Merge "libutils: Add more tests for Unicode"
diff --git a/debuggerd/crasher/Android.bp b/debuggerd/crasher/Android.bp
index 3af806b..fe1689c 100644
--- a/debuggerd/crasher/Android.bp
+++ b/debuggerd/crasher/Android.bp
@@ -15,6 +15,7 @@
"-fstack-protector-all",
"-Wno-date-time",
],
+ tidy: false, // crasher.cpp tests many memory access errors
srcs: ["crasher.cpp"],
arch: {
arm: {
diff --git a/fastboot/socket_test.cpp b/fastboot/socket_test.cpp
index 373abc3..74ff377 100644
--- a/fastboot/socket_test.cpp
+++ b/fastboot/socket_test.cpp
@@ -293,23 +293,23 @@
}
TEST(SocketMockTest, TestSendFailure) {
- SocketMock* mock = new SocketMock;
+ std::unique_ptr<SocketMock> mock(new SocketMock);
mock->ExpectSendFailure("foo");
- EXPECT_FALSE(SendString(mock, "foo"));
+ EXPECT_FALSE(SendString(mock.get(), "foo"));
- EXPECT_NONFATAL_FAILURE(SendString(mock, "foo"), "no message was expected");
+ EXPECT_NONFATAL_FAILURE(SendString(mock.get(), "foo"), "no message was expected");
mock->ExpectSend("foo");
- EXPECT_NONFATAL_FAILURE(SendString(mock, "bar"), "expected foo, but got bar");
- EXPECT_TRUE(SendString(mock, "foo"));
+ EXPECT_NONFATAL_FAILURE(SendString(mock.get(), "bar"), "expected foo, but got bar");
+ EXPECT_TRUE(SendString(mock.get(), "foo"));
mock->AddReceive("foo");
- EXPECT_NONFATAL_FAILURE(SendString(mock, "foo"), "called out-of-order");
- EXPECT_TRUE(ReceiveString(mock, "foo"));
+ EXPECT_NONFATAL_FAILURE(SendString(mock.get(), "foo"), "called out-of-order");
+ EXPECT_TRUE(ReceiveString(mock.get(), "foo"));
mock->ExpectSend("foo");
- EXPECT_NONFATAL_FAILURE(delete mock, "1 event(s) were not handled");
+ EXPECT_NONFATAL_FAILURE(mock.reset(), "1 event(s) were not handled");
}
TEST(SocketMockTest, TestReceiveSuccess) {
@@ -331,33 +331,33 @@
}
TEST(SocketMockTest, TestReceiveFailure) {
- SocketMock* mock = new SocketMock;
+ std::unique_ptr<SocketMock> mock(new SocketMock);
mock->AddReceiveFailure();
- EXPECT_FALSE(ReceiveString(mock, "foo"));
+ EXPECT_FALSE(ReceiveString(mock.get(), "foo"));
EXPECT_FALSE(mock->ReceiveTimedOut());
mock->AddReceiveTimeout();
- EXPECT_FALSE(ReceiveString(mock, "foo"));
+ EXPECT_FALSE(ReceiveString(mock.get(), "foo"));
EXPECT_TRUE(mock->ReceiveTimedOut());
mock->AddReceive("foo");
mock->AddReceiveFailure();
- EXPECT_FALSE(ReceiveString(mock, "foobar"));
+ EXPECT_FALSE(ReceiveString(mock.get(), "foobar"));
- EXPECT_NONFATAL_FAILURE(ReceiveString(mock, "foo"), "no message was ready");
+ EXPECT_NONFATAL_FAILURE(ReceiveString(mock.get(), "foo"), "no message was ready");
mock->ExpectSend("foo");
- EXPECT_NONFATAL_FAILURE(ReceiveString(mock, "foo"), "called out-of-order");
- EXPECT_TRUE(SendString(mock, "foo"));
+ EXPECT_NONFATAL_FAILURE(ReceiveString(mock.get(), "foo"), "called out-of-order");
+ EXPECT_TRUE(SendString(mock.get(), "foo"));
char c;
mock->AddReceive("foo");
EXPECT_NONFATAL_FAILURE(mock->Receive(&c, 1, 0), "not enough bytes (1) for foo");
- EXPECT_TRUE(ReceiveString(mock, "foo"));
+ EXPECT_TRUE(ReceiveString(mock.get(), "foo"));
mock->AddReceive("foo");
- EXPECT_NONFATAL_FAILURE(delete mock, "1 event(s) were not handled");
+ EXPECT_NONFATAL_FAILURE(mock.reset(), "1 event(s) were not handled");
}
TEST(SocketMockTest, TestAcceptSuccess) {
@@ -372,14 +372,14 @@
}
TEST(SocketMockTest, TestAcceptFailure) {
- SocketMock* mock = new SocketMock;
+ std::unique_ptr<SocketMock> mock(new SocketMock);
EXPECT_NONFATAL_FAILURE(mock->Accept(), "no socket was ready");
mock->ExpectSend("foo");
EXPECT_NONFATAL_FAILURE(mock->Accept(), "called out-of-order");
- EXPECT_TRUE(SendString(mock, "foo"));
+ EXPECT_TRUE(SendString(mock.get(), "foo"));
mock->AddAccept(nullptr);
- EXPECT_NONFATAL_FAILURE(delete mock, "1 event(s) were not handled");
+ EXPECT_NONFATAL_FAILURE(mock.reset(), "1 event(s) were not handled");
}
diff --git a/fs_mgr/OWNERS b/fs_mgr/OWNERS
index 6f1059b..bd46489 100644
--- a/fs_mgr/OWNERS
+++ b/fs_mgr/OWNERS
@@ -1,4 +1,4 @@
-# Bug component: 30545
+# Bug component: 325626
bowgotsai@google.com
dvander@google.com
elsk@google.com
diff --git a/fs_mgr/libsnapshot/Android.bp b/fs_mgr/libsnapshot/Android.bp
index 8e4b556..2165961 100644
--- a/fs_mgr/libsnapshot/Android.bp
+++ b/fs_mgr/libsnapshot/Android.bp
@@ -261,6 +261,7 @@
},
auto_gen_config: true,
require_root: true,
+ compile_multilib: "first",
}
cc_test {
diff --git a/fs_mgr/libsnapshot/snapshot_writer.cpp b/fs_mgr/libsnapshot/snapshot_writer.cpp
index 6aad3d1..82a7fd7 100644
--- a/fs_mgr/libsnapshot/snapshot_writer.cpp
+++ b/fs_mgr/libsnapshot/snapshot_writer.cpp
@@ -93,6 +93,9 @@
std::unique_ptr<FileDescriptor> CompressedSnapshotWriter::OpenReader() {
auto cow = OpenCowReader();
+ if (cow == nullptr) {
+ return nullptr;
+ }
auto reader = std::make_unique<CompressedSnapshotReader>();
if (!reader->SetCow(std::move(cow))) {
diff --git a/fs_mgr/tools/dmuserd.cpp b/fs_mgr/tools/dmuserd.cpp
index 6b68b28..da7156c 100644
--- a/fs_mgr/tools/dmuserd.cpp
+++ b/fs_mgr/tools/dmuserd.cpp
@@ -13,6 +13,7 @@
#include <sys/prctl.h>
#include <unistd.h>
#include <iostream>
+#include <string>
#define SECTOR_SIZE ((__u64)512)
#define BUFFER_BYTES 4096
@@ -133,16 +134,16 @@
return 0;
}
-int simple_daemon(char* control_path, char* backing_path) {
- int control_fd = open(control_path, O_RDWR);
+static int simple_daemon(const std::string& control_path, const std::string& backing_path) {
+ int control_fd = open(control_path.c_str(), O_RDWR);
if (control_fd < 0) {
