Merge "lmkd: Do not downgrade/ignore events when swap is full"
diff --git a/adb/Android.bp b/adb/Android.bp
index 906c5e3..a18dc1a 100644
--- a/adb/Android.bp
+++ b/adb/Android.bp
@@ -449,21 +449,20 @@
test_suites: ["device-tests"],
}
-python_binary_host {
+python_test_host {
name: "adb_integration_test_adb",
main: "test_adb.py",
srcs: [
"test_adb.py",
],
- libs: [
- "adb_py",
- ],
+ test_config: "adb_integration_test_adb.xml",
+ test_suites: ["general-tests"],
version: {
py2: {
- enabled: true,
+ enabled: false,
},
py3: {
- enabled: false,
+ enabled: true,
},
},
}
diff --git a/adb/adb.cpp b/adb/adb.cpp
index a8fe736..8e028f4 100644
--- a/adb/adb.cpp
+++ b/adb/adb.cpp
@@ -1044,7 +1044,7 @@
return 0;
}
-int handle_host_request(const char* service, TransportType type, const char* serial,
+bool handle_host_request(const char* service, TransportType type, const char* serial,
TransportId transport_id, int reply_fd, asocket* s) {
if (strcmp(service, "kill") == 0) {
fprintf(stderr, "adb server killed by remote request\n");
@@ -1070,7 +1070,7 @@
transport_id = strtoll(service, const_cast<char**>(&service), 10);
if (*service != '\0') {
SendFail(reply_fd, "invalid transport id");
- return 1;
+ return true;
}
} else if (!strncmp(service, "transport-usb", strlen("transport-usb"))) {
type = kTransportUsb;
@@ -1088,10 +1088,13 @@
if (t != nullptr) {
s->transport = t;
SendOkay(reply_fd);
+
+ // We succesfully handled the device selection, but there's another request coming.
+ return false;
} else {
SendFail(reply_fd, error);
+ return true;
}
- return 1;
}
// return a list of all connected devices
@@ -1101,9 +1104,9 @@
D("Getting device list...");
std::string device_list = list_transports(long_listing);
D("Sending device list...");
- return SendOkay(reply_fd, device_list);
+ SendOkay(reply_fd, device_list);
}
- return 1;
+ return true;
}
if (!strcmp(service, "reconnect-offline")) {
@@ -1119,7 +1122,7 @@
response.resize(response.size() - 1);
}
SendOkay(reply_fd, response);
- return 0;
+ return true;
}
if (!strcmp(service, "features")) {
@@ -1130,7 +1133,7 @@
} else {
SendFail(reply_fd, error);
}
- return 0;
+ return true;
}
if (!strcmp(service, "host-features")) {
@@ -1141,7 +1144,7 @@
}
features.insert(kFeaturePushSync);
SendOkay(reply_fd, FeatureSetToString(features));
- return 0;
+ return true;
}
// remove TCP transport
@@ -1149,7 +1152,8 @@
const std::string address(service + 11);
if (address.empty()) {
kick_all_tcp_devices();
- return SendOkay(reply_fd, "disconnected everything");
+ SendOkay(reply_fd, "disconnected everything");
+ return true;
}
std::string serial;
@@ -1157,21 +1161,24 @@
int port = DEFAULT_ADB_LOCAL_TRANSPORT_PORT;
std::string error;
if (!android::base::ParseNetAddress(address, &host, &port, &serial, &error)) {
- return SendFail(reply_fd, android::base::StringPrintf("couldn't parse '%s': %s",
- address.c_str(), error.c_str()));
+ SendFail(reply_fd, android::base::StringPrintf("couldn't parse '%s': %s",
+ address.c_str(), error.c_str()));
+ return true;
}
atransport* t = find_transport(serial.c_str());
if (t == nullptr) {
- return SendFail(reply_fd, android::base::StringPrintf("no such device '%s'",
- serial.c_str()));
+ SendFail(reply_fd, android::base::StringPrintf("no such device '%s'", serial.c_str()));
+ return true;
}
kick_transport(t);
- return SendOkay(reply_fd, android::base::StringPrintf("disconnected %s", address.c_str()));
+ SendOkay(reply_fd, android::base::StringPrintf("disconnected %s", address.c_str()));
+ return true;
}
// Returns our value for ADB_SERVER_VERSION.
if (!strcmp(service, "version")) {
- return SendOkay(reply_fd, android::base::StringPrintf("%04x", ADB_SERVER_VERSION));
+ SendOkay(reply_fd, android::base::StringPrintf("%04x", ADB_SERVER_VERSION));
+ return true;
}
// These always report "unknown" rather than the actual error, for scripts.
@@ -1179,28 +1186,31 @@
std::string error;
atransport* t = acquire_one_transport(type, serial, transport_id, nullptr, &error);
if (t) {
- return SendOkay(reply_fd, !t->serial.empty() ? t->serial : "unknown");
+ SendOkay(reply_fd, !t->serial.empty() ? t->serial : "unknown");
} else {
- return SendFail(reply_fd, error);
+ SendFail(reply_fd, error);
}
+ return true;
}
if (!strcmp(service, "get-devpath")) {
std::string error;
atransport* t = acquire_one_transport(type, serial, transport_id, nullptr, &error);
if (t) {
- return SendOkay(reply_fd, !t->devpath.empty() ? t->devpath : "unknown");
+ SendOkay(reply_fd, !t->devpath.empty() ? t->devpath : "unknown");
} else {
- return SendFail(reply_fd, error);
+ SendFail(reply_fd, error);
}
+ return true;
}
if (!strcmp(service, "get-state")) {
std::string error;
atransport* t = acquire_one_transport(type, serial, transport_id, nullptr, &error);
if (t) {
- return SendOkay(reply_fd, t->connection_state_name());
+ SendOkay(reply_fd, t->connection_state_name());
} else {
- return SendFail(reply_fd, error);
+ SendFail(reply_fd, error);
}
+ return true;
}
// Indicates a new emulator instance has started.
@@ -1208,7 +1218,7 @@
int port = atoi(service+9);
local_connect(port);
/* we don't even need to send a reply */
- return 0;
+ return true;
}
if (!strcmp(service, "reconnect")) {
@@ -1219,7 +1229,8 @@
response =
"reconnecting " + t->serial_name() + " [" + t->connection_state_name() + "]\n";
}
- return SendOkay(reply_fd, response);
+ SendOkay(reply_fd, response);
+ return true;
}
if (handle_forward_request(service,
@@ -1228,10 +1239,10 @@
error);
},
reply_fd)) {
- return 0;
+ return true;
}
- return -1;
+ return false;
}
static auto& init_mutex = *new std::mutex();
diff --git a/adb/adb.h b/adb/adb.h
index e6af780..f434e2d 100644
--- a/adb/adb.h
+++ b/adb/adb.h
@@ -210,8 +210,8 @@
#define USB_FFS_ADB_IN USB_FFS_ADB_EP(ep2)
#endif
-int handle_host_request(const char* service, TransportType type, const char* serial,
- TransportId transport_id, int reply_fd, asocket* s);
+bool handle_host_request(const char* service, TransportType type, const char* serial,
+ TransportId transport_id, int reply_fd, asocket* s);
void handle_online(atransport* t);
void handle_offline(atransport* t);
diff --git a/adb/adb_integration_test_adb.xml b/adb/adb_integration_test_adb.xml
new file mode 100644
index 0000000..e722956
--- /dev/null
+++ b/adb/adb_integration_test_adb.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (C) 2018 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<configuration description="Config to run adb integration tests">
+ <option name="test-suite-tag" value="adb_tests" />
+ <option name="test-suite-tag" value="adb_integration" />
+ <target_preparer class="com.android.tradefed.targetprep.SemaphoreTokenTargetPreparer">
+ <option name="disable" value="false" />
+ </target_preparer>
+
+ <target_preparer class="com.android.tradefed.targetprep.adb.AdbStopServerPreparer" />
+ <test class="com.android.tradefed.testtype.python.PythonBinaryHostTest" >
+ <option name="par-file-name" value="adb_integration_test_adb" />
+ <option name="inject-android-serial" value="true" />
+ <option name="test-timeout" value="2m" />
+ </test>
+</configuration>
diff --git a/adb/client/auth.cpp b/adb/client/auth.cpp
index 5fbef09..71c19b8 100644
--- a/adb/client/auth.cpp
+++ b/adb/client/auth.cpp
@@ -465,6 +465,7 @@
if (key == nullptr) {
// No more private keys to try, send the public key.
