Merge changes I6e95870e,Ibcef6b73,I302ce3c2 into main

* changes:
  libprocessgroup: Use pid_t consistently for TIDs
  libprocessgroup: Use pid_t consistently for PIDs
  libprocessgroup: Use uid_t consistently for UIDs
diff --git a/libprocessgroup/profiles/cgroups.json b/libprocessgroup/profiles/cgroups.json
index d013ec8..3e4393d 100644
--- a/libprocessgroup/profiles/cgroups.json
+++ b/libprocessgroup/profiles/cgroups.json
@@ -1,6 +1,13 @@
 {
   "Cgroups": [
     {
+      "Controller": "blkio",
+      "Path": "/dev/blkio",
+      "Mode": "0775",
+      "UID": "system",
+      "GID": "system"
+    },
+    {
       "Controller": "cpu",
       "Path": "/dev/cpuctl",
       "Mode": "0755",
@@ -32,12 +39,6 @@
       {
         "Controller": "freezer",
         "Path": "."
-      },
-      {
-        "Controller": "io",
-        "Path": ".",
-        "NeedsActivation": true,
-        "Optional": true
       }
     ]
   }
diff --git a/libprocessgroup/profiles/task_profiles.json b/libprocessgroup/profiles/task_profiles.json
index f2ef316..1fc66ba 100644
--- a/libprocessgroup/profiles/task_profiles.json
+++ b/libprocessgroup/profiles/task_profiles.json
@@ -76,26 +76,6 @@
       "Name": "FreezerState",
       "Controller": "freezer",
       "File": "cgroup.freeze"
-    },
-    {
-      "Name": "BfqWeight",
-      "Controller": "io",
-      "File": "io.bfq.weight"
-    },
-    {
-      "Name": "CfqGroupIdle",
-      "Controller": "io",
-      "File": "io.group_idle"
-    },
-    {
-      "Name": "CfqWeight",
-      "Controller": "io",
-      "File": "io.weight"
-    },
-    {
-      "Name": "IoPrioClass",
-      "Controller": "io",
-      "File": "io.prio.class"
     }
   ],
 
@@ -459,39 +439,11 @@
       "Name": "LowIoPriority",
       "Actions": [
         {
-          "Name": "SetAttribute",
+          "Name": "JoinCgroup",
           "Params":
           {
-            "Name": "BfqWeight",
-            "Value": "10",
-            "Optional": "true"
-          }
-        },
-        {
-          "Name": "SetAttribute",
-          "Params":
-          {
-            "Name": "CfqGroupIdle",
-            "Value": "0",
-            "Optional": "true"
-          }
-        },
-        {
-          "Name": "SetAttribute",
-          "Params":
-          {
-            "Name": "CfqWeight",
-            "Value": "200",
-            "Optional": "true"
-          }
-        },
-        {
-          "Name": "SetAttribute",
-          "Params":
-          {
-            "Name": "IoPrioClass",
-            "Value": "restrict-to-be",
-            "Optional": "true"
+            "Controller": "blkio",
+            "Path": "background"
           }
         }
       ]
@@ -500,39 +452,11 @@
       "Name": "NormalIoPriority",
       "Actions": [
         {
-          "Name": "SetAttribute",
+          "Name": "JoinCgroup",
           "Params":
           {
-            "Name": "BfqWeight",
-            "Value": "100",
-            "Optional": "true"
-          }
-        },
-        {
-          "Name": "SetAttribute",
-          "Params":
-          {
-            "Name": "CfqGroupIdle",
-            "Value": "0",
-            "Optional": "true"
-          }
-        },
-        {
-          "Name": "SetAttribute",
-          "Params":
-          {
-            "Name": "CfqWeight",
-            "Value": "1000",
-            "Optional": "true"
-          }
-        },
-        {
-          "Name": "SetAttribute",
-          "Params":
-          {
-            "Name": "IoPrioClass",
-            "Value": "restrict-to-be",
-            "Optional": "true"
+            "Controller": "blkio",
+            "Path": ""
           }
         }
       ]
@@ -541,39 +465,11 @@
       "Name": "HighIoPriority",
       "Actions": [
         {
-          "Name": "SetAttribute",
+          "Name": "JoinCgroup",
           "Params":
           {
-            "Name": "BfqWeight",
-            "Value": "100",
-            "Optional": "true"
-          }
-        },
-        {
-          "Name": "SetAttribute",
-          "Params":
-          {
-            "Name": "CfqGroupIdle",
-            "Value": "0",
-            "Optional": "true"
-          }
-        },
-        {
-          "Name": "SetAttribute",
-          "Params":
-          {
-            "Name": "CfqWeight",
-            "Value": "1000",
-            "Optional": "true"
-          }
-        },
-        {
-          "Name": "SetAttribute",
-          "Params":
-          {
-            "Name": "IoPrioClass",
-            "Value": "promote-to-rt",
-            "Optional": "true"
+            "Controller": "blkio",
+            "Path": ""
           }
         }
       ]
@@ -582,39 +478,11 @@
       "Name": "MaxIoPriority",
       "Actions": [
         {
-          "Name": "SetAttribute",
+          "Name": "JoinCgroup",
           "Params":
           {
-            "Name": "BfqWeight",
-            "Value": "100",
-            "Optional": "true"
-          }
-        },
-        {
-          "Name": "SetAttribute",
-          "Params":
-          {
-            "Name": "CfqGroupIdle",
-            "Value": "0",
-            "Optional": "true"
-          }
-        },
-        {
-          "Name": "SetAttribute",
-          "Params":
-          {
-            "Name": "CfqWeight",
-            "Value": "1000",
-            "Optional": "true"
-          }
-        },
-        {
-          "Name": "SetAttribute",
-          "Params":
-          {
-            "Name": "IoPrioClass",
-            "Value": "promote-to-rt",
-            "Optional": "true"
+            "Controller": "blkio",
+            "Path": ""
           }
         }
       ]
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 768e0ff..4c07c83 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -228,6 +228,26 @@
     write /dev/stune/nnapi-hal/schedtune.boost 1
     write /dev/stune/nnapi-hal/schedtune.prefer_idle 1
 