- fprintf(stderr, "Unable to open control device %s\n", control_path);
+ fprintf(stderr, "Unable to open control device %s\n", control_path.c_str());
return -1;
}
- int backing_fd = open(backing_path, O_RDWR);
+ int backing_fd = open(backing_path.c_str(), O_RDWR);
if (backing_fd < 0) {
- fprintf(stderr, "Unable to open backing device %s\n", backing_path);
+ fprintf(stderr, "Unable to open backing device %s\n", backing_path.c_str());
return -1;
}
@@ -286,8 +287,8 @@
}
int main(int argc, char* argv[]) {
- char* control_path = NULL;
- char* backing_path = NULL;
+ std::string control_path;
+ std::string backing_path;
char* store;
int c;
@@ -299,10 +300,10 @@
usage(basename(argv[0]));
exit(0);
case 'c':
- control_path = strdup(optarg);
+ control_path = optarg;
break;
case 'b':
- backing_path = strdup(optarg);
+ backing_path = optarg;
break;
case 'v':
verbose = true;
diff --git a/init/Android.bp b/init/Android.bp
index 06f696e..c7e7de8 100644
--- a/init/Android.bp
+++ b/init/Android.bp
@@ -109,21 +109,22 @@
misc_undefined: ["signed-integer-overflow"],
},
cflags: [
- "-DLOG_UEVENTS=0",
- "-Wall",
- "-Wextra",
- "-Wno-unused-parameter",
- "-Werror",
- "-Wthread-safety",
"-DALLOW_FIRST_STAGE_CONSOLE=0",
"-DALLOW_LOCAL_PROP_OVERRIDE=0",
"-DALLOW_PERMISSIVE_SELINUX=0",
- "-DREBOOT_BOOTLOADER_ON_PANIC=0",
- "-DWORLD_WRITABLE_KMSG=0",
+ "-DANDROID_BASE_UNIQUE_FD_DISABLE_IMPLICIT_CONVERSION",
"-DDUMP_ON_UMOUNT_FAILURE=0",
- "-DSHUTDOWN_ZERO_TIMEOUT=0",
"-DINIT_FULL_SOURCES",
"-DINSTALL_DEBUG_POLICY_TO_SYSTEM_EXT=0",
+ "-DLOG_UEVENTS=0",
+ "-DREBOOT_BOOTLOADER_ON_PANIC=0",
+ "-DSHUTDOWN_ZERO_TIMEOUT=0",
+ "-DWORLD_WRITABLE_KMSG=0",
+ "-Wall",
+ "-Werror",
+ "-Wextra",
+ "-Wno-unused-parameter",
+ "-Wthread-safety",
],
product_variables: {
debuggable: {
diff --git a/init/builtins.cpp b/init/builtins.cpp
index 7cb8b11..a89813e 100644
--- a/init/builtins.cpp
+++ b/init/builtins.cpp
@@ -331,13 +331,13 @@
unique_fd s(TEMP_FAILURE_RETRY(socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0)));
if (s < 0) return ErrnoError() << "opening socket failed";
- if (ioctl(s, SIOCGIFFLAGS, &ifr) < 0) {
+ if (ioctl(s.get(), SIOCGIFFLAGS, &ifr) < 0) {
return ErrnoError() << "ioctl(..., SIOCGIFFLAGS, ...) failed";
}
ifr.ifr_flags |= IFF_UP;
- if (ioctl(s, SIOCSIFFLAGS, &ifr) < 0) {
+ if (ioctl(s.get(), SIOCSIFFLAGS, &ifr) < 0) {
return ErrnoError() << "ioctl(..., SIOCSIFFLAGS, ...) failed";
}
@@ -516,11 +516,11 @@
loop_info info;
/* if it is a blank loop device */
- if (ioctl(loop, LOOP_GET_STATUS, &info) < 0 && errno == ENXIO) {
+ if (ioctl(loop.get(), LOOP_GET_STATUS, &info) < 0 && errno == ENXIO) {
/* if it becomes our loop device */
- if (ioctl(loop, LOOP_SET_FD, fd.get()) >= 0) {
+ if (ioctl(loop.get(), LOOP_SET_FD, fd.get()) >= 0) {
if (mount(tmp.c_str(), target, system, flags, options) < 0) {
- ioctl(loop, LOOP_CLR_FD, 0);
+ ioctl(loop.get(), LOOP_CLR_FD, 0);
return ErrnoError() << "mount() failed";
}
return {};
@@ -901,16 +901,16 @@
if (fd == -1) {
return ErrnoError() << "Error opening file";
}
- if (posix_fadvise(fd, 0, 0, POSIX_FADV_WILLNEED)) {
+ if (posix_fadvise(fd.get(), 0, 0, POSIX_FADV_WILLNEED)) {
return ErrnoError() << "Error posix_fadvise file";
}
- if (readahead(fd, 0, std::numeric_limits<size_t>::max())) {
+ if (readahead(fd.get(), 0, std::numeric_limits<size_t>::max())) {
return ErrnoError() << "Error readahead file";
}
if (fully) {
char buf[BUFSIZ];
ssize_t n;
- while ((n = TEMP_FAILURE_RETRY(read(fd, &buf[0], sizeof(buf)))) > 0) {
+ while ((n = TEMP_FAILURE_RETRY(read(fd.get(), &buf[0], sizeof(buf)))) > 0) {
}
if (n != 0) {
return ErrnoError() << "Error reading file";
diff --git a/init/epoll.cpp b/init/epoll.cpp
index fd1af4f..cd73a0c 100644
--- a/init/epoll.cpp
+++ b/init/epoll.cpp
@@ -57,7 +57,7 @@
.events = events,
.data.fd = fd,
};
- if (epoll_ctl(epoll_fd_, EPOLL_CTL_ADD, fd, &ev) == -1) {
+ if (epoll_ctl(epoll_fd_.get(), EPOLL_CTL_ADD, fd, &ev) == -1) {
Result<void> result = ErrnoError() << "epoll_ctl failed to add fd";
epoll_handlers_.erase(fd);
return result;
@@ -66,7 +66,7 @@
}
Result<void> Epoll::UnregisterHandler(int fd) {
- if (epoll_ctl(epoll_fd_, EPOLL_CTL_DEL, fd, nullptr) == -1) {
+ if (epoll_ctl(epoll_fd_.get(), EPOLL_CTL_DEL, fd, nullptr) == -1) {
return ErrnoError() << "epoll_ctl failed to remove fd";
}
auto it = epoll_handlers_.find(fd);
@@ -88,7 +88,7 @@
}
const auto max_events = epoll_handlers_.size();
epoll_event ev[max_events];
- auto num_events = TEMP_FAILURE_RETRY(epoll_wait(epoll_fd_, ev, max_events, timeout_ms));
+ auto num_events = TEMP_FAILURE_RETRY(epoll_wait(epoll_fd_.get(), ev, max_events, timeout_ms));
if (num_events == -1) {
return ErrnoError() << "epoll_wait failed";
}
diff --git a/init/firmware_handler.cpp b/init/firmware_handler.cpp
index 30e808d..b9fa58c 100644
--- a/init/firmware_handler.cpp
+++ b/init/firmware_handler.cpp
@@ -257,12 +257,12 @@
return false;
}
struct stat sb;
- if (fstat(fw_fd, &sb) == -1) {
+ if (fstat(fw_fd.get(), &sb) == -1) {
attempted_paths_and_errors.emplace_back("firmware: attempted " + file +
", fstat failed: " + strerror(errno));
return false;
}
- LoadFirmware(firmware, root, fw_fd, sb.st_size, loading_fd, data_fd);
+ LoadFirmware(firmware, root, fw_fd.get(), sb.st_size, loading_fd.get(), data_fd.get());
return true;
};
@@ -287,7 +287,7 @@
}
// Write "-1" as our response to the kernel's firmware request, since we have nothing for it.