t->SetConnectionState(kCsUnauthorized);
+ t->SetConnectionEstablished(true);
send_auth_publickey(t);
return;
}
diff --git a/adb/client/commandline.cpp b/adb/client/commandline.cpp
index da273fd..41ac663 100644
--- a/adb/client/commandline.cpp
+++ b/adb/client/commandline.cpp
@@ -1326,9 +1326,9 @@
}
int adb_commandline(int argc, const char** argv) {
- int no_daemon = 0;
- int is_daemon = 0;
- int is_server = 0;
+ bool no_daemon = false;
+ bool is_daemon = false;
+ bool is_server = false;
int r;
TransportType transport_type = kTransportAny;
int ack_reply_fd = -1;
@@ -1348,12 +1348,12 @@
while (argc > 0) {
if (!strcmp(argv[0],"server")) {
- is_server = 1;
+ is_server = true;
} else if (!strcmp(argv[0],"nodaemon")) {
- no_daemon = 1;
+ no_daemon = true;
} else if (!strcmp(argv[0], "fork-server")) {
/* this is a special flag used only when the ADB client launches the ADB Server */
- is_daemon = 1;
+ is_daemon = true;
} else if (!strcmp(argv[0], "--reply-fd")) {
if (argc < 2) return syntax_error("--reply-fd requires an argument");
const char* reply_fd_str = argv[1];
diff --git a/adb/client/main.cpp b/adb/client/main.cpp
index de6c723..095ad98 100644
--- a/adb/client/main.cpp
+++ b/adb/client/main.cpp
@@ -118,10 +118,20 @@
init_transport_registration();
init_reconnect_handler();
- init_mdns_transport_discovery();
- usb_init();
- local_init(DEFAULT_ADB_LOCAL_TRANSPORT_PORT);
+ if (!getenv("ADB_MDNS") || strcmp(getenv("ADB_MDNS"), "0") != 0) {
+ init_mdns_transport_discovery();
+ }
+
+ if (!getenv("ADB_USB") || strcmp(getenv("ADB_USB"), "0") != 0) {
+ usb_init();
+ } else {
+ adb_notify_device_scan_complete();
+ }
+
+ if (!getenv("ADB_EMU") || strcmp(getenv("ADB_EMU"), "0") != 0) {
+ local_init(DEFAULT_ADB_LOCAL_TRANSPORT_PORT);
+ }
std::string error;
diff --git a/adb/daemon/remount_service.cpp b/adb/daemon/remount_service.cpp
index 0e79d82..f7017dd 100644
--- a/adb/daemon/remount_service.cpp
+++ b/adb/daemon/remount_service.cpp
@@ -30,6 +30,7 @@
#include <sys/vfs.h>
#include <unistd.h>
+#include <memory>
#include <set>
#include <string>
#include <vector>
@@ -38,28 +39,30 @@
#include <bootloader_message/bootloader_message.h>
#include <cutils/android_reboot.h>
#include <ext4_utils/ext4_utils.h>
+#include <fs_mgr.h>
+#include <fs_mgr_overlayfs.h>
#include "adb.h"
#include "adb_io.h"
#include "adb_unique_fd.h"
#include "adb_utils.h"
-#include "fs_mgr.h"
#include "set_verity_enable_state_service.h"
-// Returns the device used to mount a directory in /proc/mounts.
+// Returns the last device used to mount a directory in /proc/mounts.
+// This will find overlayfs entry where upperdir=lowerdir, to make sure
+// remount is associated with the correct directory.
static std::string find_proc_mount(const char* dir) {
std::unique_ptr<FILE, int(*)(FILE*)> fp(setmntent("/proc/mounts", "r"), endmntent);
- if (!fp) {
- return "";
- }
+ std::string mnt_fsname;
+ if (!fp) return mnt_fsname;
mntent* e;
while ((e = getmntent(fp.get())) != nullptr) {
if (strcmp(dir, e->mnt_dir) == 0) {
- return e->mnt_fsname;
+ mnt_fsname = e->mnt_fsname;
}
}
- return "";
+ return mnt_fsname;
}
// Returns the device used to mount a directory in the fstab.
@@ -81,6 +84,7 @@
}
bool make_block_device_writable(const std::string& dev) {
+ if ((dev == "overlay") || (dev == "overlayfs")) return true;
int fd = unix_open(dev.c_str(), O_RDONLY | O_CLOEXEC);
if (fd == -1) {
return false;
@@ -234,6 +238,14 @@
partitions.push_back("/system");
}
+ bool verity_enabled = (system_verified || vendor_verified);
+
+ // If we can use overlayfs, lets get it in place first
+ // before we struggle with determining deduplication operations.
+ if (!verity_enabled && fs_mgr_overlayfs_setup() && fs_mgr_overlayfs_mount_all()) {
+ WriteFdExactly(fd.get(), "overlayfs mounted\n");
+ }
+
// Find partitions that are deduplicated, and can be un-deduplicated.
std::set<std::string> dedup;
for (const auto& partition : partitions) {
@@ -246,8 +258,6 @@
}
}
- bool verity_enabled = (system_verified || vendor_verified);
-
// Reboot now if the user requested it (and an operation needs a reboot).
if (user_requested_reboot) {
if (!dedup.empty() || verity_enabled) {
diff --git a/adb/daemon/services.cpp b/adb/daemon/services.cpp
index dfcc52d..8417690 100644
--- a/adb/daemon/services.cpp
+++ b/adb/daemon/services.cpp
@@ -26,6 +26,8 @@
#include <stdlib.h>
#include <string.h>
#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <sys/un.h>
#include <unistd.h>
#include <thread>
@@ -96,41 +98,44 @@
void reboot_service(unique_fd fd, const std::string& arg) {
std::string reboot_arg = arg;
- bool auto_reboot = false;
-
- if (reboot_arg == "sideload-auto-reboot") {
- auto_reboot = true;
- reboot_arg = "sideload";
- }
-
- // It reboots into sideload mode by setting "--sideload" or "--sideload_auto_reboot"
- // in the command file.
