diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-06-20 14:11:22 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-06-20 14:11:22 +0000 |
commit | db3cb946c2939dbb909bec05eb288370ee668cc2 (patch) | |
tree | 9c2b3ceec671c438d6142f295dea1815f0fa98d3 | |
parent | f311711f8e163c0871e89cd50624ef2c9ac03bec (diff) | |
parent | ae04e7ede1d6e5dd914e3be099b85b586cefa905 (diff) | |
download | core-android13-frc-documentsui-release.tar.gz |
Snap for 8745897 from ae04e7ede1d6e5dd914e3be099b85b586cefa905 to tm-frc-documentsui-releaset_frc_doc_330543000t_frc_doc_330443060t_frc_doc_330443000android13-frc-documentsui-release
Change-Id: I1de9842bbaa8f06ccc774429f32759b11d015bba
-rw-r--r-- | fs_mgr/libsnapshot/snapshot.cpp | 17 | ||||
-rw-r--r-- | fs_mgr/libsnapshot/snapshot_test.cpp | 23 | ||||
-rw-r--r-- | trusty/keymaster/TrustyKeymaster.cpp | 6 | ||||
-rw-r--r-- | trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h | 1 | ||||
-rw-r--r-- | trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h | 1 | ||||
-rw-r--r-- | trusty/keymaster/keymint/TrustyKeyMintDevice.cpp | 17 |
6 files changed, 55 insertions, 10 deletions
diff --git a/fs_mgr/libsnapshot/snapshot.cpp b/fs_mgr/libsnapshot/snapshot.cpp index a83f535b2..019b64a44 100644 --- a/fs_mgr/libsnapshot/snapshot.cpp +++ b/fs_mgr/libsnapshot/snapshot.cpp @@ -3273,8 +3273,21 @@ Return SnapshotManager::CreateUpdateSnapshots(const DeltaArchiveManifest& manife snapuserd_client_ = nullptr; } } else { - status.set_userspace_snapshots(!IsDmSnapshotTestingEnabled()); - if (IsDmSnapshotTestingEnabled()) { + bool userSnapshotsEnabled = true; + const std::string UNKNOWN = "unknown"; + const std::string vendor_release = android::base::GetProperty( + "ro.vendor.build.version.release_or_codename", UNKNOWN); + + // No user-space snapshots if vendor partition is on Android 12 + if (vendor_release.find("12") != std::string::npos) { + LOG(INFO) << "Userspace snapshots disabled as vendor partition is on Android: " + << vendor_release; + userSnapshotsEnabled = false; + } + + userSnapshotsEnabled = (userSnapshotsEnabled && !IsDmSnapshotTestingEnabled()); + status.set_userspace_snapshots(userSnapshotsEnabled); + if (!userSnapshotsEnabled) { is_snapshot_userspace_ = false; LOG(INFO) << "User-space snapshots disabled for testing"; } else { diff --git a/fs_mgr/libsnapshot/snapshot_test.cpp b/fs_mgr/libsnapshot/snapshot_test.cpp index 36abf712b..6a348b4e5 100644 --- a/fs_mgr/libsnapshot/snapshot_test.cpp +++ b/fs_mgr/libsnapshot/snapshot_test.cpp @@ -91,7 +91,7 @@ std::string fake_super; void MountMetadata(); bool ShouldUseCompression(); -bool ShouldUseUserspaceSnapshots(); +bool IsDaemonRequired(); class SnapshotTest : public ::testing::Test { public: @@ -1208,7 +1208,7 @@ TEST_F(SnapshotUpdateTest, FullUpdateFlow) { // Initiate the merge and wait for it to be completed. ASSERT_TRUE(init->InitiateMerge()); - ASSERT_EQ(init->IsSnapuserdRequired(), ShouldUseUserspaceSnapshots()); + ASSERT_EQ(init->IsSnapuserdRequired(), IsDaemonRequired()); { // We should have started in SECOND_PHASE since nothing shrinks. ASSERT_TRUE(AcquireLock()); @@ -1342,7 +1342,7 @@ TEST_F(SnapshotUpdateTest, SpaceSwapUpdate) { // Initiate the merge and wait for it to be completed. ASSERT_TRUE(init->InitiateMerge()); - ASSERT_EQ(init->IsSnapuserdRequired(), ShouldUseUserspaceSnapshots()); + ASSERT_EQ(init->IsSnapuserdRequired(), IsDaemonRequired()); { // Check that the merge phase is FIRST_PHASE until at least one call // to ProcessUpdateState() occurs. @@ -1450,7 +1450,7 @@ TEST_F(SnapshotUpdateTest, ConsistencyCheckResume) { // Initiate the merge and wait for it to be completed. ASSERT_TRUE(init->InitiateMerge()); - ASSERT_EQ(init->IsSnapuserdRequired(), ShouldUseUserspaceSnapshots()); + ASSERT_EQ(init->IsSnapuserdRequired(), IsDaemonRequired()); { // Check that the merge phase is