- write(loading_fd, "-1", 2);
+ write(loading_fd.get(), "-1", 2);
}
bool FirmwareHandler::ForEachFirmwareDirectory(
diff --git a/init/init.cpp b/init/init.cpp
index 540e2ca..4262191 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -739,33 +739,13 @@
HandlePowerctlMessage("shutdown,container");
}
-static constexpr std::chrono::milliseconds kDiagnosticTimeout = 10s;
-
-static void HandleSignalFd(bool one_off) {
+static void HandleSignalFd() {
signalfd_siginfo siginfo;
- auto started = std::chrono::steady_clock::now();
- do {
- ssize_t bytes_read = TEMP_FAILURE_RETRY(read(signal_fd, &siginfo, sizeof(siginfo)));
- if (bytes_read < 0 && errno == EAGAIN) {
- if (one_off) {
- return;
- }
- auto now = std::chrono::steady_clock::now();
- std::chrono::duration<double> waited = now - started;
- if (waited >= kDiagnosticTimeout) {
- LOG(ERROR) << "epoll() woke us up, but we waited with no SIGCHLD!";
- started = now;
- }
-
- std::this_thread::sleep_for(100ms);
- continue;
- }
- if (bytes_read != sizeof(siginfo)) {
- PLOG(ERROR) << "Failed to read siginfo from signal_fd";
- return;
- }
- break;
- } while (!one_off);
+ ssize_t bytes_read = TEMP_FAILURE_RETRY(read(signal_fd, &siginfo, sizeof(siginfo)));
+ if (bytes_read != sizeof(siginfo)) {
+ PLOG(ERROR) << "Failed to read siginfo from signal_fd";
+ return;
+ }
switch (siginfo.ssi_signo) {
case SIGCHLD:
@@ -820,14 +800,13 @@
LOG(FATAL) << "Failed to register a fork handler: " << strerror(result);
}
- signal_fd = signalfd(-1, &mask, SFD_CLOEXEC | SFD_NONBLOCK);
+ signal_fd = signalfd(-1, &mask, SFD_CLOEXEC);
if (signal_fd == -1) {
PLOG(FATAL) << "failed to create signalfd";
}
constexpr int flags = EPOLLIN | EPOLLPRI;
- auto handler = std::bind(HandleSignalFd, false);
- if (auto result = epoll->RegisterHandler(signal_fd, handler, flags); !result.ok()) {
+ if (auto result = epoll->RegisterHandler(signal_fd, HandleSignalFd, flags); !result.ok()) {
LOG(FATAL) << result.error();
}
}
@@ -956,32 +935,6 @@
return {};
}
-static void DumpPidFds(const std::string& prefix, pid_t pid) {
- std::error_code ec;
- std::string proc_dir = "/proc/" + std::to_string(pid) + "/fd";
- for (const auto& entry : std::filesystem::directory_iterator(proc_dir)) {
- std::string target;
- if (android::base::Readlink(entry.path(), &target)) {
- LOG(ERROR) << prefix << target;
- } else {
- LOG(ERROR) << prefix << entry.path();
- }
- }
-}
-
-static void DumpFile(const std::string& prefix, const std::string& file) {
- std::ifstream fp(file);
- if (!fp) {
- LOG(ERROR) << "Could not open " << file;
- return;
- }
-
- std::string line;
- while (std::getline(fp, line)) {
- LOG(ERROR) << prefix << line;
- }
-}
-
int SecondStageMain(int argc, char** argv) {
if (REBOOT_BOOTLOADER_ON_PANIC) {
InstallRebootSignalHandlers();
@@ -1155,7 +1108,7 @@
setpriority(PRIO_PROCESS, 0, 0);
while (true) {
// By default, sleep until something happens.
- std::chrono::milliseconds epoll_timeout{kDiagnosticTimeout};
+ std::optional<std::chrono::milliseconds> epoll_timeout;
auto shutdown_command = shutdown_state.CheckShutdown();
if (shutdown_command) {
@@ -1187,25 +1140,6 @@
auto epoll_result = epoll.Wait(epoll_timeout);
if (!epoll_result.ok()) {
LOG(ERROR) << epoll_result.error();
- } else if (*epoll_result <= 0 && Service::is_exec_service_running()) {
- static bool dumped_diagnostics = false;
- std::chrono::duration<double> waited =
- std::chrono::steady_clock::now() - Service::exec_service_started();
- if (waited >= kDiagnosticTimeout) {
- LOG(ERROR) << "Exec service is hung? Waited " << waited.count()
- << " without SIGCHLD";
- if (!dumped_diagnostics) {
- DumpPidFds("exec service opened: ", Service::exec_service_pid());
-
- std::string status_file =
- "/proc/" + std::to_string(Service::exec_service_pid()) + "/status";
- DumpFile("exec service: ", status_file);
- dumped_diagnostics = true;
-
- LOG(INFO) << "Attempting to handle any stuck SIGCHLDs...";
- HandleSignalFd(true);
- }
- }
}
if (!IsShuttingDown()) {
HandleControlMessages();
diff --git a/init/init_test.cpp b/init/init_test.cpp
index 7bad6fd..aea1cb3 100644
--- a/init/init_test.cpp
+++ b/init/init_test.cpp
@@ -194,10 +194,9 @@
}
TEST(init, StartConsole) {
- // Two different failures have been observed for this test: (1) No
- // permission to open /dev/console and (2) getsid() != pid. Skip this test
- // until these failures have been root-caused and fixed.