- if (reboot_arg == "sideload") {
- if (getuid() != 0) {
- WriteFdExactly(fd.get(), "'adb root' is required for 'adb reboot sideload'.\n");
- return;
- }
-
- const std::vector<std::string> options = {auto_reboot ? "--sideload_auto_reboot"
- : "--sideload"};
- std::string err;
- if (!write_bootloader_message(options, &err)) {
- D("Failed to set bootloader message: %s", err.c_str());
- return;
- }
-
- reboot_arg = "recovery";
- }
-
sync();
if (reboot_arg.empty()) reboot_arg = "adb";
std::string reboot_string = android::base::StringPrintf("reboot,%s", reboot_arg.c_str());
- if (!android::base::SetProperty(ANDROID_RB_PROPERTY, reboot_string)) {
- WriteFdFmt(fd.get(), "reboot (%s) failed\n", reboot_string.c_str());
- return;
- }
+ if (reboot_arg == "fastboot" && access("/dev/socket/recovery", F_OK) == 0) {
+ LOG(INFO) << "Recovery specific reboot fastboot";
+ /*
+ * The socket is created to allow switching between recovery and
+ * fastboot.
+ */
+ android::base::unique_fd sock(socket(AF_UNIX, SOCK_STREAM, 0));
+ if (sock < 0) {
+ WriteFdFmt(fd, "reboot (%s) create\n", strerror(errno));
+ PLOG(ERROR) << "Creating recovery socket failed";
+ return;
+ }
+
+ sockaddr_un addr = {.sun_family = AF_UNIX};
+ strncpy(addr.sun_path, "/dev/socket/recovery", sizeof(addr.sun_path) - 1);
+ if (connect(sock, reinterpret_cast<sockaddr*>(&addr), sizeof(addr)) == -1) {
+ WriteFdFmt(fd, "reboot (%s) connect\n", strerror(errno));
+ PLOG(ERROR) << "Couldn't connect to recovery socket";
+ return;
+ }
+ const char msg_switch_to_fastboot = 'f';
+ auto ret = adb_write(sock, &msg_switch_to_fastboot, sizeof(msg_switch_to_fastboot));
+ if (ret != sizeof(msg_switch_to_fastboot)) {
+ WriteFdFmt(fd, "reboot (%s) write\n", strerror(errno));
+ PLOG(ERROR) << "Couldn't write message to recovery socket to switch to fastboot";
+ return;
+ }
+ } else {
+ if (!android::base::SetProperty(ANDROID_RB_PROPERTY, reboot_string)) {
+ WriteFdFmt(fd.get(), "reboot (%s) failed\n", reboot_string.c_str());
+ return;
+ }
+ }
// Don't return early. Give the reboot command time to take effect
// to avoid messing up scripts which do "adb reboot && adb wait-for-device"
while (true) {
diff --git a/adb/daemon/set_verity_enable_state_service.cpp b/adb/daemon/set_verity_enable_state_service.cpp
index 2b6ec21..3676de5 100644
--- a/adb/daemon/set_verity_enable_state_service.cpp
+++ b/adb/daemon/set_verity_enable_state_service.cpp
@@ -19,6 +19,7 @@
#include "set_verity_enable_state_service.h"
#include "sysdeps.h"
+#include <errno.h>
#include <fcntl.h>
#include <inttypes.h>
#include <libavb_user/libavb_user.h>
@@ -28,12 +29,14 @@
#include <android-base/properties.h>
#include <android-base/stringprintf.h>
+#include <fs_mgr.h>
+#include <fs_mgr_overlayfs.h>
+#include <fstab/fstab.h>
#include <log/log_properties.h>
#include "adb.h"
#include "adb_io.h"
#include "adb_unique_fd.h"
-#include "fs_mgr.h"
#include "remount_service.h"
#include "fec/io.h"
@@ -46,6 +49,10 @@
static const bool kAllowDisableVerity = false;
#endif
+void suggest_run_adb_root(int fd) {
+ if (getuid() != 0) WriteFdExactly(fd, "Maybe run adb root?\n");
+}
+
/* Turn verity on/off */
static bool set_verity_enabled_state(int fd, const char* block_device, const char* mount_point,
bool enable) {
@@ -59,7 +66,7 @@
if (!fh) {
WriteFdFmt(fd, "Could not open block device %s (%s).\n", block_device, strerror(errno));
- WriteFdFmt(fd, "Maybe run adb root?\n");
+ suggest_run_adb_root(fd);
return false;
}
@@ -87,6 +94,17 @@
return false;
}
+ auto change = false;
+ errno = 0;
+ if (enable ? fs_mgr_overlayfs_teardown(mount_point, &change)
+ : fs_mgr_overlayfs_setup(nullptr, mount_point, &change)) {
+ if (change) {
+ WriteFdFmt(fd, "%s overlayfs for %s\n", enable ? "disabling" : "using", mount_point);
+ }
+ } else if (errno) {
+ WriteFdFmt(fd, "Overlayfs %s for %s failed with error %s\n", enable ? "teardown" : "setup",
+ mount_point, strerror(errno));
+ }
WriteFdFmt(fd, "Verity %s on %s\n", enable ? "enabled" : "disabled", mount_point);
return true;
}
@@ -103,6 +121,22 @@
return android::base::GetProperty("ro.boot.vbmeta.device_state", "") == "locked";
}
+static bool overlayfs_setup(int fd, bool enable) {
+ auto change = false;
+ errno = 0;
+ if (enable ? fs_mgr_overlayfs_teardown(nullptr, &change)
+ : fs_mgr_overlayfs_setup(nullptr, nullptr, &change)) {
+ if (change) {
+ WriteFdFmt(fd, "%s overlayfs\n", enable ? "disabling" : "using");
+ }
+ } else if (errno) {
+ WriteFdFmt(fd, "Overlayfs %s failed with error %s\n", enable ? "teardown" : "setup",
+ strerror(errno));
+ suggest_run_adb_root(fd);
+ }
+ return change;
+}
+
/* Use AVB to turn verity on/off */
static bool set_avb_verity_enabled_state(int fd, AvbOps* ops, bool enable_verity) {
std::string ab_suffix = get_ab_suffix();
@@ -128,6 +162,7 @@
return false;
}
+ overlayfs_setup(fd, enable_verity);
WriteFdFmt(fd, "Successfully %s verity\n", enable_verity ? "enabled" : "disabled");
return true;
}
@@ -150,6 +185,7 @@
}
if (!android::base::GetBoolProperty("ro.secure", false)) {
+ overlayfs_setup(fd, enable);
WriteFdExactly(fd.get(), "verity not enabled - ENG build\n");
return;
}
@@ -177,13 +213,14 @@
// Not using AVB - assume VB1.0.
// read all fstab entries at once from all sources
- fstab = fs_mgr_read_fstab_default();
+ if (!fstab) fstab = fs_mgr_read_fstab_default();
if (!fstab) {
- WriteFdExactly(fd.get(), "Failed to read fstab\nMaybe run adb root?\n");
+ WriteFdExactly(fd.get(), "Failed to read fstab\n");
+ suggest_run_adb_root(fd.get());
return;
}
- // Loop through entries looking for ones that vold manages.
