Merge "libfstab_fuzzer: fuzz TransformFstabForDsu() and skip mount logic"
diff --git a/fs_mgr/fs_mgr_overlayfs.cpp b/fs_mgr/fs_mgr_overlayfs.cpp
index 63b8757..ef426dc 100644
--- a/fs_mgr/fs_mgr_overlayfs.cpp
+++ b/fs_mgr/fs_mgr_overlayfs.cpp
@@ -1108,7 +1108,7 @@
return true;
}
-static bool CanUseSuperPartition(const Fstab& fstab, bool* is_virtual_ab) {
+static bool CanUseSuperPartition(const Fstab& fstab) {
auto slot_number = fs_mgr_overlayfs_slot_number();
auto super_device = fs_mgr_overlayfs_super_device(slot_number);
if (!fs_mgr_rw_access(super_device) || !fs_mgr_overlayfs_has_logical(fstab)) {
@@ -1118,7 +1118,6 @@
if (!metadata) {
return false;
}
- *is_virtual_ab = !!(metadata->header.flags & LP_HEADER_FLAG_VIRTUAL_AB_DEVICE);
return true;
}
@@ -1131,12 +1130,13 @@
return *partition_exists;
}
- bool is_virtual_ab = false;
- if (CanUseSuperPartition(fstab, &is_virtual_ab)) {
- bool can_use_data = false;
- if (is_virtual_ab && FilesystemHasReliablePinning("/data", &can_use_data) && can_use_data) {
- return CreateScratchOnData(scratch_device, partition_exists);
- }
+ // Try ImageManager on /data first.
+ bool can_use_data = false;
+ if (FilesystemHasReliablePinning("/data", &can_use_data) && can_use_data) {
+ return CreateScratchOnData(scratch_device, partition_exists);
+ }
+ // If that fails, see if we can land on super.
+ if (CanUseSuperPartition(fstab)) {
return CreateDynamicScratch(scratch_device, partition_exists);
}
return false;
diff --git a/fs_mgr/libsnapshot/include/libsnapshot/cow_writer.h b/fs_mgr/libsnapshot/include/libsnapshot/cow_writer.h
index e7a2f02..19f3649 100644
--- a/fs_mgr/libsnapshot/include/libsnapshot/cow_writer.h
+++ b/fs_mgr/libsnapshot/include/libsnapshot/cow_writer.h
@@ -52,8 +52,9 @@
virtual ~ICowWriter() {}
// Encode an operation that copies the contents of |old_block| to the
- // location of |new_block|.
- bool AddCopy(uint64_t new_block, uint64_t old_block);
+ // location of |new_block|. 'num_blocks' is the number of contiguous
+ // COPY operations from |old_block| to |new_block|.
+ bool AddCopy(uint64_t new_block, uint64_t old_block, uint64_t num_blocks = 1);
// Encode a sequence of raw blocks. |size| must be a multiple of the block size.
bool AddRawBlocks(uint64_t new_block_start, const void* data, size_t size);
@@ -84,7 +85,7 @@
const CowOptions& options() { return options_; }
protected:
- virtual bool EmitCopy(uint64_t new_block, uint64_t old_block) = 0;
+ virtual bool EmitCopy(uint64_t new_block, uint64_t old_block, uint64_t num_blocks = 1) = 0;
virtual bool EmitRawBlocks(uint64_t new_block_start, const void* data, size_t size) = 0;
virtual bool EmitXorBlocks(uint32_t new_block_start, const void* data, size_t size,
uint32_t old_block, uint16_t offset) = 0;
@@ -122,7 +123,7 @@
uint32_t GetCowVersion() { return header_.major_version; }
protected:
- virtual bool EmitCopy(uint64_t new_block, uint64_t old_block) override;
+ virtual bool EmitCopy(uint64_t new_block, uint64_t old_block, uint64_t num_blocks = 1) override;
virtual bool EmitRawBlocks(uint64_t new_block_start, const void* data, size_t size) override;
virtual bool EmitXorBlocks(uint32_t new_block_start, const void* data, size_t size,
uint32_t old_block, uint16_t offset) override;
diff --git a/fs_mgr/libsnapshot/include/libsnapshot/mock_snapshot_writer.h b/fs_mgr/libsnapshot/include/libsnapshot/mock_snapshot_writer.h
index b0be5a5..29828bc 100644
--- a/fs_mgr/libsnapshot/include/libsnapshot/mock_snapshot_writer.h
+++ b/fs_mgr/libsnapshot/include/libsnapshot/mock_snapshot_writer.h
@@ -34,7 +34,7 @@
// Returns true if AddCopy() operations are supported.
MOCK_METHOD(bool, SupportsCopyOperation, (), (const override));
- MOCK_METHOD(bool, EmitCopy, (uint64_t, uint64_t), (override));
+ MOCK_METHOD(bool, EmitCopy, (uint64_t, uint64_t, uint64_t), (override));
MOCK_METHOD(bool, EmitRawBlocks, (uint64_t, const void*, size_t), (override));
MOCK_METHOD(bool, EmitXorBlocks, (uint32_t, const void*, size_t, uint32_t, uint16_t),
(override));
diff --git a/fs_mgr/libsnapshot/include/libsnapshot/snapshot_writer.h b/fs_mgr/libsnapshot/include/libsnapshot/snapshot_writer.h
index 545f117..0e3b1db 100644
--- a/fs_mgr/libsnapshot/include/libsnapshot/snapshot_writer.h
+++ b/fs_mgr/libsnapshot/include/libsnapshot/snapshot_writer.h
@@ -74,7 +74,7 @@
bool VerifyMergeOps() const noexcept;
protected:
- bool EmitCopy(uint64_t new_block, uint64_t old_block) override;
+ bool EmitCopy(uint64_t new_block, uint64_t old_block, uint64_t num_blocks = 1) override;
bool EmitRawBlocks(uint64_t new_block_start, const void* data, size_t size) override;
bool EmitXorBlocks(uint32_t new_block_start, const void* data, size_t size, uint32_t old_block,
uint16_t offset) override;
@@ -113,7 +113,7 @@
bool EmitZeroBlocks(uint64_t new_block_start, uint64_t num_blocks) override;
bool EmitXorBlocks(uint32_t new_block_start, const void* data, size_t size, uint32_t old_block,
uint16_t offset) override;
- bool EmitCopy(uint64_t new_block, uint64_t old_block) override;
+ bool EmitCopy(uint64_t new_block, uint64_t old_block, uint64_t num_blocks = 1) override;
bool EmitLabel(uint64_t label) override;
bool EmitSequenceData(size_t num_ops, const uint32_t* data) override;
diff --git a/fs_mgr/libsnapshot/libsnapshot_cow/cow_api_test.cpp b/fs_mgr/libsnapshot/libsnapshot_cow/cow_api_test.cpp
index ba4044f..2c1187f 100644
--- a/fs_mgr/libsnapshot/libsnapshot_cow/cow_api_test.cpp
+++ b/fs_mgr/libsnapshot/libsnapshot_cow/cow_api_test.cpp
@@ -62,6 +62,48 @@
std::string stream_;
};
+TEST_F(CowTest, CopyContiguous) {
+ CowOptions options;
+ options.cluster_ops = 0;
+ CowWriter writer(options);
+
+ ASSERT_TRUE(writer.Initialize(cow_->fd));
+
+ ASSERT_TRUE(writer.AddCopy(10, 1000, 100));
+ ASSERT_TRUE(writer.Finalize());