+    # Create blkio group and apply initial settings.
+    # This feature needs kernel to support it, and the
+    # device's init.rc must actually set the correct values.
+    mkdir /dev/blkio/background
+    chown system system /dev/blkio
+    chown system system /dev/blkio/background
+    chown system system /dev/blkio/tasks
+    chown system system /dev/blkio/background/tasks
+    chown system system /dev/blkio/cgroup.procs
+    chown system system /dev/blkio/background/cgroup.procs
+    chmod 0664 /dev/blkio/tasks
+    chmod 0664 /dev/blkio/background/tasks
+    chmod 0664 /dev/blkio/cgroup.procs
+    chmod 0664 /dev/blkio/background/cgroup.procs
+    write /dev/blkio/blkio.weight 1000
+    write /dev/blkio/background/blkio.weight 200
+    write /dev/blkio/background/blkio.bfq.weight 10
+    write /dev/blkio/blkio.group_idle 0
+    write /dev/blkio/background/blkio.group_idle 0
+
     restorecon_recursive /mnt
 
     mount configfs none /config nodev noexec nosuid
@@ -781,6 +801,7 @@
     mkdir /data/misc/apns 0770 system radio
     mkdir /data/misc/emergencynumberdb 0770 system radio
     mkdir /data/misc/network_watchlist 0774 system system
+    mkdir /data/misc/telephonyconfig 0770 system radio
     mkdir /data/misc/textclassifier 0771 system system
     mkdir /data/misc/vpn 0770 system vpn
     mkdir /data/misc/shared_relro 0771 shared_relro shared_relro
diff --git a/trusty/fuzz/Android.bp b/trusty/fuzz/Android.bp
index 5d0ff79..8a93e5e 100644
--- a/trusty/fuzz/Android.bp
+++ b/trusty/fuzz/Android.bp
@@ -41,9 +41,6 @@
         "utils.cpp",
     ],
     export_include_dirs: ["include"],
-    static_libs: [
-        "libFuzzer",
-    ],
     shared_libs: [
         "libtrusty_coverage",
         "libbase",
diff --git a/trusty/fuzz/counters.cpp b/trusty/fuzz/counters.cpp
index 65a3ba6..e730ec3 100644
--- a/trusty/fuzz/counters.cpp
+++ b/trusty/fuzz/counters.cpp
@@ -16,12 +16,12 @@
 
 #define LOG_TAG "trusty-fuzz-counters"
 
-#include <FuzzerDefs.h>
-
 #include <trusty/fuzz/counters.h>
 
 #include <android-base/logging.h>
+#include <assert.h>
 #include <log/log.h>
+#include <string.h>
 #include <trusty/coverage/coverage.h>
 #include <trusty/coverage/tipc.h>
 