- GTEST_SKIP() << "This test needs to be improved";
+ if (access("/dev/console", F_OK) < 0) {
+ GTEST_SKIP() << "/dev/console not found";
+ }
std::string init_script = R"init(
service console /system/bin/sh
class core
@@ -205,7 +204,7 @@
disabled
user root
group root shell log readproc
- seclabel u:r:su:s0
+ seclabel u:r:shell:s0
setenv HOSTNAME console
)init";
@@ -219,7 +218,7 @@
ASSERT_RESULT_OK(service->Start());
const pid_t pid = service->pid();
ASSERT_GT(pid, 0);
- EXPECT_EQ(getsid(pid), pid);
+ EXPECT_NE(getsid(pid), 0);
service->Stop();
}
diff --git a/init/persistent_properties.cpp b/init/persistent_properties.cpp
index d33a6b8..8db7267 100644
--- a/init/persistent_properties.cpp
+++ b/init/persistent_properties.cpp
@@ -77,7 +77,7 @@
}
struct stat sb;
- if (fstat(fd, &sb) == -1) {
+ if (fstat(fd.get(), &sb) == -1) {
PLOG(ERROR) << "fstat on property file \"" << entry->d_name << "\" failed";
continue;
}
@@ -198,7 +198,7 @@
if (!WriteStringToFd(serialized_string, fd)) {
return ErrnoError() << "Unable to write file contents";
}
- fsync(fd);
+ fsync(fd.get());
fd.reset();
if (rename(temp_filename.c_str(), persistent_property_filename.c_str())) {
@@ -216,7 +216,7 @@
if (dir_fd < 0) {
return ErrnoError() << "Unable to open persistent properties directory for fsync()";
}
- fsync(dir_fd);
+ fsync(dir_fd.get());
return {};
}
diff --git a/init/property_service.cpp b/init/property_service.cpp
index f3550a1..9df9828 100644
--- a/init/property_service.cpp
+++ b/init/property_service.cpp
@@ -300,13 +300,13 @@
if (!socket_.ok()) {
return true;
}
- int result = TEMP_FAILURE_RETRY(send(socket_, &value, sizeof(value), 0));
+ int result = TEMP_FAILURE_RETRY(send(socket_.get(), &value, sizeof(value), 0));
return result == sizeof(value);
}
bool GetSourceContext(std::string* source_context) const {
char* c_source_context = nullptr;
- if (getpeercon(socket_, &c_source_context) != 0) {
+ if (getpeercon(socket_.get(), &c_source_context) != 0) {
return false;
}
*source_context = c_source_context;
@@ -320,13 +320,13 @@
private:
bool PollIn(uint32_t* timeout_ms) {
- struct pollfd ufds[1];
- ufds[0].fd = socket_;
- ufds[0].events = POLLIN;
- ufds[0].revents = 0;
+ struct pollfd ufd = {
+ .fd = socket_.get(),
+ .events = POLLIN,
+ };
while (*timeout_ms > 0) {
auto start_time = std::chrono::steady_clock::now();
- int nr = poll(ufds, 1, *timeout_ms);
+ int nr = poll(&ufd, 1, *timeout_ms);
auto now = std::chrono::steady_clock::now();
auto time_elapsed =
std::chrono::duration_cast<std::chrono::milliseconds>(now - start_time);
@@ -368,7 +368,7 @@
return false;
}
- int result = TEMP_FAILURE_RETRY(recv(socket_, data, bytes_left, MSG_DONTWAIT));
+ int result = TEMP_FAILURE_RETRY(recv(socket_.get(), data, bytes_left, MSG_DONTWAIT));
if (result <= 0) {
PLOG(ERROR) << "sys_prop: recv error";
return false;
diff --git a/init/reboot.cpp b/init/reboot.cpp
index 1f4186d..a3fc534 100644
--- a/init/reboot.cpp
+++ b/init/reboot.cpp
@@ -767,7 +767,7 @@
if (IsDataMounted("f2fs")) {
uint32_t flag = F2FS_GOING_DOWN_FULLSYNC;
unique_fd fd(TEMP_FAILURE_RETRY(open("/data", O_RDONLY)));
- int ret = ioctl(fd, F2FS_IOC_SHUTDOWN, &flag);
+ int ret = ioctl(fd.get(), F2FS_IOC_SHUTDOWN, &flag);
if (ret) {
PLOG(ERROR) << "Shutdown /data: ";
} else {
diff --git a/init/security.cpp b/init/security.cpp
index 2ecf687..6e616be 100644
--- a/init/security.cpp
+++ b/init/security.cpp
@@ -216,7 +216,7 @@
return {};
}
- int ioctl_ret = ioctl(fd, PERF_EVENT_IOC_RESET);
+ int ioctl_ret = ioctl(fd.get(), PERF_EVENT_IOC_RESET);
if (ioctl_ret != -1) {
// Success implies that the kernel doesn't have the hooks.
return {};
diff --git a/init/selinux.cpp b/init/selinux.cpp
index ab5b0a0..ea308aa 100644
--- a/init/selinux.cpp
+++ b/init/selinux.cpp
@@ -567,7 +567,7 @@
return ErrnoError() << "Failed to open " << dstPath;
}
- ret = ExtractEntryToFile(archive, &entry, fd);
+ ret = ExtractEntryToFile(archive, &entry, fd.get());
if (ret != 0) {
return Error() << "Failed to extract entry \"" << fileName << "\" ("
<< entry.uncompressed_length << " bytes) to \"" << dstPath
@@ -785,7 +785,7 @@
return;
}
- TEMP_FAILURE_RETRY(send(fd, &request, sizeof(request), 0));
+ TEMP_FAILURE_RETRY(send(fd.get(), &request, sizeof(request), 0));
}
} // namespace
diff --git a/init/service.cpp b/init/service.cpp
index ccc7191..2ce81a0 100644
--- a/init/service.cpp
+++ b/init/service.cpp
@@ -136,8 +136,6 @@
unsigned long Service::next_start_order_ = 1;
bool Service::is_exec_service_running_ = false;
-pid_t Service::exec_service_pid_ = -1;
-std::chrono::time_point<std::chrono::steady_clock> Service::exec_service_started_;
Service::Service(const std::string& name, Subcontext* subcontext_for_restart_commands,
const std::string& filename, const std::vector<std::string>& args)
@@ -292,7 +290,8 @@
}
if ((siginfo.si_code != CLD_EXITED || siginfo.si_status != 0) && on_failure_reboot_target_) {
- LOG(ERROR) << "Service with 'reboot_on_failure' option failed, shutting down system.";
+ LOG(ERROR) << "Service " << name_
+ << " has 'reboot_on_failure' option and failed, shutting down system.";
trigger_shutdown(*on_failure_reboot_target_);
}
@@ -433,8 +432,6 @@
flags_ |= SVC_EXEC;
is_exec_service_running_ = true;
- exec_service_pid_ = pid_;
- exec_service_started_ = std::chrono::steady_clock::now();
LOG(INFO) << "SVC_EXEC service '" << name_ << "' pid " << pid_ << " (uid " << proc_attr_.uid
<< " gid " << proc_attr_.gid << "+" << proc_attr_.supp_gids.size() << " context "
diff --git a/init/service.h b/init/service.h
index 54bf638..f9749d2 100644
--- a/init/service.h
+++ b/init/service.h
@@ -73,6 +73,8 @@
const std::vector<gid_t>& supp_gids, int namespace_flags, const std::string& seclabel,
Subcontext* subcontext_for_restart_commands, const std::string& filename,
const std::vector<std::string>& args);
+ Service(const Service&) = delete;
+ void operator=(const Service&) = delete;
static Result<std::unique_ptr<Service>> MakeTemporaryOneshotService(
const std::vector<std::string>& args);
@@ -104,10 +106,6 @@
size_t CheckAllCommands() const { return onrestart_.CheckAllCommands(); }
static bool is_exec_service_running() { return is_exec_service_running_; }
- static pid_t exec_service_pid() { return exec_service_pid_; }