FIRST_PHASE until at least one call // to ProcessUpdateState() occurs. @@ -2750,13 +2750,26 @@ void SnapshotTestEnvironment::TearDown() { } } -bool ShouldUseUserspaceSnapshots() { +bool IsDaemonRequired() { if (FLAGS_force_config == "dmsnap") { return false; } + + const std::string UNKNOWN = "unknown"; + const std::string vendor_release = + android::base::GetProperty("ro.vendor.build.version.release_or_codename", UNKNOWN); + + // No userspace snapshots if vendor partition is on Android 12 + // However, for GRF devices, snapuserd daemon will be on + // vendor ramdisk in Android 12. + if (vendor_release.find("12") != std::string::npos) { + return true; + } + if (!FLAGS_force_config.empty()) { return true; } + return IsUserspaceSnapshotsEnabled(); } diff --git a/trusty/keymaster/TrustyKeymaster.cpp b/trusty/keymaster/TrustyKeymaster.cpp index cdfbd9003..e77940a1f 100644 --- a/trusty/keymaster/TrustyKeymaster.cpp +++ b/trusty/keymaster/TrustyKeymaster.cpp @@ -279,4 +279,10 @@ ConfigureVendorPatchlevelResponse TrustyKeymaster::ConfigureVendorPatchlevel( return response; } +GetRootOfTrustResponse TrustyKeymaster::GetRootOfTrust(const GetRootOfTrustRequest& request) { + GetRootOfTrustResponse response(message_version()); + ForwardCommand(KM_GET_ROOT_OF_TRUST, request, &response); + return response; +} + } // namespace keymaster diff --git a/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h index f80e02f37..9f4f39bf5 100644 --- a/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h +++ b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h @@ -66,6 +66,7 @@ class TrustyKeymaster { DeviceLockedResponse DeviceLocked(const DeviceLockedRequest& request); ConfigureVendorPatchlevelResponse ConfigureVendorPatchlevel( const ConfigureVendorPatchlevelRequest& request); + GetRootOfTrustResponse GetRootOfTrust(const GetRootOfTrustRequest& request); uint32_t message_version() const { return message_version_; } diff --git a/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h b/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h index fa475ae90..bf0cb703f 100644 --- a/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h +++ b/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h @@ -59,6 +59,7 @@ enum keymaster_command : uint32_t { KM_GENERATE_RKP_KEY = (31 << KEYMASTER_REQ_SHIFT), KM_GENERATE_CSR = (32 << KEYMASTER_REQ_SHIFT), KM_CONFIGURE_VENDOR_PATCHLEVEL = (33 << KEYMASTER_REQ_SHIFT), + KM_GET_ROOT_OF_TRUST = (34 << KEYMASTER_REQ_SHIFT), // Bootloader/provisioning calls. KM_SET_BOOT_PARAMS = (0x1000 << KEYMASTER_REQ_SHIFT), diff --git a/trusty/keymaster/keymint/TrustyKeyMintDevice.cpp b/trusty/keymaster/keymint/TrustyKeyMintDevice.cpp index 44780e835..7d58162cc 100644 --- a/trusty/keymaster/keymint/TrustyKeyMintDevice.cpp +++ b/trusty/keymaster/keymint/TrustyKeyMintDevice.cpp @@ -325,9 +325,20 @@ ScopedAStatus TrustyKeyMintDevice::getRootOfTrustChallenge(array<uint8_t, 16>* / return kmError2ScopedAStatus(KM_ERROR_UNIMPLEMENTED); } -ScopedAStatus TrustyKeyMintDevice::getRootOfTrust(const array<uint8_t, 16>& /* challenge */, - vector<uint8_t>* /* rootOfTrust */) { - return kmError2ScopedAStatus(KM_ERROR_UNIMPLEMENTED); +ScopedAStatus TrustyKeyMintDevice::getRootOfTrust(const array<uint8_t, 16>& challenge, + vector<uint8_t>* rootOfTrust) { + if (!rootOfTrust) { + return kmError2ScopedAStatus(KM_ERROR_UNEXPECTED_NULL_POINTER); + } + keymaster::GetRootOfTrustRequest request(impl_->message_version(), + {challenge.begin(), challenge.end()}); + keymaster::GetRootOfTrustResponse response = impl_->GetRootOfTrust(request); + if (response.error != KM_ERROR_OK) { + return kmError2ScopedAStatus(response.error); + } + + *rootOfTrust = std::move(response.rootOfTrust); + return ScopedAStatus::ok(); } ScopedAStatus TrustyKeyMintDevice::sendRootOfTrust(const vector<uint8_t>& /* rootOfTrust */) { |