@@ -45,9 +45,6 @@
         return;
     }
 
-    assert(fuzzer::ExtraCountersBegin());
-    assert(fuzzer::ExtraCountersEnd());
-
     volatile uint8_t* begin = NULL;
     volatile uint8_t* end = NULL;
     record_->GetRawCounts(&begin, &end);
@@ -66,9 +63,8 @@
     if (!record_->IsOpen()) {
         return;
     }
-
     record_->ResetCounts();
-    fuzzer::ClearExtraCounters();
+    memset_explicit(const_cast<uint8_t*>(counters), 0, sizeof(counters));
 }
 
 void ExtraCounters::Flush() {
diff --git a/trusty/fuzz/tipc_fuzzer.cpp b/trusty/fuzz/tipc_fuzzer.cpp
index edc2a79..f265ced 100644
--- a/trusty/fuzz/tipc_fuzzer.cpp
+++ b/trusty/fuzz/tipc_fuzzer.cpp
@@ -14,8 +14,6 @@
  * limitations under the License.
  */
 
-#include <android-base/result.h>
-#include <fuzzer/FuzzedDataProvider.h>
 #include <stdlib.h>
 #include <trusty/coverage/coverage.h>
 #include <trusty/coverage/uuid.h>
@@ -25,7 +23,6 @@
 #include <iostream>
 #include <memory>
 
-using android::base::Result;
 using android::trusty::coverage::CoverageRecord;
 using android::trusty::fuzz::ExtraCounters;
 using android::trusty::fuzz::TrustyApp;
@@ -44,14 +41,7 @@
 #error "Binary file name must be parameterized using -DTRUSTY_APP_FILENAME."
 #endif
 
-#ifdef TRUSTY_APP_MAX_CONNECTIONS
-constexpr size_t MAX_CONNECTIONS = TRUSTY_APP_MAX_CONNECTIONS;
-#else
-constexpr size_t MAX_CONNECTIONS = 1;
-#endif
-
-static_assert(MAX_CONNECTIONS >= 1);
-
+static TrustyApp kTrustyApp(TIPC_DEV, TRUSTY_APP_PORT);
 static std::unique_ptr<CoverageRecord> record;
 
 extern "C" int LLVMFuzzerInitialize(int* /* argc */, char*** /* argv */) {
@@ -63,8 +53,7 @@
     }
 
     /* Make sure lazy-loaded TAs have started and connected to coverage service. */
-    TrustyApp ta(TIPC_DEV, TRUSTY_APP_PORT);
-    auto ret = ta.Connect();
+    auto ret = kTrustyApp.Connect();
     if (!ret.ok()) {
         std::cerr << ret.error() << std::endl;
         exit(-1);
@@ -84,56 +73,24 @@
     return 0;
 }
 
-Result<void> testOneInput(FuzzedDataProvider& provider) {
-    std::vector<TrustyApp> trustyApps;
-
-    while (provider.remaining_bytes() > 0) {
-        if (trustyApps.size() < MAX_CONNECTIONS && provider.ConsumeBool()) {
-            auto& ta = trustyApps.emplace_back(TIPC_DEV, TRUSTY_APP_PORT);
-            const auto result = ta.Connect();
-            if (!result.ok()) {
-                return result;
-            }
-        } else {
-            const auto i = provider.ConsumeIntegralInRange<size_t>(0, trustyApps.size());
-            std::swap(trustyApps[i], trustyApps.back());
-
-            if (provider.ConsumeBool()) {
-                auto& ta = trustyApps.back();
-
-                const auto data = provider.ConsumeRandomLengthString();
-                auto result = ta.Write(data.data(), data.size());
-                if (!result.ok()) {
-                    return result;
-                }
-
-                std::array<uint8_t, TIPC_MAX_MSG_SIZE> buf;
-                result = ta.Read(buf.data(), buf.size());
-                if (!result.ok()) {
-                    return result;
-                }
-
-                // Reconnect to ensure that the service is still up.
-                ta.Disconnect();
-                result = ta.Connect();
-                if (!result.ok()) {
-                    std::cerr << result.error() << std::endl;
-                    android::trusty::fuzz::Abort();
-                    return result;
-                }
-            } else {
-                trustyApps.pop_back();
-            }
-        }
-    }
-    return {};
-}
-
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+    static uint8_t buf[TIPC_MAX_MSG_SIZE];
+
     ExtraCounters counters(record.get());
     counters.Reset();
 