- static std::chrono::time_point<std::chrono::steady_clock> exec_service_started() {
- return exec_service_started_;
- }
const std::string& name() const { return name_; }
const std::set<std::string>& classnames() const { return classnames_; }
@@ -160,8 +158,6 @@
void SetMountNamespace();
static unsigned long next_start_order_;
static bool is_exec_service_running_;
- static std::chrono::time_point<std::chrono::steady_clock> exec_service_started_;
- static pid_t exec_service_pid_;
const std::string name_;
std::set<std::string> classnames_;
diff --git a/init/service_list.cpp b/init/service_list.cpp
index 3047821..937d82e 100644
--- a/init/service_list.cpp
+++ b/init/service_list.cpp
@@ -24,8 +24,8 @@
ServiceList::ServiceList() {}
ServiceList& ServiceList::GetInstance() {
- static ServiceList instance;
- return instance;
+ static ServiceList* instance = new ServiceList;
+ return *instance;
}
size_t ServiceList::CheckAllCommands() {
diff --git a/init/service_utils.cpp b/init/service_utils.cpp
index 15bf963..7004d8d 100644
--- a/init/service_utils.cpp
+++ b/init/service_utils.cpp
@@ -52,7 +52,7 @@
if (fd == -1) {
return ErrnoError() << "Could not open namespace at " << path;
}
- if (setns(fd, nstype) == -1) {
+ if (setns(fd.get(), nstype) == -1) {
return ErrnoError() << "Could not setns() namespace at " << path;
}
return {};
@@ -127,22 +127,22 @@
void SetupStdio(bool stdio_to_kmsg) {
auto fd = unique_fd{open("/dev/null", O_RDWR | O_CLOEXEC)};
- dup2(fd, STDIN_FILENO);
+ dup2(fd.get(), STDIN_FILENO);
if (stdio_to_kmsg) {
fd.reset(open("/dev/kmsg_debug", O_WRONLY | O_CLOEXEC));
if (fd == -1) fd.reset(open("/dev/null", O_WRONLY | O_CLOEXEC));
}
- dup2(fd, STDOUT_FILENO);
- dup2(fd, STDERR_FILENO);
+ dup2(fd.get(), STDOUT_FILENO);
+ dup2(fd.get(), STDERR_FILENO);
}
void OpenConsole(const std::string& console) {
auto fd = unique_fd{open(console.c_str(), O_RDWR | O_CLOEXEC)};
if (fd == -1) fd.reset(open("/dev/null", O_RDWR | O_CLOEXEC));
- ioctl(fd, TIOCSCTTY, 0);
- dup2(fd, 0);
- dup2(fd, 1);
- dup2(fd, 2);
+ ioctl(fd.get(), TIOCSCTTY, 0);
+ dup2(fd.get(), 0);
+ dup2(fd.get(), 1);
+ dup2(fd.get(), 2);
}
} // namespace
@@ -190,7 +190,7 @@
}
// Fixup as we set O_NONBLOCK for open, the intent for fd is to block reads.
- fcntl(fd, F_SETFL, flags);
+ fcntl(fd.get(), F_SETFL, flags);
return Descriptor(ANDROID_FILE_ENV_PREFIX + name, std::move(fd));
}
diff --git a/init/subcontext.cpp b/init/subcontext.cpp
index 961e006..6a095fb 100644
--- a/init/subcontext.cpp
+++ b/init/subcontext.cpp
@@ -207,7 +207,7 @@
// We explicitly do not use O_CLOEXEC here, such that we can reference this FD by number
// in the subcontext process after we exec.
- int child_fd = dup(subcontext_socket); // NOLINT(android-cloexec-dup)
+ int child_fd = dup(subcontext_socket.get()); // NOLINT(android-cloexec-dup)
if (child_fd < 0) {
PLOG(FATAL) << "Could not dup child_fd";
}
@@ -268,12 +268,12 @@
}
Result<SubcontextReply> Subcontext::TransmitMessage(const SubcontextCommand& subcontext_command) {
- if (auto result = SendMessage(socket_, subcontext_command); !result.ok()) {
+ if (auto result = SendMessage(socket_.get(), subcontext_command); !result.ok()) {
Restart();
return ErrnoError() << "Failed to send message to subcontext";
}
- auto subcontext_message = ReadMessage(socket_);
+ auto subcontext_message = ReadMessage(socket_.get());
if (!subcontext_message.ok()) {
Restart();
return Error() << "Failed to receive result from subcontext: " << subcontext_message.error();
diff --git a/init/test_upgrade_mte/mte_upgrade_test_helper.cpp b/init/test_upgrade_mte/mte_upgrade_test_helper.cpp
index 10af06b..3188337 100644
--- a/init/test_upgrade_mte/mte_upgrade_test_helper.cpp
+++ b/init/test_upgrade_mte/mte_upgrade_test_helper.cpp
@@ -22,6 +22,7 @@
#include <sys/prctl.h>
#include <time.h>
#include <unistd.h>
+#include <memory>
int MaybeDowngrade() {
int res = prctl(PR_GET_TAGGED_ADDR_CTRL, 0, 0, 0, 0);
@@ -58,7 +59,7 @@
// Disallow automatic upgrade from ASYNC mode.
if (prctl(PR_SET_TAGGED_ADDR_CTRL, res & ~PR_MTE_TCF_SYNC, 0, 0, 0) == -1) abort();
}
- volatile char* f = (char*)malloc(1);
+ std::unique_ptr<volatile char[]> f(new char[1]);
f[17] = 'x';
char buf[1];
read(1, buf, 1);
diff --git a/init/uevent_listener.cpp b/init/uevent_listener.cpp
index 7cd396a..5da6777 100644
--- a/init/uevent_listener.cpp
+++ b/init/uevent_listener.cpp
@@ -92,12 +92,12 @@
LOG(FATAL) << "Could not open uevent socket";
}
- fcntl(device_fd_, F_SETFL, O_NONBLOCK);
+ fcntl(device_fd_.get(), F_SETFL, O_NONBLOCK);
}
ReadUeventResult UeventListener::ReadUevent(Uevent* uevent) const {
char msg[UEVENT_MSG_LEN + 2];
- int n = uevent_kernel_multicast_recv(device_fd_, msg, UEVENT_MSG_LEN);
+ int n = uevent_kernel_multicast_recv(device_fd_.get(), msg, UEVENT_MSG_LEN);
if (n <= 0) {
if (errno != EAGAIN && errno != EWOULDBLOCK) {
PLOG(ERROR) << "Error reading from Uevent Fd";
@@ -184,9 +184,10 @@
const std::optional<std::chrono::milliseconds> relative_timeout) const {
using namespace std::chrono;
- pollfd ufd;
- ufd.events = POLLIN;
- ufd.fd = device_fd_;
+ pollfd ufd = {
+ .events = POLLIN,
+ .fd = device_fd_.get(),
+ };
auto start_time = steady_clock::now();
diff --git a/init/util.cpp b/init/util.cpp
index 3d42855..bc8ea6e 100644
--- a/init/util.cpp
+++ b/init/util.cpp
@@ -120,12 +120,12 @@
if (passcred) {
int on = 1;
- if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on))) {
+ if (setsockopt(fd.get(), SOL_SOCKET, SO_PASSCRED, &on, sizeof(on))) {
return ErrnoError() << "Failed to set SO_PASSCRED '" << name << "'";
}
}
- int ret = bind(fd, (struct sockaddr *) &addr, sizeof (addr));
+ int ret = bind(fd.get(), (struct sockaddr*)&addr, sizeof(addr));
int savederrno = errno;
if (!secontext.empty()) {
@@ -145,7 +145,7 @@
if (fchmodat(AT_FDCWD, addr.sun_path, perm, AT_SYMLINK_NOFOLLOW)) {
return ErrnoError() << "Failed to fchmodat socket '" << addr.sun_path << "'";
}
- if (should_listen && listen(fd, /* use OS maximum */ 1 << 30)) {
+ if (should_listen && listen(fd.get(), /* use OS maximum */ 1 << 30)) {
return ErrnoError() << "Failed to listen on socket '" << addr.sun_path << "'";
}
@@ -168,7 +168,7 @@
// For security reasons, disallow world-writable
// or group-writable files.