+ ASSERT_EQ(lseek(cow_->fd, 0, SEEK_SET), 0);
+
+ CowReader reader;
+ CowHeader header;
+ CowFooter footer;
+ ASSERT_TRUE(reader.Parse(cow_->fd));
+ ASSERT_TRUE(reader.GetHeader(&header));
+ ASSERT_TRUE(reader.GetFooter(&footer));
+ ASSERT_EQ(header.magic, kCowMagicNumber);
+ ASSERT_EQ(header.major_version, kCowVersionMajor);
+ ASSERT_EQ(header.minor_version, kCowVersionMinor);
+ ASSERT_EQ(header.block_size, options.block_size);
+ ASSERT_EQ(footer.op.num_ops, 100);
+
+ auto iter = reader.GetOpIter();
+ ASSERT_NE(iter, nullptr);
+ ASSERT_FALSE(iter->Done());
+
+ size_t i = 0;
+ while (!iter->Done()) {
+ auto op = &iter->Get();
+ ASSERT_EQ(op->type, kCowCopyOp);
+ ASSERT_EQ(op->compression, kCowCompressNone);
+ ASSERT_EQ(op->data_length, 0);
+ ASSERT_EQ(op->new_block, 10 + i);
+ ASSERT_EQ(op->source, 1000 + i);
+ iter->Next();
+ i += 1;
+ }
+
+ ASSERT_EQ(i, 100);
+}
+
TEST_F(CowTest, ReadWrite) {
CowOptions options;
options.cluster_ops = 0;
diff --git a/fs_mgr/libsnapshot/libsnapshot_cow/cow_writer.cpp b/fs_mgr/libsnapshot/libsnapshot_cow/cow_writer.cpp
index e4f019e..015bff0 100644
--- a/fs_mgr/libsnapshot/libsnapshot_cow/cow_writer.cpp
+++ b/fs_mgr/libsnapshot/libsnapshot_cow/cow_writer.cpp
@@ -38,11 +38,16 @@
using android::base::borrowed_fd;
using android::base::unique_fd;
-bool ICowWriter::AddCopy(uint64_t new_block, uint64_t old_block) {
- if (!ValidateNewBlock(new_block)) {
- return false;
+bool ICowWriter::AddCopy(uint64_t new_block, uint64_t old_block, uint64_t num_blocks) {
+ CHECK(num_blocks != 0);
+
+ for (size_t i = 0; i < num_blocks; i++) {
+ if (!ValidateNewBlock(new_block + i)) {
+ return false;
+ }
}
- return EmitCopy(new_block, old_block);
+
+ return EmitCopy(new_block, old_block, num_blocks);
}
bool ICowWriter::AddRawBlocks(uint64_t new_block_start, const void* data, size_t size) {
@@ -286,13 +291,20 @@
return EmitClusterIfNeeded();
}
-bool CowWriter::EmitCopy(uint64_t new_block, uint64_t old_block) {
+bool CowWriter::EmitCopy(uint64_t new_block, uint64_t old_block, uint64_t num_blocks) {
CHECK(!merge_in_progress_);
- CowOperation op = {};
- op.type = kCowCopyOp;
- op.new_block = new_block;
- op.source = old_block;
- return WriteOperation(op);
+
+ for (size_t i = 0; i < num_blocks; i++) {
+ CowOperation op = {};
+ op.type = kCowCopyOp;
+ op.new_block = new_block + i;
+ op.source = old_block + i;
+ if (!WriteOperation(op)) {
+ return false;
+ }
+ }
+
+ return true;
}
bool CowWriter::EmitRawBlocks(uint64_t new_block_start, const void* data, size_t size) {
diff --git a/fs_mgr/libsnapshot/snapshot_writer.cpp b/fs_mgr/libsnapshot/snapshot_writer.cpp
index 48b7d80..6aad3d1 100644
--- a/fs_mgr/libsnapshot/snapshot_writer.cpp
+++ b/fs_mgr/libsnapshot/snapshot_writer.cpp
@@ -111,8 +111,9 @@
return reader;
}
-bool CompressedSnapshotWriter::EmitCopy(uint64_t new_block, uint64_t old_block) {
- return cow_->AddCopy(new_block, old_block);
+bool CompressedSnapshotWriter::EmitCopy(uint64_t new_block, uint64_t old_block,
+ uint64_t num_blocks) {
+ return cow_->AddCopy(new_block, old_block, num_blocks);
}
bool CompressedSnapshotWriter::EmitRawBlocks(uint64_t new_block_start, const void* data,
@@ -191,19 +192,29 @@
return true;
}
-bool OnlineKernelSnapshotWriter::EmitCopy(uint64_t new_block, uint64_t old_block) {
+bool OnlineKernelSnapshotWriter::EmitCopy(uint64_t new_block, uint64_t old_block,
+ uint64_t num_blocks) {
auto source_fd = GetSourceFd();
if (source_fd < 0) {
return false;
}
- std::string buffer(options_.block_size, 0);
- uint64_t offset = old_block * options_.block_size;
- if (!android::base::ReadFullyAtOffset(source_fd, buffer.data(), buffer.size(), offset)) {
- PLOG(ERROR) << "EmitCopy read";
- return false;
+ CHECK(num_blocks != 0);
+
+ for (size_t i = 0; i < num_blocks; i++) {
+ std::string buffer(options_.block_size, 0);
+ uint64_t offset = (old_block + i) * options_.block_size;
+ if (!android::base::ReadFullyAtOffset(source_fd, buffer.data(), buffer.size(), offset)) {
+ PLOG(ERROR) << "EmitCopy read";
+ return false;
+ }
+ if (!EmitRawBlocks(new_block + i, buffer.data(), buffer.size())) {
+ PLOG(ERROR) << "EmitRawBlocks failed";
+ return false;
+ }
}
- return EmitRawBlocks(new_block, buffer.data(), buffer.size());
+
+ return true;
}
bool OnlineKernelSnapshotWriter::EmitLabel(uint64_t) {
diff --git a/init/README.md b/init/README.md
index 7b3d32a..6596528 100644
--- a/init/README.md
+++ b/init/README.md
@@ -368,8 +368,9 @@
given console.
`task_profiles <profile> [ <profile>\* ]`
-> Set task profiles for the process when it forks. This is designed to replace the use of
- writepid option for moving a process into a cgroup.
+> Set task profiles. Before Android U, the profiles are applied to the main thread of the service.
+ For Android U and later, the profiles are applied to the entire service process. This is designed
+ to replace the use of writepid option for moving a process into a cgroup.
`timeout_period <seconds>`
> Provide a timeout after which point the service will be killed. The oneshot keyword is respected
diff --git a/init/epoll.cpp b/init/epoll.cpp
index 24d356d..fd1af4f 100644
--- a/init/epoll.cpp
+++ b/init/epoll.cpp
@@ -45,18 +45,18 @@
return Error() << "Must specify events";
}
- Info info;
- info.events = events;
- info.handler = std::make_shared<decltype(handler)>(std::move(handler));
- auto [it, inserted] = epoll_handlers_.emplace(fd, std::move(info));
+ auto [it, inserted] = epoll_handlers_.emplace(
+ fd, Info{
+ .events = events,
+ .handler = std::move(handler),
+ });
if (!inserted) {
return Error() << "Cannot specify two epoll handlers for a given FD";
}
- epoll_event ev;
- ev.events = events;
- // std::map's iterators do not get invalidated until erased, so we use the
- // pointer to the std::function in the map directly for epoll_ctl.