-    FuzzedDataProvider provider(data, size);
-    const auto result = testOneInput(provider);
-    return result.ok() ? 0 : -1;
+    auto ret = kTrustyApp.Write(data, size);
+    if (ret.ok()) {
+        ret = kTrustyApp.Read(&buf, sizeof(buf));
+    }
+
+    // Reconnect to ensure that the service is still up
+    kTrustyApp.Disconnect();
+    ret = kTrustyApp.Connect();
+    if (!ret.ok()) {
+        std::cerr << ret.error() << std::endl;
+        android::trusty::fuzz::Abort();
+    }
+
+    return ret.ok() ? 0 : -1;
 }
diff --git a/trusty/secretkeeper/Android.bp b/trusty/secretkeeper/Android.bp
index f6b740a..6523eda 100644
--- a/trusty/secretkeeper/Android.bp
+++ b/trusty/secretkeeper/Android.bp
@@ -28,12 +28,13 @@
     ],
     rustlibs: [
         "libandroid_logger",
-        "libbinder_rs",
         "libauthgraph_hal",
-        "libtrusty-rs",
+        "libauthgraph_wire",
+        "libbinder_rs",
         "liblibc",
         "liblog_rust",
         "libsecretkeeper_hal",
+        "libtrusty-rs",
     ],
     defaults: [
         "secretkeeper_use_latest_hal_aidl_rust",
diff --git a/trusty/secretkeeper/src/hal_main.rs b/trusty/secretkeeper/src/hal_main.rs
index 9439c36..1dc697d 100644
--- a/trusty/secretkeeper/src/hal_main.rs
+++ b/trusty/secretkeeper/src/hal_main.rs
@@ -14,7 +14,8 @@
 // limitations under the License.
 
 //! This module implements the HAL service for Secretkeeper in Trusty.
-use authgraph_hal::{channel::SerializedChannel};
+use authgraph_hal::channel::SerializedChannel;
+use authgraph_wire::fragmentation::{Fragmenter, Reassembler};
 use secretkeeper_hal::SecretkeeperService;
 use android_hardware_security_secretkeeper::aidl::android::hardware::security::secretkeeper::ISecretkeeper::{
     ISecretkeeper, BpSecretkeeper,
@@ -22,6 +23,7 @@
 use log::{error, info};
 use std::{
     ffi::CString,
+    fmt::Debug,
     panic,
     sync::{Arc, Mutex},
 };
@@ -29,6 +31,7 @@
 
 const SK_TIPC_SERVICE_PORT: &str = "com.android.trusty.secretkeeper";
 const AG_TIPC_SERVICE_PORT: &str = "com.android.trusty.secretkeeper.authgraph";
+const TIPC_MAX_SIZE: usize = 4000;
 
 static SERVICE_INSTANCE: &str = "default";
 
@@ -47,38 +50,43 @@
     }
 }
 
+fn binderr<E: Debug>(msg: &str, e: E) -> binder::Status {
+    binder::Status::new_exception(
+        binder::ExceptionCode::TRANSACTION_FAILED,
+        Some(&CString::new(format!("Failed to {msg} via tipc channel: {e:?}",)).unwrap()),
+    )
+}
+
 impl SerializedChannel for TipcChannel {
-    const MAX_SIZE: usize = 4000;
+    // No maximum size for messages passed to `execute()` because it performs fragmentation
+    // and reassembly internally.
+    const MAX_SIZE: usize = usize::MAX;
+
     fn execute(&self, req_data: &[u8]) -> binder::Result<Vec<u8>> {
         // Hold lock across both request and response.
         let mut channel = self.channel.lock().unwrap();
-        channel.send(req_data).map_err(|e| {
-            binder::Status::new_exception(
-                binder::ExceptionCode::TRANSACTION_FAILED,
-                Some(
-                    &CString::new(format!(
-                        "Failed to send the request via tipc channel because of {:?}",
-                        e
-                    ))
-                    .unwrap(),
-                ),
-            )
-        })?;
-        // TODO: cope with fragmentation and reassembly
-        let mut rsp_data = Vec::new();
-        channel.recv(&mut rsp_data).map_err(|e| {
-            binder::Status::new_exception(
-                binder::ExceptionCode::TRANSACTION_FAILED,
-                Some(
-                    &CString::new(format!(
-                        "Failed to receive the response via tipc channel because of {:?}",
-                        e
-                    ))
-                    .unwrap(),
-                ),
-            )
-        })?;
-        Ok(rsp_data)
+        let mut pending_rsp = Reassembler::default();
+
+        // Break request message into fragments to send.
+        for req_frag in Fragmenter::new(req_data, TIPC_MAX_SIZE) {
+            channel.send(&req_frag).map_err(|e| binderr("send request", e))?;
+
+            // Every request gets a response.
+            let mut rsp_frag = Vec::new();
+            channel.recv(&mut rsp_frag).map_err(|e| binderr("receive response", e))?;
+
+            if let Some(full_rsp) = pending_rsp.accumulate(&rsp_frag) {
+                return Ok(full_rsp.to_vec());
+            }
+        }
+        // There may be additional response fragments to receive.
+        loop {
+            let mut rsp_frag = Vec::new();
+            channel.recv(&mut rsp_frag).map_err(|e| binderr("receive response", e))?;
+            if let Some(full_rsp) = pending_rsp.accumulate(&rsp_frag) {
+                return Ok(full_rsp.to_vec());
+            }
+        }
     }
 }