+ // Loop through entries looking for ones that verity manages.
for (int i = 0; i < fstab->num_entries; i++) {
if (fs_mgr_is_verified(&fstab->recs[i])) {
if (set_verity_enabled_state(fd.get(), fstab->recs[i].blk_device,
@@ -193,6 +230,7 @@
}
}
}
+ if (!any_changed) any_changed = overlayfs_setup(fd, enable);
if (any_changed) {
WriteFdExactly(fd.get(), "Now reboot your device for settings to take effect\n");
diff --git a/adb/sockets.cpp b/adb/sockets.cpp
index 69b5180..1534792 100644
--- a/adb/sockets.cpp
+++ b/adb/sockets.cpp
@@ -685,13 +685,9 @@
if (service) {
asocket* s2;
- /* some requests are handled immediately -- in that
- ** case the handle_host_request() routine has sent
- ** the OKAY or FAIL message and all we have to do
- ** is clean up.
- */
- if (handle_host_request(service, type, serial, transport_id, s->peer->fd, s) == 0) {
- /* XXX fail message? */
+ // Some requests are handled immediately -- in that case the handle_host_request() routine
+ // has sent the OKAY or FAIL message and all we have to do is clean up.
+ if (handle_host_request(service, type, serial, transport_id, s->peer->fd, s)) {
D("SS(%d): handled host service '%s'", s->id, service);
goto fail;
}
diff --git a/adb/test_adb.py b/adb/test_adb.py
old mode 100644
new mode 100755
index ddd3ff0..86c13d0
--- a/adb/test_adb.py
+++ b/adb/test_adb.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
#
# Copyright (C) 2015 The Android Open Source Project
#
@@ -19,9 +19,7 @@
This differs from things in test_device.py in that there is no API for these
things. Most of these tests involve specific error messages or the help text.
"""
-from __future__ import print_function
-import binascii
import contextlib
import os
import random
@@ -30,10 +28,9 @@
import struct
import subprocess
import threading
+import time
import unittest
-import adb
-
@contextlib.contextmanager
def fake_adbd(protocol=socket.AF_INET, port=0):
@@ -42,61 +39,61 @@
serversock = socket.socket(protocol, socket.SOCK_STREAM)
serversock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
if protocol == socket.AF_INET:
- serversock.bind(('127.0.0.1', port))
+ serversock.bind(("127.0.0.1", port))
else:
- serversock.bind(('::1', port))
+ serversock.bind(("::1", port))
serversock.listen(1)
# A pipe that is used to signal the thread that it should terminate.
- readpipe, writepipe = os.pipe()
+ readsock, writesock = socket.socketpair()
- def _adb_packet(command, arg0, arg1, data):
- bin_command = struct.unpack('I', command)[0]
- buf = struct.pack('IIIIII', bin_command, arg0, arg1, len(data), 0,
+ def _adb_packet(command: bytes, arg0: int, arg1: int, data: bytes) -> bytes:
+ bin_command = struct.unpack("I", command)[0]
+ buf = struct.pack("IIIIII", bin_command, arg0, arg1, len(data), 0,
bin_command ^ 0xffffffff)
buf += data
return buf
- def _handle():
- rlist = [readpipe, serversock]
- cnxn_sent = {}
- while True:
- read_ready, _, _ = select.select(rlist, [], [])
- for ready in read_ready:
- if ready == readpipe:
- # Closure pipe
- os.close(ready)
- serversock.shutdown(socket.SHUT_RDWR)
- serversock.close()
- return
- elif ready == serversock:
- # Server socket
- conn, _ = ready.accept()
- rlist.append(conn)
- else:
- # Client socket
- data = ready.recv(1024)
- if not data or data.startswith('OPEN'):
+ def _handle(sock):
+ with contextlib.closing(sock) as serversock:
+ rlist = [readsock, serversock]
+ cnxn_sent = {}
+ while True:
+ read_ready, _, _ = select.select(rlist, [], [])
+ for ready in read_ready:
+ if ready == readsock:
+ # Closure pipe
+ for f in rlist:
+ f.close()
+ return
+ elif ready == serversock:
+ # Server socket
+ conn, _ = ready.accept()
+ rlist.append(conn)
+ else:
+ # Client socket
+ data = ready.recv(1024)
+ if not data or data.startswith(b"OPEN"):
+ if ready in cnxn_sent:
+ del cnxn_sent[ready]
+ ready.shutdown(socket.SHUT_RDWR)
+ ready.close()
+ rlist.remove(ready)
+ continue
if ready in cnxn_sent:
- del cnxn_sent[ready]
- ready.shutdown(socket.SHUT_RDWR)
- ready.close()
- rlist.remove(ready)
- continue
- if ready in cnxn_sent:
- continue
- cnxn_sent[ready] = True
- ready.sendall(_adb_packet('CNXN', 0x01000001, 1024 * 1024,
- 'device::ro.product.name=fakeadb'))
+ continue
+ cnxn_sent[ready] = True
+ ready.sendall(_adb_packet(b"CNXN", 0x01000001, 1024 * 1024,
+ b"device::ro.product.name=fakeadb"))
port = serversock.getsockname()[1]
- server_thread = threading.Thread(target=_handle)
+ server_thread = threading.Thread(target=_handle, args=(serversock,))
server_thread.start()
try:
- yield port
+ yield port, writesock
finally:
- os.close(writepipe)
+ writesock.close()
server_thread.join()
@@ -107,14 +104,15 @@
This automatically disconnects when done with the connection.
"""
- output = subprocess.check_output(['adb', 'connect', serial])
- unittest.assertEqual(output.strip(), 'connected to {}'.format(serial))
+ output = subprocess.check_output(["adb", "connect", serial])
+ unittest.assertEqual(output.strip(),
+ "connected to {}".format(serial).encode("utf8"))
try:
yield
finally:
# Perform best-effort disconnection. Discard the output.
- subprocess.Popen(['adb', 'disconnect', serial],
+ subprocess.Popen(["adb", "disconnect", serial],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE).communicate()
@@ -128,16 +126,17 @@
port = 5038
# Kill any existing server on this non-default port.
- subprocess.check_output(['adb', '-P', str(port), 'kill-server'],
+ subprocess.check_output(["adb", "-P", str(port), "kill-server"],
stderr=subprocess.STDOUT)
read_pipe, write_pipe = os.pipe()
- proc = subprocess.Popen(['adb', '-L', 'tcp:localhost:{}'.format(port),
- 'fork-server', 'server',
- '--reply-fd', str(write_pipe)])
+ os.set_inheritable(write_pipe, True)
+ proc = subprocess.Popen(["adb", "-L", "tcp:localhost:{}".format(port),
+ "fork-server", "server",
+ "--reply-fd", str(write_pipe)], close_fds=False)
try:
os.close(write_pipe)
greeting = os.read(read_pipe, 1024)
- assert greeting == 'OK\n', repr(greeting)
+ assert greeting == b"OK\n", repr(greeting)
yield port
finally:
proc.terminate()
@@ -150,35 +149,37 @@
def test_help(self):
"""Make sure we get _something_ out of help."""
out = subprocess.check_output(
- ['adb', 'help'], stderr=subprocess.STDOUT)
+ ["adb", "help"], stderr=subprocess.STDOUT)
self.assertGreater(len(out), 0)
def test_version(self):
"""Get a version number out of the output of adb."""