- ev.data.ptr = reinterpret_cast<void*>(&it->second);
+ epoll_event ev = {
+ .events = events,
+ .data.fd = fd,
+ };
if (epoll_ctl(epoll_fd_, EPOLL_CTL_ADD, fd, &ev) == -1) {
Result<void> result = ErrnoError() << "epoll_ctl failed to add fd";
epoll_handlers_.erase(fd);
@@ -69,9 +69,11 @@
if (epoll_ctl(epoll_fd_, EPOLL_CTL_DEL, fd, nullptr) == -1) {
return ErrnoError() << "epoll_ctl failed to remove fd";
}
- if (epoll_handlers_.erase(fd) != 1) {
+ auto it = epoll_handlers_.find(fd);
+ if (it == epoll_handlers_.end()) {
return Error() << "Attempting to remove epoll handler for FD without an existing handler";
}
+ to_remove_.insert(it->first);
return {};
}
@@ -79,8 +81,7 @@
first_callback_ = std::move(first_callback);
}
-Result<std::vector<std::shared_ptr<Epoll::Handler>>> Epoll::Wait(
- std::optional<std::chrono::milliseconds> timeout) {
+Result<int> Epoll::Wait(std::optional<std::chrono::milliseconds> timeout) {
int timeout_ms = -1;
if (timeout && timeout->count() < INT_MAX) {
timeout_ms = timeout->count();
@@ -94,19 +95,25 @@
if (num_events > 0 && first_callback_) {
first_callback_();
}
- std::vector<std::shared_ptr<Handler>> pending_functions;
for (int i = 0; i < num_events; ++i) {
- auto& info = *reinterpret_cast<Info*>(ev[i].data.ptr);
+ const auto it = epoll_handlers_.find(ev[i].data.fd);
+ if (it == epoll_handlers_.end()) {
+ continue;
+ }
+ const Info& info = it->second;
if ((info.events & (EPOLLIN | EPOLLPRI)) == (EPOLLIN | EPOLLPRI) &&
(ev[i].events & EPOLLIN) != ev[i].events) {
// This handler wants to know about exception events, and just got one.
// Log something informational.
LOG(ERROR) << "Received unexpected epoll event set: " << ev[i].events;
}
- pending_functions.emplace_back(info.handler);
+ info.handler();
+ for (auto fd : to_remove_) {
+ epoll_handlers_.erase(fd);
+ }
+ to_remove_.clear();
}
-
- return pending_functions;
+ return num_events;
}
} // namespace init
diff --git a/init/epoll.h b/init/epoll.h
index e26e319..1e71803 100644
--- a/init/epoll.h
+++ b/init/epoll.h
@@ -24,6 +24,7 @@
#include <map>
#include <memory>
#include <optional>
+#include <unordered_set>
#include <vector>
#include <android-base/unique_fd.h>
@@ -43,18 +44,18 @@
Result<void> RegisterHandler(int fd, Handler handler, uint32_t events = EPOLLIN);
Result<void> UnregisterHandler(int fd);
void SetFirstCallback(std::function<void()> first_callback);
- Result<std::vector<std::shared_ptr<Handler>>> Wait(
- std::optional<std::chrono::milliseconds> timeout);
+ Result<int> Wait(std::optional<std::chrono::milliseconds> timeout);
private:
struct Info {
- std::shared_ptr<Handler> handler;
+ Handler handler;
uint32_t events;
};
android::base::unique_fd epoll_fd_;
std::map<int, Info> epoll_handlers_;
std::function<void()> first_callback_;
+ std::unordered_set<int> to_remove_;
};
} // namespace init
diff --git a/init/epoll_test.cpp b/init/epoll_test.cpp
index 3f8b5a4..7105a68 100644
--- a/init/epoll_test.cpp
+++ b/init/epoll_test.cpp
@@ -60,14 +60,9 @@
uint8_t byte = 0xee;
ASSERT_TRUE(android::base::WriteFully(fds[1], &byte, sizeof(byte)));
- auto results = epoll.Wait({});
- ASSERT_RESULT_OK(results);
- ASSERT_EQ(results->size(), size_t(1));
-
- for (const auto& function : *results) {
- (*function)();
- (*function)();
- }
+ auto epoll_result = epoll.Wait({});
+ ASSERT_RESULT_OK(epoll_result);
+ ASSERT_EQ(*epoll_result, 1);
ASSERT_TRUE(handler_invoked);
}
diff --git a/init/host_init_stubs.h b/init/host_init_stubs.h
index 2a8bf6c..753ed6b 100644
--- a/init/host_init_stubs.h
+++ b/init/host_init_stubs.h
@@ -29,6 +29,9 @@
#define __ANDROID_API_P__ 28
#define __ANDROID_API_Q__ 29
#define __ANDROID_API_R__ 30
+#define __ANDROID_API_S__ 31
+#define __ANDROID_API_T__ 33
+#define __ANDROID_API_U__ 34
// sys/system_properties.h
#define PROP_VALUE_MAX 92
diff --git a/init/init.cpp b/init/init.cpp
index cd0ee58..4ca351c 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -662,6 +662,10 @@
}
static Result<void> SetupCgroupsAction(const BuiltinArguments&) {
+ if (!CgroupsAvailable()) {
+ LOG(INFO) << "Cgroups support in kernel is not enabled";
+ return {};
+ }
// Have to create <CGROUPS_RC_DIR> using make_dir function
// for appropriate sepolicy to be set for it
make_dir(android::base::Dirname(CGROUPS_RC_PATH), 0711);
@@ -1148,7 +1152,7 @@
setpriority(PRIO_PROCESS, 0, 0);
while (true) {
// By default, sleep until something happens.