struct stat sb;
- if (fstat(fd, &sb) == -1) {
+ if (fstat(fd.get(), &sb) == -1) {
return ErrnoError() << "fstat failed()";
}
if ((sb.st_mode & (S_IWGRP | S_IWOTH)) != 0) {
diff --git a/janitors/OWNERS b/janitors/OWNERS
index e132f0b..d871201 100644
--- a/janitors/OWNERS
+++ b/janitors/OWNERS
@@ -1,6 +1,7 @@
# OWNERS file for projects that don't really have owners so much as volunteer janitors.
ccross@google.com
+cferris@google.com
dwillemsen@google.com
enh@google.com
narayan@google.com
-sadafebrahimi@google.com
\ No newline at end of file
+sadafebrahimi@google.com
diff --git a/rootdir/etc/linker.config.json b/rootdir/etc/linker.config.json
index 3a98fdb..47f77b1 100644
--- a/rootdir/etc/linker.config.json
+++ b/rootdir/etc/linker.config.json
@@ -22,17 +22,16 @@
"libnetd_resolv.so",
// netd
"libnetd_updatable.so",
- // nn
- "libneuralnetworks.so",
// statsd
"libstatspull.so",
"libstatssocket.so",
- // tethering LLNDK
- "libcom.android.tethering.connectivity_native.so",
// adbd
"libadb_pairing_auth.so",
"libadb_pairing_connection.so",
"libadb_pairing_server.so"
+
+ // LLNDK libraries in APEXes will be added automatically from the build,
+ // using build variable LLNDK_MOVED_TO_APEX_LIBRARIES.
],
"provideLibs": [
"libaptX_encoder.so",
diff --git a/rootdir/init.rc b/rootdir/init.rc
index f05c0bf..1131f3f 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -1108,6 +1108,7 @@
# are not aware of using fsync()/sync() to prepare sudden power-cut.
write /dev/sys/fs/by-name/userdata/cp_interval 200
write /dev/sys/fs/by-name/userdata/gc_urgent_sleep_time 50
+ write /dev/sys/fs/by-name/userdata/iostat_period_ms 1000
write /dev/sys/fs/by-name/userdata/iostat_enable 1
# set readahead multiplier for POSIX_FADV_SEQUENTIAL files
diff --git a/trusty/keymaster/keymint/TrustyKeyMintDevice.cpp b/trusty/keymaster/keymint/TrustyKeyMintDevice.cpp
index 7d58162..b696ff9 100644
--- a/trusty/keymaster/keymint/TrustyKeyMintDevice.cpp
+++ b/trusty/keymaster/keymint/TrustyKeyMintDevice.cpp
@@ -91,7 +91,7 @@
} // namespace
ScopedAStatus TrustyKeyMintDevice::getHardwareInfo(KeyMintHardwareInfo* info) {
- info->versionNumber = 2;
+ info->versionNumber = 3;
info->securityLevel = kSecurityLevel;
info->keyMintName = "TrustyKeyMintDevice";
info->keyMintAuthorName = "Google";
diff --git a/trusty/keymaster/keymint/service.cpp b/trusty/keymaster/keymint/service.cpp
index 3447b27..14549d2 100644
--- a/trusty/keymaster/keymint/service.cpp
+++ b/trusty/keymaster/keymint/service.cpp
@@ -41,7 +41,7 @@
int main() {
auto trustyKeymaster = std::make_shared<keymaster::TrustyKeymaster>();
- int err = trustyKeymaster->Initialize(keymaster::KmVersion::KEYMINT_2);
+ int err = trustyKeymaster->Initialize(keymaster::KmVersion::KEYMINT_3);
if (err != 0) {
LOG(FATAL) << "Could not initialize TrustyKeymaster for KeyMint (" << err << ")";
return -1;
diff --git a/trusty/keymint/Android.bp b/trusty/keymint/Android.bp
new file mode 100644
index 0000000..54aadaa
--- /dev/null
+++ b/trusty/keymint/Android.bp
@@ -0,0 +1,37 @@
+//
+// Copyright (C) 2022 The Android Open-Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+rust_binary {
+ name: "android.hardware.security.keymint-service.rust.trusty",
+ relative_install_path: "hw",
+ vendor: true,
+ init_rc: ["android.hardware.security.keymint-service.rust.trusty.rc"],
+ vintf_fragments: ["android.hardware.security.keymint-service.rust.trusty.xml"],
+ srcs: [
+ "src/keymint_hal_main.rs"
+ ],
+ rustlibs: [
+ "libandroid_logger",
+ "libbinder_rs",
+ "libkmr_wire",
+ "libkmr_hal",
+ "libtrusty-rs",
+ "liblibc",
+ "liblog_rust",
+ ],
+ required: [
+ "android.hardware.hardware_keystore.xml",
+ ],
+}
diff --git a/trusty/keymint/android.hardware.hardware_keystore.rust.trusty-keymint.xml b/trusty/keymint/android.hardware.hardware_keystore.rust.trusty-keymint.xml
new file mode 100644
index 0000000..cd656b2
--- /dev/null
+++ b/trusty/keymint/android.hardware.hardware_keystore.rust.trusty-keymint.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright 2021 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<permissions>
+ <feature name="android.hardware.hardware_keystore" version="300" />
+</permissions>
diff --git a/trusty/keymint/android.hardware.security.keymint-service.rust.trusty.rc b/trusty/keymint/android.hardware.security.keymint-service.rust.trusty.rc
new file mode 100644
index 0000000..e3d94c6
--- /dev/null
+++ b/trusty/keymint/android.hardware.security.keymint-service.rust.trusty.rc
@@ -0,0 +1,7 @@
+service vendor.keymint.rust-trusty /vendor/bin/hw/android.hardware.security.keymint-service.rust.trusty
+ class early_hal
+ user nobody
+ group drmrpc
+ # The keymint service is not allowed to restart.