- lines = subprocess.check_output(['adb', 'version']).splitlines()
+ lines = subprocess.check_output(["adb", "version"]).splitlines()
version_line = lines[0]
- self.assertRegexpMatches(
- version_line, r'^Android Debug Bridge version \d+\.\d+\.\d+$')
+ self.assertRegex(
+ version_line, rb"^Android Debug Bridge version \d+\.\d+\.\d+$")
if len(lines) == 2:
# Newer versions of ADB have a second line of output for the
# version that includes a specific revision (git SHA).
revision_line = lines[1]
- self.assertRegexpMatches(
- revision_line, r'^Revision [0-9a-f]{12}-android$')
+ self.assertRegex(
+ revision_line, rb"^Revision [0-9a-f]{12}-android$")
def test_tcpip_error_messages(self):
"""Make sure 'adb tcpip' parsing is sane."""
- proc = subprocess.Popen(['adb', 'tcpip'], stdout=subprocess.PIPE,
+ proc = subprocess.Popen(["adb", "tcpip"],
+ stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
out, _ = proc.communicate()
self.assertEqual(1, proc.returncode)
- self.assertIn('requires an argument', out)
+ self.assertIn(b"requires an argument", out)
- proc = subprocess.Popen(['adb', 'tcpip', 'foo'], stdout=subprocess.PIPE,
+ proc = subprocess.Popen(["adb", "tcpip", "foo"],
+ stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
out, _ = proc.communicate()
self.assertEqual(1, proc.returncode)
- self.assertIn('invalid port', out)
+ self.assertIn(b"invalid port", out)
class ServerTest(unittest.TestCase):
@@ -214,12 +215,12 @@
port = 5038
# Kill any existing server on this non-default port.
- subprocess.check_output(['adb', '-P', str(port), 'kill-server'],
+ subprocess.check_output(["adb", "-P", str(port), "kill-server"],
stderr=subprocess.STDOUT)
try:
# Run the adb client and have it start the adb server.
- proc = subprocess.Popen(['adb', '-P', str(port), 'start-server'],
+ proc = subprocess.Popen(["adb", "-P", str(port), "start-server"],
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
@@ -229,14 +230,12 @@
stdout_thread = threading.Thread(
target=ServerTest._read_pipe_and_set_event,
args=(proc.stdout, stdout_event))
- stdout_thread.daemon = True
stdout_thread.start()
stderr_event = threading.Event()
stderr_thread = threading.Thread(
target=ServerTest._read_pipe_and_set_event,
args=(proc.stderr, stderr_event))
- stderr_thread.daemon = True
stderr_thread.start()
# Wait for the adb client to finish. Once that has occurred, if
@@ -250,7 +249,8 @@
# probably letting the adb server inherit stdin which would be
# wrong.
with self.assertRaises(IOError):
- proc.stdin.write('x')
+ proc.stdin.write(b"x")
+ proc.stdin.flush()
# Wait a few seconds for stdout/stderr to be closed (in the success
# case, this won't wait at all). If there is a timeout, that means
@@ -259,9 +259,11 @@
# inherit stdout/stderr which would be wrong.
self.assertTrue(stdout_event.wait(5), "adb stdout not closed")
self.assertTrue(stderr_event.wait(5), "adb stderr not closed")
+ stdout_thread.join()
+ stderr_thread.join()
finally:
# If we started a server, kill it.
- subprocess.check_output(['adb', '-P', str(port), 'kill-server'],
+ subprocess.check_output(["adb", "-P", str(port), "kill-server"],
stderr=subprocess.STDOUT)
@@ -271,7 +273,7 @@
def _reset_socket_on_close(self, sock):
"""Use SO_LINGER to cause TCP RST segment to be sent on socket close."""
# The linger structure is two shorts on Windows, but two ints on Unix.
- linger_format = 'hh' if os.name == 'nt' else 'ii'
+ linger_format = "hh" if os.name == "nt" else "ii"
l_onoff = 1
l_linger = 0
@@ -292,33 +294,33 @@
# Use SO_REUSEADDR so subsequent runs of the test can grab the port
# even if it is in TIME_WAIT.
listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
- listener.bind(('127.0.0.1', 0))
+ listener.bind(("127.0.0.1", 0))
listener.listen(4)
port = listener.getsockname()[1]
# Now that listening has started, start adb emu kill, telling it to
# connect to our mock emulator.
proc = subprocess.Popen(
- ['adb', '-s', 'emulator-' + str(port), 'emu', 'kill'],
+ ["adb", "-s", "emulator-" + str(port), "emu", "kill"],
stderr=subprocess.STDOUT)
accepted_connection, addr = listener.accept()
with contextlib.closing(accepted_connection) as conn:
# If WSAECONNABORTED (10053) is raised by any socket calls,
# then adb probably isn't reading the data that we sent it.
- conn.sendall('Android Console: type \'help\' for a list ' +
- 'of commands\r\n')
- conn.sendall('OK\r\n')
+ conn.sendall(("Android Console: type 'help' for a list "
+ "of commands\r\n").encode("utf8"))
+ conn.sendall(b"OK\r\n")
with contextlib.closing(conn.makefile()) as connf:
line = connf.readline()
- if line.startswith('auth'):
+ if line.startswith("auth"):
# Ignore the first auth line.
line = connf.readline()
- self.assertEqual('kill\n', line)
- self.assertEqual('quit\n', connf.readline())
+ self.assertEqual("kill\n", line)
+ self.assertEqual("quit\n", connf.readline())
- conn.sendall('OK: killing emulator, bye bye\r\n')
+ conn.sendall(b"OK: killing emulator, bye bye\r\n")
# Use SO_LINGER to send TCP RST segment to test whether adb
# ignores WSAECONNRESET on Windows. This happens with the
@@ -341,32 +343,32 @@
Bug: http://b/78991667
"""
with adb_server() as server_port:
- with fake_adbd() as port:
- serial = 'emulator-{}'.format(port - 1)
+ with fake_adbd() as (port, _):
+ serial = "emulator-{}".format(port - 1)
# Ensure that the emulator is not there.
try:
- subprocess.check_output(['adb', '-P', str(server_port),
- '-s', serial, 'get-state'],
+ subprocess.check_output(["adb", "-P", str(server_port),
+ "-s", serial, "get-state"],
stderr=subprocess.STDOUT)
- self.fail('Device should not be available')
+ self.fail("Device should not be available")
except subprocess.CalledProcessError as err:
self.assertEqual(
err.output.strip(),
- 'error: device \'{}\' not found'.format(serial))
+ "error: device '{}' not found".format(serial).encode("utf8"))
# Let the ADB server know that the emulator has started.
with contextlib.closing(
- socket.socket(socket.AF_INET, socket.SOCK_STREAM)) as sock:
- sock.connect(('localhost', server_port))
- command = 'host:emulator:{}'.format(port)
- sock.sendall('%04x%s' % (len(command), command))
+ socket.socket(socket.AF_INET, socket.SOCK_STREAM)) as sock:
+ sock.connect(("localhost", server_port))
+ command = "host:emulator:{}".format(port).encode("utf8")
+ sock.sendall(b"%04x%s" % (len(command), command))
# Ensure the emulator is there.
- subprocess.check_call(['adb', '-P', str(server_port),
- '-s', serial, 'wait-for-device'])
- output = subprocess.check_output(['adb', '-P', str(server_port),
- '-s', serial, 'get-state'])
- self.assertEqual(output.strip(), 'device')
+ subprocess.check_call(["adb", "-P", str(server_port),
+ "-s", serial, "wait-for-device"])
+ output = subprocess.check_output(["adb", "-P", str(server_port),
+ "-s", serial, "get-state"])
+ self.assertEqual(output.strip(), b"device")
class ConnectionTest(unittest.TestCase):
@@ -379,8 +381,8 @@
"""
for protocol in (socket.AF_INET, socket.AF_INET6):
try:
- with fake_adbd(protocol=protocol) as port:
- serial = 'localhost:{}'.format(port)
+ with fake_adbd(protocol=protocol) as (port, _):
+ serial = "localhost:{}".format(port)
with adb_connect(self, serial):
pass
except socket.error:
@@ -390,50 +392,92 @@
def test_already_connected(self):
"""Ensure that an already-connected device stays connected."""