- auto epoll_timeout = std::optional<std::chrono::milliseconds>{kDiagnosticTimeout};
+ std::chrono::milliseconds epoll_timeout{kDiagnosticTimeout};
auto shutdown_command = shutdown_state.CheckShutdown();
if (shutdown_command) {
@@ -1168,7 +1172,7 @@
if (next_process_action_time) {
epoll_timeout = std::chrono::ceil<std::chrono::milliseconds>(
*next_process_action_time - boot_clock::now());
- if (*epoll_timeout < 0ms) epoll_timeout = 0ms;
+ if (epoll_timeout < 0ms) epoll_timeout = 0ms;
}
}
@@ -1177,14 +1181,10 @@
if (am.HasMoreCommands()) epoll_timeout = 0ms;
}
- auto pending_functions = epoll.Wait(epoll_timeout);
- if (!pending_functions.ok()) {
- LOG(ERROR) << pending_functions.error();
- } else if (!pending_functions->empty()) {
- for (const auto& function : *pending_functions) {
- (*function)();
- }
- } else if (Service::is_exec_service_running()) {
+ auto epoll_result = epoll.Wait(epoll_timeout);
+ if (!epoll_result.ok()) {
+ LOG(ERROR) << epoll_result.error();
+ } else if (*epoll_result <= 0 && Service::is_exec_service_running()) {
static bool dumped_diagnostics = false;
std::chrono::duration<double> waited =
std::chrono::steady_clock::now() - Service::exec_service_started();
diff --git a/init/keychords_test.cpp b/init/keychords_test.cpp
index 8a333a2..5789bf5 100644
--- a/init/keychords_test.cpp
+++ b/init/keychords_test.cpp
@@ -212,11 +212,8 @@
}
void TestFrame::RelaxForMs(std::chrono::milliseconds wait) {
- auto pending_functions = epoll_.Wait(wait);
- ASSERT_RESULT_OK(pending_functions);
- for (const auto& function : *pending_functions) {
- (*function)();
- }
+ auto epoll_result = epoll_.Wait(wait);
+ ASSERT_RESULT_OK(epoll_result);
}
void TestFrame::SetChord(int key, bool value) {
diff --git a/init/property_service.cpp b/init/property_service.cpp
index c2ba8d5..f3550a1 100644
--- a/init/property_service.cpp
+++ b/init/property_service.cpp
@@ -1381,13 +1381,9 @@
}
while (true) {
- auto pending_functions = epoll.Wait(std::nullopt);
- if (!pending_functions.ok()) {
- LOG(ERROR) << pending_functions.error();
- } else {
- for (const auto& function : *pending_functions) {
- (*function)();
- }
+ auto epoll_result = epoll.Wait(std::nullopt);
+ if (!epoll_result.ok()) {
+ LOG(ERROR) << epoll_result.error();
}
}
}
diff --git a/init/service.cpp b/init/service.cpp
index a633048..6a9343d 100644
--- a/init/service.cpp
+++ b/init/service.cpp
@@ -546,8 +546,18 @@
_exit(EXIT_FAILURE);
}
- if (task_profiles_.size() > 0 && !SetTaskProfiles(getpid(), task_profiles_)) {
- LOG(ERROR) << "failed to set task profiles";
+ if (task_profiles_.size() > 0) {
+ bool succeeded = SelinuxGetVendorAndroidVersion() < __ANDROID_API_U__
+ ?
+ // Compatibility mode: apply the task profiles to the current
+ // thread.
+ SetTaskProfiles(getpid(), task_profiles_)
+ :
+ // Apply the task profiles to the current process.
+ SetProcessProfiles(getuid(), getpid(), task_profiles_);
+ if (!succeeded) {
+ LOG(ERROR) << "failed to set task profiles";
+ }
}
// As requested, set our gid, supplemental gids, uid, context, and
@@ -682,24 +692,28 @@
start_order_ = next_start_order_++;
process_cgroup_empty_ = false;
- bool use_memcg = swappiness_ != -1 || soft_limit_in_bytes_ != -1 || limit_in_bytes_ != -1 ||
- limit_percent_ != -1 || !limit_property_.empty();
- errno = -createProcessGroup(proc_attr_.uid, pid_, use_memcg);
- if (errno != 0) {
- if (char byte = 0; write((*pipefd)[1], &byte, 1) < 0) {
- return ErrnoError() << "sending notification failed";
+ if (CgroupsAvailable()) {
+ bool use_memcg = swappiness_ != -1 || soft_limit_in_bytes_ != -1 || limit_in_bytes_ != -1 ||
+ limit_percent_ != -1 || !limit_property_.empty();
+ errno = -createProcessGroup(proc_attr_.uid, pid_, use_memcg);
+ if (errno != 0) {
+ if (char byte = 0; write((*pipefd)[1], &byte, 1) < 0) {
+ return ErrnoError() << "sending notification failed";
+ }
+ return Error() << "createProcessGroup(" << proc_attr_.uid << ", " << pid_
+ << ") failed for service '" << name_ << "'";
}
- return Error() << "createProcessGroup(" << proc_attr_.uid << ", " << pid_
- << ") failed for service '" << name_ << "'";
- }
- // When the blkio controller is mounted in the v1 hierarchy, NormalIoPriority is
- // the default (/dev/blkio). When the blkio controller is mounted in the v2 hierarchy, the
- // NormalIoPriority profile has to be applied explicitly.
- SetProcessProfiles(proc_attr_.uid, pid_, {"NormalIoPriority"});
+ // When the blkio controller is mounted in the v1 hierarchy, NormalIoPriority is
+ // the default (/dev/blkio). When the blkio controller is mounted in the v2 hierarchy, the
+ // NormalIoPriority profile has to be applied explicitly.
+ SetProcessProfiles(proc_attr_.uid, pid_, {"NormalIoPriority"});
- if (use_memcg) {
- ConfigureMemcg();
+ if (use_memcg) {
+ ConfigureMemcg();
+ }
+ } else {
+ process_cgroup_empty_ = true;
}
if (oom_score_adjust_ != DEFAULT_OOM_SCORE_ADJUST) {
diff --git a/init/service_utils.cpp b/init/service_utils.cpp
index d19f5ee..a14969e 100644
--- a/init/service_utils.cpp
+++ b/init/service_utils.cpp
@@ -280,6 +280,15 @@
}
Result<void> WritePidToFiles(std::vector<std::string>* files) {
+ if (files->empty()) {
+ // No files to write pid to, exit early.
+ return {};
+ }
+
+ if (!CgroupsAvailable()) {
+ return Error() << "cgroups are not available";
+ }
+
// See if there were "writepid" instructions to write to files under cpuset path.
std::string cpuset_path;
if (CgroupGetControllerPath("cpuset", &cpuset_path)) {
diff --git a/libprocessgroup/include/processgroup/processgroup.h b/libprocessgroup/include/processgroup/processgroup.h
index 45a723f..9b2d775 100644
--- a/libprocessgroup/include/processgroup/processgroup.h
+++ b/libprocessgroup/include/processgroup/processgroup.h
@@ -28,6 +28,7 @@
static constexpr const char* CGROUPV2_CONTROLLER_NAME = "cgroup2";
+bool CgroupsAvailable();
bool CgroupGetControllerPath(const std::string& cgroup_name, std::string* path);
bool CgroupGetControllerFromPath(const std::string& path, std::string* cgroup_name);
bool CgroupGetAttributePath(const std::string& attr_name, std::string* path);
diff --git a/libprocessgroup/processgroup.cpp b/libprocessgroup/processgroup.cpp
index bdda102..3fac373 100644
--- a/libprocessgroup/processgroup.cpp
+++ b/libprocessgroup/processgroup.cpp
@@ -55,6 +55,11 @@
#define PROCESSGROUP_CGROUP_PROCS_FILE "/cgroup.procs"
+bool CgroupsAvailable() {
+ static bool cgroups_available = access("/proc/cgroups", F_OK) == 0;
+ return cgroups_available;
+}
+
bool CgroupGetControllerPath(const std::string& cgroup_name, std::string* path) {
auto controller = CgroupMap::GetInstance().FindController(cgroup_name);
diff --git a/libutils/String8.cpp b/libutils/String8.cpp