+ # If it crashes, a device restart is required.
+ oneshot
\ No newline at end of file
diff --git a/trusty/keymint/android.hardware.security.keymint-service.rust.trusty.xml b/trusty/keymint/android.hardware.security.keymint-service.rust.trusty.xml
new file mode 100644
index 0000000..3dc9c88
--- /dev/null
+++ b/trusty/keymint/android.hardware.security.keymint-service.rust.trusty.xml
@@ -0,0 +1,20 @@
+<manifest version="1.0" type="device">
+ <hal format="aidl">
+ <name>android.hardware.security.keymint</name>
+ <version>3</version>
+ <fqname>IKeyMintDevice/default</fqname>
+ </hal>
+ <hal format="aidl">
+ <name>android.hardware.security.secureclock</name>
+ <fqname>ISecureClock/default</fqname>
+ </hal>
+ <hal format="aidl">
+ <name>android.hardware.security.sharedsecret</name>
+ <fqname>ISharedSecret/default</fqname>
+ </hal>
+ <hal format="aidl">
+ <name>android.hardware.security.keymint</name>
+ <version>3</version>
+ <fqname>IRemotelyProvisionedComponent/default</fqname>
+ </hal>
+</manifest>
diff --git a/trusty/keymint/src/keymint_hal_main.rs b/trusty/keymint/src/keymint_hal_main.rs
new file mode 100644
index 0000000..d2d5f27
--- /dev/null
+++ b/trusty/keymint/src/keymint_hal_main.rs
@@ -0,0 +1,155 @@
+//
+// Copyright (C) 2022 The Android Open-Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! This module implements the HAL service for Keymint (Rust) in Trusty.
+use kmr_hal::{keymint, rpc, secureclock, send_hal_info, sharedsecret, SerializedChannel};
+use log::{error, info};
+use std::{
+ ffi::CString,
+ ops::DerefMut,
+ panic,
+ sync::{Arc, Mutex},
+};
+use trusty::DEFAULT_DEVICE;
+
+const TRUSTY_KEYMINT_RUST_SERVICE_NAME: &str = "com.android.trusty.keymint";
+
+static SERVICE_INSTANCE: &str = "default";
+
+static KM_SERVICE_NAME: &str = "android.hardware.security.keymint.IKeyMintDevice";
+static RPC_SERVICE_NAME: &str = "android.hardware.security.keymint.IRemotelyProvisionedComponent";
+static SECURE_CLOCK_SERVICE_NAME: &str = "android.hardware.security.secureclock.ISecureClock";
+static SHARED_SECRET_SERVICE_NAME: &str = "android.hardware.security.sharedsecret.ISharedSecret";
+
+/// Local error type for failures in the HAL service.
+#[derive(Debug, Clone)]
+struct HalServiceError(String);
+
+#[derive(Debug)]
+struct TipcChannel(trusty::TipcChannel);
+
+impl SerializedChannel for TipcChannel {
+ fn execute(&mut self, serialized_req: &[u8]) -> binder::Result<Vec<u8>> {
+ self.0.send(serialized_req).map_err(|e| {
+ binder::Status::new_exception(
+ binder::ExceptionCode::TRANSACTION_FAILED,
+ Some(
+ &CString::new(format!(
+ "Failed to send the request via tipc channel because of {:?}",
+ e
+ ))
+ .unwrap(),
+ ),
+ )
+ })?;
+ let mut recv_buf = Vec::new();
+ // TODO(b/253501976): cope with fragmentation of responses
+ self.0.recv(&mut recv_buf).map_err(|e| {
+ binder::Status::new_exception(
+ binder::ExceptionCode::TRANSACTION_FAILED,
+ Some(
+ &CString::new(format!(
+ "Failed to receive the response via tipc channel because of {:?}",
+ e
+ ))
+ .unwrap(),
+ ),
+ )
+ })?;
+ Ok(recv_buf)
+ }
+}
+
+fn main() {
+ if let Err(e) = inner_main() {
+ panic!("HAL service failed: {:?}", e);
+ }
+}
+
+fn inner_main() -> Result<(), HalServiceError> {
+ // Initialize Android logging.
+ android_logger::init_once(
+ android_logger::Config::default()
+ .with_tag("keymint-hal-trusty")
+ .with_min_level(log::Level::Info)
+ .with_log_id(android_logger::LogId::System),
+ );
+ // Redirect panic messages to logcat.
+ panic::set_hook(Box::new(|panic_info| {
+ error!("{}", panic_info);
+ }));
+
+ info!("Trusty KM HAL service is starting.");
+
+ info!("Starting thread pool now.");
+ binder::ProcessState::start_thread_pool();
+
+ // Create connection to the TA
+ let connection = trusty::TipcChannel::connect(DEFAULT_DEVICE, TRUSTY_KEYMINT_RUST_SERVICE_NAME)
+ .map_err(|e| {
+ HalServiceError(format!("Failed to connect to Trusty Keymint TA because of {:?}.", e))
+ })?;
+ let tipc_channel = Arc::new(Mutex::new(TipcChannel(connection)));
+
+ // Register the Keymint service
+ let km_service = keymint::Device::new_as_binder(tipc_channel.clone());
+ let km_service_name = format!("{}/{}", KM_SERVICE_NAME, SERVICE_INSTANCE);
+ binder::add_service(&km_service_name, km_service.as_binder()).map_err(|e| {
+ HalServiceError(format!(
+ "Failed to register service {} because of {:?}.",
+ km_service_name, e
+ ))
+ })?;
+
+ // Register the Remotely Provisioned Component service
+ let rpc_service = rpc::Device::new_as_binder(tipc_channel.clone());
+ let rpc_service_name = format!("{}/{}", RPC_SERVICE_NAME, SERVICE_INSTANCE);
+ binder::add_service(&rpc_service_name, rpc_service.as_binder()).map_err(|e| {
+ HalServiceError(format!(
+ "Failed to register service {} because of {:?}.",
+ rpc_service_name, e
+ ))
+ })?;
+
+ // Register the Secure Clock service
+ let sclock_service = secureclock::Device::new_as_binder(tipc_channel.clone());
+ let sclock_service_name = format!("{}/{}", SECURE_CLOCK_SERVICE_NAME, SERVICE_INSTANCE);
+ binder::add_service(&sclock_service_name, sclock_service.as_binder()).map_err(|e| {
+ HalServiceError(format!(
+ "Failed to register service {} because of {:?}.",
+ sclock_service_name, e
+ ))
+ })?;
+
+ // Register the Shared Secret service
+ let ssecret_service = sharedsecret::Device::new_as_binder(tipc_channel.clone());
+ let ssecret_service_name = format!("{}/{}", SHARED_SECRET_SERVICE_NAME, SERVICE_INSTANCE);
+ binder::add_service(&ssecret_service_name, ssecret_service.as_binder()).map_err(|e| {
+ HalServiceError(format!(
+ "Failed to register service {} because of {:?}.",
+ ssecret_service_name, e
+ ))
+ })?;
+
+ // Send the HAL service information to the TA
+ send_hal_info(tipc_channel.lock().unwrap().deref_mut())
+ .map_err(|e| HalServiceError(format!("Failed to populate HAL info: {:?}", e)))?;
+
+ info!("Successfully registered KeyMint HAL services.");
+ info!("Joining thread pool now.");
+ binder::ProcessState::join_thread_pool();
+ info!("KeyMint HAL service is terminating."); // should not reach here
+ Ok(())
+}
diff --git a/trusty/storage/proxy/Android.bp b/trusty/storage/proxy/Android.bp
index 94f26d8..e952ee0 100644
--- a/trusty/storage/proxy/Android.bp
+++ b/trusty/storage/proxy/Android.bp
@@ -32,11 +32,11 @@
shared_libs: [
"libbase",
+ "libcutils",
"liblog",
"libhardware_legacy",
],
header_libs: [
- "libcutils_headers",
"libgsi_headers",
],
diff --git a/trusty/storage/proxy/storage.c b/trusty/storage/proxy/storage.c
index c531cfd..033dc21 100644
--- a/trusty/storage/proxy/storage.c
+++ b/trusty/storage/proxy/storage.c
@@ -13,6 +13,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
+#include <cutils/properties.h>
#include <errno.h>
#include <fcntl.h>
#include <inttypes.h>
@@ -43,6 +44,22 @@
static const char *ssdir_name;
+/*
+ * Property set to 1 after we have opened a file under ssdir_name. The backing
+ * files for both TD and TDP are currently located under /data/vendor/ss and can
+ * only be opened once userdata is mounted. This storageproxyd service is
+ * restarted when userdata is available, which causes the Trusty storage service
+ * to reconnect and attempt to open the backing files for TD and TDP. Once we
+ * set this property, other users can expect that the Trusty storage service
+ * ports will be available (although they may block if still being initialized),
+ * and connections will not be reset after this point (assuming the
+ * storageproxyd service stays running).