- with fake_adbd() as port:
- serial = 'localhost:{}'.format(port)
+ with fake_adbd() as (port, _):
+ serial = "localhost:{}".format(port)
with adb_connect(self, serial):
# b/31250450: this always returns 0 but probably shouldn't.
- output = subprocess.check_output(['adb', 'connect', serial])
+ output = subprocess.check_output(["adb", "connect", serial])
self.assertEqual(
- output.strip(), 'already connected to {}'.format(serial))
+ output.strip(),
+ "already connected to {}".format(serial).encode("utf8"))
def test_reconnect(self):
"""Ensure that a disconnected device reconnects."""
- with fake_adbd() as port:
- serial = 'localhost:{}'.format(port)
+ with fake_adbd() as (port, _):
+ serial = "localhost:{}".format(port)
with adb_connect(self, serial):
- output = subprocess.check_output(['adb', '-s', serial,
- 'get-state'])
- self.assertEqual(output.strip(), 'device')
+ output = subprocess.check_output(["adb", "-s", serial,
+ "get-state"])
+ self.assertEqual(output.strip(), b"device")
# This will fail.
- proc = subprocess.Popen(['adb', '-s', serial, 'shell', 'true'],
+ proc = subprocess.Popen(["adb", "-s", serial, "shell", "true"],
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
output, _ = proc.communicate()
- self.assertEqual(output.strip(), 'error: closed')
+ self.assertEqual(output.strip(), b"error: closed")
- subprocess.check_call(['adb', '-s', serial, 'wait-for-device'])
+ subprocess.check_call(["adb", "-s", serial, "wait-for-device"])
- output = subprocess.check_output(['adb', '-s', serial,
- 'get-state'])
- self.assertEqual(output.strip(), 'device')
+ output = subprocess.check_output(["adb", "-s", serial,
+ "get-state"])
+ self.assertEqual(output.strip(), b"device")
# Once we explicitly kick a device, it won't attempt to
# reconnect.
- output = subprocess.check_output(['adb', 'disconnect', serial])
+ output = subprocess.check_output(["adb", "disconnect", serial])
self.assertEqual(
- output.strip(), 'disconnected {}'.format(serial))
+ output.strip(),
+ "disconnected {}".format(serial).encode("utf8"))
try:
- subprocess.check_output(['adb', '-s', serial, 'get-state'],
+ subprocess.check_output(["adb", "-s", serial, "get-state"],
stderr=subprocess.STDOUT)
- self.fail('Device should not be available')
+ self.fail("Device should not be available")
except subprocess.CalledProcessError as err:
self.assertEqual(
err.output.strip(),
- 'error: device \'{}\' not found'.format(serial))
+ "error: device '{}' not found".format(serial).encode("utf8"))
+
+
+class DisconnectionTest(unittest.TestCase):
+ """Tests for adb disconnect."""
+
+ def test_disconnect(self):
+ """Ensure that `adb disconnect` takes effect immediately."""
+
+ def _devices(port):
+ output = subprocess.check_output(["adb", "-P", str(port), "devices"])
+ return [x.split("\t") for x in output.decode("utf8").strip().splitlines()[1:]]
+
+ with adb_server() as server_port:
+ with fake_adbd() as (port, sock):
+ device_name = "localhost:{}".format(port)
+ output = subprocess.check_output(["adb", "-P", str(server_port),
+ "connect", device_name])
+ self.assertEqual(output.strip(),
+ "connected to {}".format(device_name).encode("utf8"))
+
+
+ self.assertEqual(_devices(server_port), [[device_name, "device"]])
+
+ # Send a deliberately malformed packet to make the device go offline.
+ packet = struct.pack("IIIIII", 0, 0, 0, 0, 0, 0)
+ sock.sendall(packet)
+
+ # Wait a bit.
+ time.sleep(0.1)
+
+ self.assertEqual(_devices(server_port), [[device_name, "offline"]])
+
+ # Disconnect the device.
+ output = subprocess.check_output(["adb", "-P", str(server_port),
+ "disconnect", device_name])
+
+ # Wait a bit.
+ time.sleep(0.1)
+
+ self.assertEqual(_devices(server_port), [])
def main():
@@ -442,5 +486,5 @@
unittest.main(verbosity=3)
-if __name__ == '__main__':
+if __name__ == "__main__":
main()
diff --git a/adb/test_device.py b/adb/test_device.py
index 4abe7a7..42aadc4 100644
--- a/adb/test_device.py
+++ b/adb/test_device.py
@@ -762,9 +762,10 @@
os.chmod(host_dir, 0o700)
# Create an empty directory.
- os.mkdir(os.path.join(host_dir, 'empty'))
+ empty_dir_path = os.path.join(host_dir, 'empty')
+ os.mkdir(empty_dir_path);
- self.device.push(host_dir, self.DEVICE_TEMP_DIR)
+ self.device.push(empty_dir_path, self.DEVICE_TEMP_DIR)
test_empty_cmd = ['[', '-d',
os.path.join(self.DEVICE_TEMP_DIR, 'empty')]
@@ -1032,7 +1033,8 @@
if host_dir is not None:
shutil.rmtree(host_dir)
- def test_pull_symlink_dir(self):
+ # selinux prevents adbd from accessing symlinks on /data/local/tmp.
+ def disabled_test_pull_symlink_dir(self):
"""Pull a symlink to a directory of symlinks to files."""
try:
host_dir = tempfile.mkdtemp()
diff --git a/adb/transport.cpp b/adb/transport.cpp
index 3c74c75..332e0f8 100644
--- a/adb/transport.cpp
+++ b/adb/transport.cpp
@@ -33,7 +33,7 @@
#include <deque>
#include <list>
#include <mutex>
-#include <queue>
+#include <set>
#include <thread>
#include <android-base/logging.h>
@@ -97,6 +97,9 @@
// Adds the atransport* to the queue of reconnect attempts.
void TrackTransport(atransport* transport);
+ // Wake up the ReconnectHandler thread to have it check for kicked transports.
+ void CheckForKicked();
+
private:
// The main thread loop.
void Run();
@@ -108,9 +111,11 @@
size_t attempts_left;
bool operator<(const ReconnectAttempt& rhs) const {
- // std::priority_queue returns the largest element first, so we want attempts that have
- // less time remaining (i.e. smaller time_points) to compare greater.