index 3690389..82f5cb6 100644
--- a/libutils/String8.cpp
+++ b/libutils/String8.cpp
@@ -25,6 +25,7 @@
#include <ctype.h>
+#include <limits>
#include <string>
#include "SharedBuffer.h"
diff --git a/trusty/confirmationui/Android.bp b/trusty/confirmationui/Android.bp
index 0922415..29ef3c0 100644
--- a/trusty/confirmationui/Android.bp
+++ b/trusty/confirmationui/Android.bp
@@ -24,21 +24,23 @@
}
cc_binary {
- name: "android.hardware.confirmationui@1.0-service.trusty",
+ name: "android.hardware.confirmationui-service.trusty",
relative_install_path: "hw",
vendor: true,
shared_libs: [
- "android.hardware.confirmationui@1.0",
+ "android.hardware.confirmationui-V1-ndk",
"android.hardware.confirmationui.not-so-secure-input",
- "android.hardware.confirmationui@1.0-lib.trusty",
+ "android.hardware.confirmationui-lib.trusty",
+ "libbinder_ndk",
+ "libteeui_hal_support",
"libbase",
"libhidlbase",
"libutils",
],
- init_rc: ["android.hardware.confirmationui@1.0-service.trusty.rc"],
+ init_rc: ["android.hardware.confirmationui-service.trusty.rc"],
- vintf_fragments: ["android.hardware.confirmationui@1.0-service.trusty.xml"],
+ vintf_fragments: ["android.hardware.confirmationui-service.trusty.xml"],
srcs: [
"service.cpp",
@@ -52,17 +54,20 @@
}
cc_library {
- name: "android.hardware.confirmationui@1.0-lib.trusty",
+ name: "android.hardware.confirmationui-lib.trusty",
+ defaults: [
+ "keymint_use_latest_hal_aidl_ndk_shared",
+ ],
vendor: true,
shared_libs: [
- "android.hardware.confirmationui@1.0",
- "android.hardware.keymaster@4.0",
+ "android.hardware.confirmationui-V1-ndk",
"libbase",
+ "libcutils",
"libdmabufheap",
- "libhidlbase",
"libteeui_hal_support",
"libtrusty",
"libutils",
+ "libbinder_ndk",
],
export_include_dirs: ["include"],
diff --git a/trusty/confirmationui/TrustyConfirmationUI.cpp b/trusty/confirmationui/TrustyConfirmationUI.cpp
index c6625e0..f01a4e1 100644
--- a/trusty/confirmationui/TrustyConfirmationUI.cpp
+++ b/trusty/confirmationui/TrustyConfirmationUI.cpp
@@ -18,8 +18,6 @@
#include "TrustyConfirmationUI.h"
#include <android-base/logging.h>
-#include <android/hardware/confirmationui/1.0/types.h>
-#include <android/hardware/keymaster/4.0/types.h>
#include <fcntl.h>
#include <linux/input.h>
#include <poll.h>
@@ -42,12 +40,7 @@
#include <tuple>
#include <vector>
-namespace android {
-namespace hardware {
-namespace confirmationui {
-namespace V1_0 {
-namespace implementation {
-
+namespace aidl::android::hardware::confirmationui {
using namespace secure_input;
using ::android::trusty::confirmationui::TrustyAppError;
@@ -64,8 +57,6 @@
using ::secure_input::createSecureInput;
-using ::android::hardware::keymaster::V4_0::HardwareAuthToken;
-
using ::std::tie;
using TeeuiRc = ::teeui::ResponseCode;
@@ -87,46 +78,47 @@
void release() { f_ = {}; }
};
-ResponseCode convertRc(TeeuiRc trc) {
+int convertRc(TeeuiRc trc) {
static_assert(
- uint32_t(TeeuiRc::OK) == uint32_t(ResponseCode::OK) &&
- uint32_t(TeeuiRc::Canceled) == uint32_t(ResponseCode::Canceled) &&
- uint32_t(TeeuiRc::Aborted) == uint32_t(ResponseCode::Aborted) &&
- uint32_t(TeeuiRc::OperationPending) == uint32_t(ResponseCode::OperationPending) &&
- uint32_t(TeeuiRc::Ignored) == uint32_t(ResponseCode::Ignored) &&
- uint32_t(TeeuiRc::SystemError) == uint32_t(ResponseCode::SystemError) &&
- uint32_t(TeeuiRc::Unimplemented) == uint32_t(ResponseCode::Unimplemented) &&
- uint32_t(TeeuiRc::Unexpected) == uint32_t(ResponseCode::Unexpected) &&
- uint32_t(TeeuiRc::UIError) == uint32_t(ResponseCode::UIError) &&
- uint32_t(TeeuiRc::UIErrorMissingGlyph) == uint32_t(ResponseCode::UIErrorMissingGlyph) &&
+ uint32_t(TeeuiRc::OK) == uint32_t(IConfirmationUI::OK) &&
+ uint32_t(TeeuiRc::Canceled) == uint32_t(IConfirmationUI::CANCELED) &&
+ uint32_t(TeeuiRc::Aborted) == uint32_t(IConfirmationUI::ABORTED) &&
+ uint32_t(TeeuiRc::OperationPending) == uint32_t(IConfirmationUI::OPERATION_PENDING) &&
+ uint32_t(TeeuiRc::Ignored) == uint32_t(IConfirmationUI::IGNORED) &&
+ uint32_t(TeeuiRc::SystemError) == uint32_t(IConfirmationUI::SYSTEM_ERROR) &&
+ uint32_t(TeeuiRc::Unimplemented) == uint32_t(IConfirmationUI::UNIMPLEMENTED) &&
+ uint32_t(TeeuiRc::Unexpected) == uint32_t(IConfirmationUI::UNEXPECTED) &&
+ uint32_t(TeeuiRc::UIError) == uint32_t(IConfirmationUI::UI_ERROR) &&
+ uint32_t(TeeuiRc::UIErrorMissingGlyph) ==
+ uint32_t(IConfirmationUI::UI_ERROR_MISSING_GLYPH) &&
uint32_t(TeeuiRc::UIErrorMessageTooLong) ==
- uint32_t(ResponseCode::UIErrorMessageTooLong) &&
+ uint32_t(IConfirmationUI::UI_ERROR_MESSAGE_TOO_LONG) &&
uint32_t(TeeuiRc::UIErrorMalformedUTF8Encoding) ==
- uint32_t(ResponseCode::UIErrorMalformedUTF8Encoding),
+ uint32_t(IConfirmationUI::UI_ERROR_MALFORMED_UTF8ENCODING),
"teeui::ResponseCode and "
"::android::hardware::confirmationui::V1_0::Responsecude are out of "
"sync");
- return ResponseCode(trc);
+ return static_cast<int>(trc);
}
teeui::UIOption convertUIOption(UIOption uio) {
- static_assert(uint32_t(UIOption::AccessibilityInverted) ==
+ static_assert(uint32_t(UIOption::ACCESSIBILITY_INVERTED) ==
uint32_t(teeui::UIOption::AccessibilityInverted) &&
- uint32_t(UIOption::AccessibilityMagnified) ==
+ uint32_t(UIOption::ACCESSIBILITY_MAGNIFIED) ==
uint32_t(teeui::UIOption::AccessibilityMagnified),
"teeui::UIOPtion and ::android::hardware::confirmationui::V1_0::UIOption "
- "anre out of sync");
+ "are out of sync");
return teeui::UIOption(uio);
}
-inline MsgString hidl2MsgString(const hidl_string& s) {
+inline MsgString stdString2MsgString(const string& s) {
return {s.c_str(), s.c_str() + s.size()};
}
-template <typename T> inline MsgVector<T> hidl2MsgVector(const hidl_vec<T>& v) {
+template <typename T> inline MsgVector<T> stdVector2MsgVector(const vector<T>& v) {
return {v};
}
-inline MsgVector<teeui::UIOption> hidl2MsgVector(const hidl_vec<UIOption>& v) {
+inline MsgVector<teeui::UIOption> stdVector2MsgVector(const vector<UIOption>& v) {
MsgVector<teeui::UIOption> result(v.size());
for (unsigned int i = 0; i < v.size(); ++i) {
result[i] = convertUIOption(v[i]);
@@ -137,7 +129,7 @@
} // namespace
TrustyConfirmationUI::TrustyConfirmationUI()
- : listener_state_(ListenerState::None), prompt_result_(ResponseCode::Ignored) {}
+ : listener_state_(ListenerState::None), prompt_result_(IConfirmationUI::IGNORED) {}
TrustyConfirmationUI::~TrustyConfirmationUI() {
ListenerState state = listener_state_;
@@ -385,15 +377,16 @@
// ############################## Start 4th Phase - cleanup ##################################
}
-// Methods from ::android::hardware::confirmationui::V1_0::IConfirmationUI
+// Methods from ::aidl::android::hardware::confirmationui::IConfirmationUI
// follow.
