storage_wv_system/persist
+    chown root system /data/secure_storage_wv_system/persist
+    setprop storageproxyd_wv_system.trusty_ipc_dev VSOCK:${trusty.widevine_vm.vm_cid}:1
+    exec_start rpmb_mock_init_wv_system
+    start rpmb_mock_wv_system
commit	7e306c5146a28af3cddc9cd4a0f55f205810b0d5	[log] [tgz]
author	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	Sat Nov 16 23:09:15 2024 +0000
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	Sat Nov 16 23:09:15 2024 +0000
tree	815e990c691e0cd207f75924b8ed693de56aa498
parent	6d96be9dc89a25c85071846ca607c7b2809a1f20 [diff]
parent	51ce4016cab6e480f2e0dead260c0d31513f1741 [diff]