- return reconnect_time > rhs.reconnect_time;
+ if (reconnect_time == rhs.reconnect_time) {
+ return reinterpret_cast<uintptr_t>(transport) <
+ reinterpret_cast<uintptr_t>(rhs.transport);
+ }
+ return reconnect_time < rhs.reconnect_time;
}
};
@@ -123,7 +128,7 @@
bool running_ GUARDED_BY(reconnect_mutex_) = true;
std::thread handler_thread_;
std::condition_variable reconnect_cv_;
- std::priority_queue<ReconnectAttempt> reconnect_queue_ GUARDED_BY(reconnect_mutex_);
+ std::set<ReconnectAttempt> reconnect_queue_ GUARDED_BY(reconnect_mutex_);
DISALLOW_COPY_AND_ASSIGN(ReconnectHandler);
};
@@ -145,8 +150,8 @@
// Drain the queue to free all resources.
std::lock_guard<std::mutex> lock(reconnect_mutex_);
while (!reconnect_queue_.empty()) {
- ReconnectAttempt attempt = reconnect_queue_.top();
- reconnect_queue_.pop();
+ ReconnectAttempt attempt = *reconnect_queue_.begin();
+ reconnect_queue_.erase(reconnect_queue_.begin());
remove_transport(attempt.transport);
}
}
@@ -164,6 +169,10 @@
reconnect_cv_.notify_one();
}
+void ReconnectHandler::CheckForKicked() {
+ reconnect_cv_.notify_one();
+}
+
void ReconnectHandler::Run() {
while (true) {
ReconnectAttempt attempt;
@@ -176,28 +185,38 @@
// system_clock as its clock, so we're probably hosed if the clock changes,
// even if we use steady_clock throughout. This problem goes away once we
// switch to libc++.
- reconnect_cv_.wait_until(lock, reconnect_queue_.top().reconnect_time);
+ reconnect_cv_.wait_until(lock, reconnect_queue_.begin()->reconnect_time);
} else {
reconnect_cv_.wait(lock);
}
if (!running_) return;
+
+ // Scan the whole list for kicked transports, so that we immediately handle an explicit
+ // disconnect request.
+ bool kicked = false;
+ for (auto it = reconnect_queue_.begin(); it != reconnect_queue_.end();) {
+ if (it->transport->kicked()) {
+ D("transport %s was kicked. giving up on it.", it->transport->serial.c_str());
+ remove_transport(it->transport);
+ it = reconnect_queue_.erase(it);
+ } else {
+ ++it;
+ }
+ kicked = true;
+ }
+
if (reconnect_queue_.empty()) continue;
- // Go back to sleep in case |reconnect_cv_| woke up spuriously and we still
- // have more time to wait for the current attempt.
+ // Go back to sleep if we either woke up spuriously, or we were woken up to remove
+ // a kicked transport, and the first transport isn't ready for reconnection yet.
auto now = std::chrono::steady_clock::now();
- if (reconnect_queue_.top().reconnect_time > now) {
+ if (reconnect_queue_.begin()->reconnect_time > now) {
continue;
}
- attempt = reconnect_queue_.top();
- reconnect_queue_.pop();
- if (attempt.transport->kicked()) {
- D("transport %s was kicked. giving up on it.", attempt.transport->serial.c_str());
- remove_transport(attempt.transport);
- continue;
- }
+ attempt = *reconnect_queue_.begin();
+ reconnect_queue_.erase(reconnect_queue_.begin());
}
D("attempting to reconnect %s", attempt.transport->serial.c_str());
@@ -446,6 +465,10 @@
if (std::find(transport_list.begin(), transport_list.end(), t) != transport_list.end()) {
t->Kick();
}
+
+#if ADB_HOST
+ reconnect_handler.CheckForKicked();
+#endif
}
static int transport_registration_send = -1;
@@ -1190,14 +1213,15 @@
}
#endif // ADB_HOST
-int register_socket_transport(unique_fd s, std::string serial, int port, int local,
- atransport::ReconnectCallback reconnect) {
+bool register_socket_transport(unique_fd s, std::string serial, int port, int local,
+ atransport::ReconnectCallback reconnect, int* error) {
atransport* t = new atransport(std::move(reconnect), kCsOffline);
D("transport: %s init'ing for socket %d, on port %d", serial.c_str(), s.get(), port);
if (init_socket_transport(t, std::move(s), port, local) < 0) {
delete t;
- return -1;
+ if (error) *error = errno;
+ return false;
}
std::unique_lock<std::recursive_mutex> lock(transport_lock);
@@ -1206,7 +1230,8 @@
VLOG(TRANSPORT) << "socket transport " << transport->serial
<< " is already in pending_list and fails to register";
delete t;
- return -EALREADY;
+ if (error) *error = EALREADY;
+ return false;
}
}
@@ -1215,7 +1240,8 @@
VLOG(TRANSPORT) << "socket transport " << transport->serial
<< " is already in transport_list and fails to register";
delete t;
- return -EALREADY;
+ if (error) *error = EALREADY;
+ return false;
}
}
@@ -1229,10 +1255,20 @@
if (local == 1) {
// Do not wait for emulator transports.
- return 0;
+ return true;
}
- return waitable->WaitForConnection(std::chrono::seconds(10)) ? 0 : -1;
+ if (!waitable->WaitForConnection(std::chrono::seconds(10))) {
+ if (error) *error = ETIMEDOUT;
+ return false;
+ }
+
+ if (t->GetConnectionState() == kCsUnauthorized) {
+ if (error) *error = EPERM;
+ return false;
+ }
+
+ return true;
}
#if ADB_HOST
@@ -1261,6 +1297,9 @@
t->Kick();
}
}
+#if ADB_HOST
+ reconnect_handler.CheckForKicked();
+#endif
}
#endif
diff --git a/adb/transport.h b/adb/transport.h
index 4bfc2ce..f362f24 100644
--- a/adb/transport.h
+++ b/adb/transport.h
@@ -364,8 +364,8 @@
void connect_device(const std::string& address, std::string* response);
/* cause new transports to be init'd and added to the list */
-int register_socket_transport(unique_fd s, std::string serial, int port, int local,
- atransport::ReconnectCallback reconnect);
+bool register_socket_transport(unique_fd s, std::string serial, int port, int local,
+ atransport::ReconnectCallback reconnect, int* error = nullptr);
// This should only be used for transports with connection_state == kCsNoPerm.