-Return<ResponseCode> TrustyConfirmationUI::promptUserConfirmation(
- const sp<IConfirmationResultCallback>& resultCB, const hidl_string& promptText,
- const hidl_vec<uint8_t>& extraData, const hidl_string& locale,
- const hidl_vec<UIOption>& uiOptions) {
+::ndk::ScopedAStatus TrustyConfirmationUI::promptUserConfirmation(
+ const shared_ptr<IConfirmationResultCallback>& resultCB, const vector<uint8_t>& promptTextBytes,
+ const vector<uint8_t>& extraData, const string& locale, const vector<UIOption>& uiOptions) {
std::unique_lock<std::mutex> stateLock(listener_state_lock_, std::defer_lock);
+ string promptText(promptTextBytes.begin(), promptTextBytes.end());
if (!stateLock.try_lock()) {
- return ResponseCode::OperationPending;
+ return ndk::ScopedAStatus(
+ AStatus_fromServiceSpecificError(IConfirmationUI::OPERATION_PENDING));
}
switch (listener_state_) {
case ListenerState::None:
@@ -401,23 +394,25 @@
case ListenerState::Starting:
case ListenerState::SetupDone:
case ListenerState::Interactive:
- return ResponseCode::OperationPending;
+ return ndk::ScopedAStatus(
+ AStatus_fromServiceSpecificError(IConfirmationUI::OPERATION_PENDING));
case ListenerState::Terminating:
callback_thread_.join();
listener_state_ = ListenerState::None;
break;
default:
- return ResponseCode::Unexpected;
+ return ndk::ScopedAStatus(AStatus_fromServiceSpecificError(IConfirmationUI::UNEXPECTED));
}
assert(listener_state_ == ListenerState::None);
callback_thread_ = std::thread(
- [this](sp<IConfirmationResultCallback> resultCB, hidl_string promptText,
- hidl_vec<uint8_t> extraData, hidl_string locale, hidl_vec<UIOption> uiOptions) {
- auto [trc, msg, token] =
- promptUserConfirmation_(hidl2MsgString(promptText), hidl2MsgVector(extraData),
- hidl2MsgString(locale), hidl2MsgVector(uiOptions));
+ [this](const shared_ptr<IConfirmationResultCallback>& resultCB, const string& promptText,
+ const vector<uint8_t>& extraData, const string& locale,
+ const vector<UIOption>& uiOptions) {
+ auto [trc, msg, token] = promptUserConfirmation_(
+ stdString2MsgString(promptText), stdVector2MsgVector(extraData),
+ stdString2MsgString(locale), stdVector2MsgVector(uiOptions));
bool do_callback = (listener_state_ == ListenerState::Interactive ||
listener_state_ == ListenerState::SetupDone) &&
resultCB;
@@ -426,7 +421,7 @@
if (do_callback) {
auto error = resultCB->result(prompt_result_, msg, token);
if (!error.isOk()) {
- LOG(ERROR) << "Result callback failed " << error.description();
+ LOG(ERROR) << "Result callback failed " << error.getDescription();
}
} else {
listener_state_condv_.notify_all();
@@ -442,14 +437,14 @@
if (listener_state_ == ListenerState::Terminating) {
callback_thread_.join();
listener_state_ = ListenerState::None;
- return prompt_result_;
+ return ndk::ScopedAStatus(AStatus_fromServiceSpecificError(prompt_result_));
}
- return ResponseCode::OK;
+ return ndk::ScopedAStatus::ok();
}
-Return<ResponseCode>
+::ndk::ScopedAStatus
TrustyConfirmationUI::deliverSecureInputEvent(const HardwareAuthToken& secureInputToken) {
- ResponseCode rc = ResponseCode::Ignored;
+ int rc = IConfirmationUI::IGNORED;
{
/*
* deliverSecureInputEvent is only used by the VTS test to mock human input. A correct
@@ -467,13 +462,17 @@
listener_state_condv_.wait(stateLock,
[this] { return listener_state_ != ListenerState::SetupDone; });
- if (listener_state_ != ListenerState::Interactive) return ResponseCode::Ignored;
+ if (listener_state_ != ListenerState::Interactive)
+ return ndk::ScopedAStatus(AStatus_fromServiceSpecificError(IConfirmationUI::IGNORED));
auto sapp = app_.lock();
- if (!sapp) return ResponseCode::Ignored;
+ if (!sapp)
+ return ndk::ScopedAStatus(AStatus_fromServiceSpecificError(IConfirmationUI::IGNORED));
auto [error, response] =
sapp->issueCmd<DeliverTestCommandMessage, DeliverTestCommandResponse>(
static_cast<teeui::TestModeCommands>(secureInputToken.challenge));
- if (error != TrustyAppError::OK) return ResponseCode::SystemError;
+ if (error != TrustyAppError::OK)
+ return ndk::ScopedAStatus(
+ AStatus_fromServiceSpecificError(IConfirmationUI::SYSTEM_ERROR));
auto& [trc] = response;
if (trc != TeeuiRc::Ignored) secureInputDelivered_ = true;
rc = convertRc(trc);
@@ -484,11 +483,14 @@
// Canceled into OK. Canceled is only returned if the delivered event canceled
// the operation, which means that the event was successfully delivered. Thus
// we return OK.