+ */
+#define FS_READY_PROPERTY "ro.vendor.trusty.storage.fs_ready"
+
+/* has FS_READY_PROPERTY been set? */
+static bool fs_ready_initialized = false;
+
static enum sync_state fs_state;
static enum sync_state fd_state[FD_TBL_SIZE];
@@ -336,6 +353,16 @@
ALOGV("%s: \"%s\": fd = %u: handle = %d\n",
__func__, path, rc, resp.handle);
+ /* a backing file has been opened, notify any waiting init steps */
+ if (!fs_ready_initialized) {
+ rc = property_set(FS_READY_PROPERTY, "1");
+ if (rc == 0) {
+ fs_ready_initialized = true;
+ } else {
+ ALOGE("Could not set property %s, rc: %d\n", FS_READY_PROPERTY, rc);
+ }
+ }
+
return ipc_respond(msg, &resp, sizeof(resp));
err_response:
diff --git a/trusty/test/binder/aidl/ByteEnum.aidl b/trusty/test/binder/aidl/com/android/trusty/binder/test/ByteEnum.aidl
similarity index 94%
rename from trusty/test/binder/aidl/ByteEnum.aidl
rename to trusty/test/binder/aidl/com/android/trusty/binder/test/ByteEnum.aidl
index d3a13ac..9c712c0 100644
--- a/trusty/test/binder/aidl/ByteEnum.aidl
+++ b/trusty/test/binder/aidl/com/android/trusty/binder/test/ByteEnum.aidl
@@ -14,6 +14,8 @@
* limitations under the License.
*/
+package com.android.trusty.binder.test;
+
/*
* Hello, world!
*/
diff --git a/trusty/test/binder/aidl/ITestService.aidl b/trusty/test/binder/aidl/com/android/trusty/binder/test/ITestService.aidl
similarity index 93%
rename from trusty/test/binder/aidl/ITestService.aidl
rename to trusty/test/binder/aidl/com/android/trusty/binder/test/ITestService.aidl
index c6a99c8..cfbb246 100644
--- a/trusty/test/binder/aidl/ITestService.aidl
+++ b/trusty/test/binder/aidl/com/android/trusty/binder/test/ITestService.aidl
@@ -14,10 +14,11 @@
* limitations under the License.
*/
+package com.android.trusty.binder.test;
-import ByteEnum;
-import IntEnum;
-import LongEnum;
+import com.android.trusty.binder.test.ByteEnum;
+import com.android.trusty.binder.test.IntEnum;
+import com.android.trusty.binder.test.LongEnum;
interface ITestService {
const @utf8InCpp String PORT = "com.android.trusty.binder.test.service";
diff --git a/trusty/test/binder/aidl/IntEnum.aidl b/trusty/test/binder/aidl/com/android/trusty/binder/test/IntEnum.aidl
similarity index 94%
rename from trusty/test/binder/aidl/IntEnum.aidl
rename to trusty/test/binder/aidl/com/android/trusty/binder/test/IntEnum.aidl
index 120e44f..4055b25 100644
--- a/trusty/test/binder/aidl/IntEnum.aidl
+++ b/trusty/test/binder/aidl/com/android/trusty/binder/test/IntEnum.aidl
@@ -14,6 +14,8 @@
* limitations under the License.
*/
+package com.android.trusty.binder.test;
+
@JavaDerive(toString=true)
@Backing(type="int")
enum IntEnum {
diff --git a/trusty/test/binder/aidl/LongEnum.aidl b/trusty/test/binder/aidl/com/android/trusty/binder/test/LongEnum.aidl
similarity index 94%
rename from trusty/test/binder/aidl/LongEnum.aidl
rename to trusty/test/binder/aidl/com/android/trusty/binder/test/LongEnum.aidl
index 0e9e933..20c64af 100644
--- a/trusty/test/binder/aidl/LongEnum.aidl
+++ b/trusty/test/binder/aidl/com/android/trusty/binder/test/LongEnum.aidl
@@ -14,6 +14,8 @@
* limitations under the License.
*/
+package com.android.trusty.binder.test;
+
@Backing(type="long")
enum LongEnum {
FOO = 100000000000,
diff --git a/trusty/test/binder/aidl/rules.mk b/trusty/test/binder/aidl/rules.mk
index 6154abb..546a370 100644
--- a/trusty/test/binder/aidl/rules.mk
+++ b/trusty/test/binder/aidl/rules.mk
@@ -17,10 +17,12 @@
MODULE := $(LOCAL_DIR)
+MODULE_AIDL_PACKAGE := com/android/trusty/binder/test
+
MODULE_AIDLS := \
- $(LOCAL_DIR)/ByteEnum.aidl \
- $(LOCAL_DIR)/IntEnum.aidl \
- $(LOCAL_DIR)/ITestService.aidl \
- $(LOCAL_DIR)/LongEnum.aidl \
+ $(LOCAL_DIR)/$(MODULE_AIDL_PACKAGE)/ByteEnum.aidl \
+ $(LOCAL_DIR)/$(MODULE_AIDL_PACKAGE)/IntEnum.aidl \
+ $(LOCAL_DIR)/$(MODULE_AIDL_PACKAGE)/ITestService.aidl \
+ $(LOCAL_DIR)/$(MODULE_AIDL_PACKAGE)/LongEnum.aidl \
include make/aidl.mk