- if (rc == ResponseCode::Canceled) return ResponseCode::OK;
- return rc;
+ if (rc == IConfirmationUI::CANCELED) return ndk::ScopedAStatus::ok();
+ if (rc != IConfirmationUI::OK) {
+ return ndk::ScopedAStatus(AStatus_fromServiceSpecificError(rc));
+ }
+ return ndk::ScopedAStatus::ok();
}
-Return<void> TrustyConfirmationUI::abort() {
+::ndk::ScopedAStatus TrustyConfirmationUI::abort() {
{
std::unique_lock<std::mutex> stateLock(listener_state_lock_);
if (listener_state_ == ListenerState::SetupDone ||
@@ -499,15 +501,11 @@
}
}
listener_state_condv_.notify_all();
- return Void();
+ return ndk::ScopedAStatus::ok();
}
-android::sp<IConfirmationUI> createTrustyConfirmationUI() {
- return new TrustyConfirmationUI();
+std::shared_ptr<IConfirmationUI> createTrustyConfirmationUI() {
+ return ndk::SharedRefBase::make<TrustyConfirmationUI>();
}
-} // namespace implementation
-} // namespace V1_0
-} // namespace confirmationui
-} // namespace hardware
-} // namespace android
+} // namespace aidl::android::hardware::confirmationui
diff --git a/trusty/confirmationui/TrustyConfirmationUI.h b/trusty/confirmationui/TrustyConfirmationUI.h
index 0bd703c..6e85704 100644
--- a/trusty/confirmationui/TrustyConfirmationUI.h
+++ b/trusty/confirmationui/TrustyConfirmationUI.h
@@ -17,9 +17,11 @@
#ifndef ANDROID_HARDWARE_CONFIRMATIONUI_V1_0_TRUSTY_CONFIRMATIONUI_H
#define ANDROID_HARDWARE_CONFIRMATIONUI_V1_0_TRUSTY_CONFIRMATIONUI_H
-#include <android/hardware/confirmationui/1.0/IConfirmationUI.h>
-#include <android/hardware/keymaster/4.0/types.h>
-#include <hidl/Status.h>
+#include <aidl/android/hardware/confirmationui/BnConfirmationUI.h>
+#include <aidl/android/hardware/confirmationui/IConfirmationResultCallback.h>
+#include <aidl/android/hardware/confirmationui/UIOption.h>
+#include <aidl/android/hardware/security/keymint/HardwareAuthToken.h>
+#include <android/binder_manager.h>
#include <atomic>
#include <condition_variable>
@@ -30,35 +32,29 @@
#include "TrustyApp.h"
-namespace android {
-namespace hardware {
-namespace confirmationui {
-namespace V1_0 {
-namespace implementation {
+namespace aidl::android::hardware::confirmationui {
-using ::android::sp;
-using ::android::hardware::hidl_array;
-using ::android::hardware::hidl_string;
-using ::android::hardware::hidl_vec;
-using ::android::hardware::Return;
-using ::android::hardware::Void;
+using std::shared_ptr;
+using std::string;
+using std::vector;
+using ::aidl::android::hardware::security::keymint::HardwareAuthToken;
using ::android::trusty::confirmationui::TrustyApp;
-class TrustyConfirmationUI : public IConfirmationUI {
+class TrustyConfirmationUI : public BnConfirmationUI {
public:
TrustyConfirmationUI();
virtual ~TrustyConfirmationUI();
- // Methods from ::android::hardware::confirmationui::V1_0::IConfirmationUI
+ // Methods from ::aidl::android::hardware::confirmationui::IConfirmationUI
// follow.
- Return<ResponseCode> promptUserConfirmation(const sp<IConfirmationResultCallback>& resultCB,
- const hidl_string& promptText,
- const hidl_vec<uint8_t>& extraData,
- const hidl_string& locale,
- const hidl_vec<UIOption>& uiOptions) override;
- Return<ResponseCode> deliverSecureInputEvent(
- const ::android::hardware::keymaster::V4_0::HardwareAuthToken& secureInputToken) override;
- Return<void> abort() override;
+ ::ndk::ScopedAStatus
+ promptUserConfirmation(const shared_ptr<IConfirmationResultCallback>& resultCB,
+ const vector<uint8_t>& promptText, const vector<uint8_t>& extraData,
+ const string& locale, const vector<UIOption>& uiOptions) override;
+ ::ndk::ScopedAStatus
+ deliverSecureInputEvent(const HardwareAuthToken& secureInputToken) override;
+
+ ::ndk::ScopedAStatus abort() override;
private:
std::weak_ptr<TrustyApp> app_;
@@ -85,7 +81,7 @@
bool abort_called_;
std::mutex listener_state_lock_;
std::condition_variable listener_state_condv_;
- ResponseCode prompt_result_;
+ int prompt_result_;
bool secureInputDelivered_;
std::tuple<teeui::ResponseCode, teeui::MsgVector<uint8_t>, teeui::MsgVector<uint8_t>>
@@ -95,10 +91,6 @@
const teeui::MsgVector<teeui::UIOption>& uiOptions);
};
-} // namespace implementation
-} // namespace V1_0
-} // namespace confirmationui
-} // namespace hardware
-} // namespace android
+} // namespace aidl::android::hardware::confirmationui
#endif // ANDROID_HARDWARE_CONFIRMATIONUI_V1_0_TRUSTY_CONFIRMATIONUI_H
diff --git a/trusty/confirmationui/android.hardware.confirmationui-service.trusty.rc b/trusty/confirmationui/android.hardware.confirmationui-service.trusty.rc
new file mode 100644
index 0000000..b5c3159
--- /dev/null
+++ b/trusty/confirmationui/android.hardware.confirmationui-service.trusty.rc
@@ -0,0 +1,5 @@
+service vendor.confirmationui_default /vendor/bin/hw/android.hardware.confirmationui-service.trusty
+ interface aidl android.hardware.confirmationui.IConfirmationUI/default
+ class hal
+ user system
+ group drmrpc input system
diff --git a/trusty/confirmationui/android.hardware.confirmationui@1.0-service.trusty.xml b/trusty/confirmationui/android.hardware.confirmationui-service.trusty.xml
similarity index 71%
rename from trusty/confirmationui/android.hardware.confirmationui@1.0-service.trusty.xml
rename to trusty/confirmationui/android.hardware.confirmationui-service.trusty.xml
index 9008b87..afa2e8e 100644
--- a/trusty/confirmationui/android.hardware.confirmationui@1.0-service.trusty.xml
+++ b/trusty/confirmationui/android.hardware.confirmationui-service.trusty.xml
@@ -1,8 +1,7 @@
<manifest version="1.0" type="device">
- <hal format="hidl">
+ <hal format="aidl">
<name>android.hardware.confirmationui</name>
- <transport>hwbinder</transport>
- <version>1.0</version>
+ <version>1</version>
<interface>
<name>IConfirmationUI</name>
<instance>default</instance>
diff --git a/trusty/confirmationui/android.hardware.confirmationui@1.0-service.trusty.rc b/trusty/confirmationui/android.hardware.confirmationui@1.0-service.trusty.rc
deleted file mode 100644
index 3ba6fc0..0000000
--- a/trusty/confirmationui/android.hardware.confirmationui@1.0-service.trusty.rc
+++ /dev/null
@@ -1,4 +0,0 @@
-service confirmationui-1-0 /vendor/bin/hw/android.hardware.confirmationui@1.0-service.trusty
- class hal
- user system
- group drmrpc input system
diff --git a/trusty/confirmationui/include/TrustyConfirmationuiHal.h b/trusty/confirmationui/include/TrustyConfirmationuiHal.h
index 2ab9389..8000ee2 100644
--- a/trusty/confirmationui/include/TrustyConfirmationuiHal.h
+++ b/trusty/confirmationui/include/TrustyConfirmationuiHal.h
@@ -16,18 +16,10 @@
#pragma once
-#include <android/hardware/confirmationui/1.0/IConfirmationUI.h>
+#include <aidl/android/hardware/confirmationui/IConfirmationUI.h>
-namespace android {
-namespace hardware {
-namespace confirmationui {
-namespace V1_0 {
-namespace implementation {
+namespace aidl::android::hardware::confirmationui {
-android::sp<IConfirmationUI> createTrustyConfirmationUI();
+std::shared_ptr<IConfirmationUI> createTrustyConfirmationUI();
-} // namespace implementation
-} // namespace V1_0
-} // namespace confirmationui
-} // namespace hardware
-} // namespace android
+} // namespace aidl::android::hardware::confirmationui
diff --git a/trusty/confirmationui/service.cpp b/trusty/confirmationui/service.cpp
index dd7e84b..b286c0a 100644
--- a/trusty/confirmationui/service.cpp
+++ b/trusty/confirmationui/service.cpp
@@ -15,21 +15,28 @@
*/
#include <android-base/logging.h>
-#include <hidl/HidlTransportSupport.h>
+#include <android/binder_manager.h>
+#include <android/binder_process.h>
#include <TrustyConfirmationuiHal.h>
-using android::sp;
-using android::hardware::confirmationui::V1_0::implementation::createTrustyConfirmationUI;
+using ::aidl::android::hardware::confirmationui::createTrustyConfirmationUI;
+using ::aidl::android::hardware::confirmationui::IConfirmationUI;
int main() {
- ::android::hardware::configureRpcThreadpool(1, true /*willJoinThreadpool*/);
- auto service = createTrustyConfirmationUI();
- auto status = service->registerAsService();
- if (status != android::OK) {
- LOG(FATAL) << "Could not register service for ConfirmationUI 1.0 (" << status << ")";
+ ABinderProcess_setThreadPoolMaxThreadCount(0);
+
+ auto confirmationui = createTrustyConfirmationUI();
+
+ const auto instance = std::string(IConfirmationUI::descriptor) + "/default";
+ binder_status_t status =
+ AServiceManager_addService(confirmationui->asBinder().get(), instance.c_str());
+
+ if (status != STATUS_OK) {
+ LOG(FATAL) << "Could not register service for " << instance.c_str() << "(" << status << ")";
return -1;
}
- ::android::hardware::joinRpcThreadpool();
+
+ ABinderProcess_joinThreadPool();
return -1;
}
diff --git a/trusty/keymaster/TrustyKeymaster.cpp b/trusty/keymaster/TrustyKeymaster.cpp
index e4791e6..ac98695 100644
--- a/trusty/keymaster/TrustyKeymaster.cpp
+++ b/trusty/keymaster/TrustyKeymaster.cpp
@@ -178,6 +178,11 @@
ForwardCommand(KM_GENERATE_CSR, request, response);
}
+void TrustyKeymaster::GenerateCsrV2(const GenerateCsrV2Request& request,
+ GenerateCsrV2Response* response) {
+ ForwardCommand(KM_GENERATE_CSR_V2, request, response);
+}
+
void TrustyKeymaster::GetKeyCharacteristics(const GetKeyCharacteristicsRequest& request,
GetKeyCharacteristicsResponse* response) {
ForwardCommand(KM_GET_KEY_CHARACTERISTICS, request, response);
diff --git a/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
index ec52811..60d3f87 100644
--- a/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
+++ b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
@@ -44,6 +44,7 @@
void GenerateKey(const GenerateKeyRequest& request, GenerateKeyResponse* response);
void GenerateRkpKey(const GenerateRkpKeyRequest& request, GenerateRkpKeyResponse* response);
void GenerateCsr(const GenerateCsrRequest& request, GenerateCsrResponse* response);
+ void GenerateCsrV2(const GenerateCsrV2Request& request, GenerateCsrV2Response* response);
void GetKeyCharacteristics(const GetKeyCharacteristicsRequest& request,
GetKeyCharacteristicsResponse* response);
void ImportKey(const ImportKeyRequest& request, ImportKeyResponse* response);
diff --git a/trusty/keymaster/include/trusty_keymaster/TrustyRemotelyProvisionedComponentDevice.h b/trusty/keymaster/include/trusty_keymaster/TrustyRemotelyProvisionedComponentDevice.h
index d544b51..dbb7fff 100644
--- a/trusty/keymaster/include/trusty_keymaster/TrustyRemotelyProvisionedComponentDevice.h
+++ b/trusty/keymaster/include/trusty_keymaster/TrustyRemotelyProvisionedComponentDevice.h
@@ -46,6 +46,10 @@
DeviceInfo* deviceInfo, ProtectedData* protectedData,
std::vector<uint8_t>* keysToSignMac) override;
+ ScopedAStatus generateCertificateRequestV2(const std::vector<MacedPublicKey>& keysToSign,
+ const std::vector<uint8_t>& challenge,
+ std::vector<uint8_t>* csr) override;
+
private:
std::shared_ptr<::keymaster::TrustyKeymaster> impl_;
};
diff --git a/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h b/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
index 9b55e9d..f767d40 100644
--- a/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
+++ b/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
@@ -61,6 +61,7 @@
KM_CONFIGURE_VENDOR_PATCHLEVEL = (33 << KEYMASTER_REQ_SHIFT),
KM_GET_ROOT_OF_TRUST = (34 << KEYMASTER_REQ_SHIFT),
KM_GET_HW_INFO = (35 << KEYMASTER_REQ_SHIFT),
+ KM_GENERATE_CSR_V2 = (36 << KEYMASTER_REQ_SHIFT),
// Bootloader/provisioning calls.
KM_SET_BOOT_PARAMS = (0x1000 << KEYMASTER_REQ_SHIFT),
diff --git a/trusty/keymaster/keymint/TrustyRemotelyProvisionedComponentDevice.cpp b/trusty/keymaster/keymint/TrustyRemotelyProvisionedComponentDevice.cpp
index 7f03f86..c6800cd 100644
--- a/trusty/keymaster/keymint/TrustyRemotelyProvisionedComponentDevice.cpp
+++ b/trusty/keymaster/keymint/TrustyRemotelyProvisionedComponentDevice.cpp
@@ -28,11 +28,14 @@
using keymaster::GenerateCsrRequest;
using keymaster::GenerateCsrResponse;
+using keymaster::GenerateCsrV2Request;
+using keymaster::GenerateCsrV2Response;
using keymaster::GenerateRkpKeyRequest;
using keymaster::GenerateRkpKeyResponse;
using keymaster::GetHwInfoRequest;
using keymaster::GetHwInfoResponse;
using keymaster::KeymasterBlob;
+using km_utils::kmError2ScopedAStatus;
using ::std::string;
using ::std::unique_ptr;
using ::std::vector;
@@ -125,4 +128,25 @@
return ScopedAStatus::ok();
}
+ScopedAStatus TrustyRemotelyProvisionedComponentDevice::generateCertificateRequestV2(
+ const std::vector<MacedPublicKey>& keysToSign, const std::vector<uint8_t>& challenge,
+ std::vector<uint8_t>* csr) {
+ GenerateCsrV2Request request(impl_->message_version());
+ if (!request.InitKeysToSign(keysToSign.size())) {
+ return kmError2ScopedAStatus(static_cast<keymaster_error_t>(STATUS_FAILED));
+ }
+ for (size_t i = 0; i < keysToSign.size(); i++) {
+ request.SetKeyToSign(i, keysToSign[i].macedKey.data(), keysToSign[i].macedKey.size());
+ }
+ request.SetChallenge(challenge.data(), challenge.size());
+ GenerateCsrV2Response response(impl_->message_version());
+ impl_->GenerateCsrV2(request, &response);
+
+ if (response.error != KM_ERROR_OK) {
+ return Status(-static_cast<int32_t>(response.error), "Failure in CSR v2 generation.");
+ }
+ *csr = km_utils::kmBlob2vector(response.csr);
+ return ScopedAStatus::ok();
+}
+
} // namespace aidl::android::hardware::security::keymint::trusty
diff --git a/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.xml b/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.xml
index 0b995a2..77dc854 100644
--- a/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.xml
+++ b/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.xml
@@ -14,7 +14,7 @@
</hal>
<hal format="aidl">
<name>android.hardware.security.keymint</name>
- <version>2</version>
+ <version>3</version>
<fqname>IRemotelyProvisionedComponent/default</fqname>
</hal>
</manifest>