void unregister_usb_transport(usb_handle* usb);
diff --git a/adb/transport_local.cpp b/adb/transport_local.cpp
index b20dee9..1431252 100644
--- a/adb/transport_local.cpp
+++ b/adb/transport_local.cpp
@@ -125,10 +125,12 @@
return init_socket_transport(t, std::move(fd), port, 0) >= 0;
};
- int ret = register_socket_transport(std::move(fd), serial, port, 0, std::move(reconnect));
- if (ret < 0) {
- if (ret == -EALREADY) {
+ int error;
+ if (!register_socket_transport(std::move(fd), serial, port, 0, std::move(reconnect), &error)) {
+ if (error == EALREADY) {
*response = android::base::StringPrintf("already connected to %s", serial.c_str());
+ } else if (error == EPERM) {
+ *response = android::base::StringPrintf("failed to authenticate to %s", serial.c_str());
} else {
*response = android::base::StringPrintf("failed to connect to %s", serial.c_str());
}
@@ -162,7 +164,7 @@
disable_tcp_nagle(fd.get());
std::string serial = getEmulatorSerialString(console_port);
if (register_socket_transport(std::move(fd), std::move(serial), adb_port, 1,
- [](atransport*) { return false; }) == 0) {
+ [](atransport*) { return false; })) {
return 0;
}
}
diff --git a/adf/libadf/Android.bp b/adf/libadf/Android.bp
index 8eef2ea..49e3721 100644
--- a/adf/libadf/Android.bp
+++ b/adf/libadf/Android.bp
@@ -14,6 +14,7 @@
cc_library {
name: "libadf",
+ recovery_available: true,
vendor_available: true,
vndk: {
enabled: true,
diff --git a/base/Android.bp b/base/Android.bp
index 46a0233..3d80d97 100644
--- a/base/Android.bp
+++ b/base/Android.bp
@@ -135,7 +135,6 @@
"strings_test.cpp",
"test_main.cpp",
"test_utils_test.cpp",
- "unique_fd_test.cpp",
],
target: {
android: {
diff --git a/base/include/android-base/parsedouble.h b/base/include/android-base/parsedouble.h
index c273c61..ccffba2 100644
--- a/base/include/android-base/parsedouble.h
+++ b/base/include/android-base/parsedouble.h
@@ -20,28 +20,58 @@
#include <stdlib.h>
#include <limits>
+#include <string>
namespace android {
namespace base {
-// Parse double value in the string 's' and sets 'out' to that value.
+// Parse floating value in the string 's' and sets 'out' to that value if it exists.
// Optionally allows the caller to define a 'min' and 'max' beyond which
// otherwise valid values will be rejected. Returns boolean success.
-static inline bool ParseDouble(const char* s, double* out,
- double min = std::numeric_limits<double>::lowest(),
- double max = std::numeric_limits<double>::max()) {
+template <typename T, T (*strtox)(const char* str, char** endptr)>
+static inline bool ParseFloatingPoint(const char* s, T* out, T min, T max) {
errno = 0;
char* end;
- double result = strtod(s, &end);
+ T result = strtox(s, &end);
if (errno != 0 || s == end || *end != '\0') {
return false;
}
if (result < min || max < result) {
return false;
}
- *out = result;
+ if (out != nullptr) {
+ *out = result;
+ }
return true;
}
+// Parse double value in the string 's' and sets 'out' to that value if it exists.
+// Optionally allows the caller to define a 'min' and 'max' beyond which
+// otherwise valid values will be rejected. Returns boolean success.
+static inline bool ParseDouble(const char* s, double* out,
+ double min = std::numeric_limits<double>::lowest(),
+ double max = std::numeric_limits<double>::max()) {
+ return ParseFloatingPoint<double, strtod>(s, out, min, max);
+}
+static inline bool ParseDouble(const std::string& s, double* out,
+ double min = std::numeric_limits<double>::lowest(),
+ double max = std::numeric_limits<double>::max()) {
+ return ParseFloatingPoint<double, strtod>(s.c_str(), out, min, max);
+}
+
+// Parse float value in the string 's' and sets 'out' to that value if it exists.
+// Optionally allows the caller to define a 'min' and 'max' beyond which
+// otherwise valid values will be rejected. Returns boolean success.
+static inline bool ParseFloat(const char* s, float* out,
+ float min = std::numeric_limits<float>::lowest(),
+ float max = std::numeric_limits<float>::max()) {
+ return ParseFloatingPoint<float, strtof>(s, out, min, max);
+}
+static inline bool ParseFloat(const std::string& s, float* out,
+ float min = std::numeric_limits<float>::lowest(),
+ float max = std::numeric_limits<float>::max()) {
+ return ParseFloatingPoint<float, strtof>(s.c_str(), out, min, max);
+}
+
} // namespace base
} // namespace android
diff --git a/base/include/android-base/parseint.h b/base/include/android-base/parseint.h
index bb54c99..55f1ed3 100644
--- a/base/include/android-base/parseint.h
+++ b/base/include/android-base/parseint.h
@@ -27,9 +27,9 @@
namespace base {
// Parses the unsigned decimal or hexadecimal integer in the string 's' and sets
-// 'out' to that value. Optionally allows the caller to define a 'max' beyond
-// which otherwise valid values will be rejected. Returns boolean success; 'out'
-// is untouched if parsing fails.
+// 'out' to that value if it is specified. Optionally allows the caller to define
+// a 'max' beyond which otherwise valid values will be rejected. Returns boolean
+// success; 'out' is untouched if parsing fails.
template <typename T>
bool ParseUint(const char* s, T* out, T max = std::numeric_limits<T>::max(),
bool allow_suffixes = false) {
@@ -72,9 +72,9 @@
}
// Parses the signed decimal or hexadecimal integer in the string 's' and sets
-// 'out' to that value. Optionally allows the caller to define a 'min' and 'max'
-// beyond which otherwise valid values will be rejected. Returns boolean
-// success; 'out' is untouched if parsing fails.
+// 'out' to that value if it is specified. Optionally allows the caller to define
+// a 'min' and 'max' beyond which otherwise valid values will be rejected. Returns
+// boolean success; 'out' is untouched if parsing fails.
template <typename T>
bool ParseInt(const char* s, T* out,
T min = std::numeric_limits<T>::min(),
diff --git a/base/include/android-base/utf8.h b/base/include/android-base/utf8.h
old mode 100755
new mode 100644
diff --git a/base/parsedouble_test.cpp b/base/parsedouble_test.cpp
index 8734c42..ec3c10c 100644
--- a/base/parsedouble_test.cpp
+++ b/base/parsedouble_test.cpp
@@ -18,7 +18,7 @@
#include <gtest/gtest.h>
-TEST(parsedouble, smoke) {
+TEST(parsedouble, double_smoke) {
double d;
ASSERT_FALSE(android::base::ParseDouble("", &d));
ASSERT_FALSE(android::base::ParseDouble("x", &d));
@@ -35,4 +35,33 @@
ASSERT_FALSE(android::base::ParseDouble("3.0", &d, -1.0, 2.0));
ASSERT_TRUE(android::base::ParseDouble("1.0", &d, 0.0, 2.0));
ASSERT_DOUBLE_EQ(1.0, d);
+
+ ASSERT_FALSE(android::base::ParseDouble("123.4x", nullptr));
+ ASSERT_TRUE(android::base::ParseDouble("-123.4", nullptr));
+ ASSERT_FALSE(android::base::ParseDouble("3.0", nullptr, -1.0, 2.0));
+ ASSERT_TRUE(android::base::ParseDouble("1.0", nullptr, 0.0, 2.0));
+}
+
+TEST(parsedouble, float_smoke) {
+ float f;
+ ASSERT_FALSE(android::base::ParseFloat("", &f));
+ ASSERT_FALSE(android::base::ParseFloat("x", &f));
+ ASSERT_FALSE(android::base::ParseFloat("123.4x", &f));
+
+ ASSERT_TRUE(android::base::ParseFloat("123.4", &f));
+ ASSERT_FLOAT_EQ(123.4, f);
+ ASSERT_TRUE(android::base::ParseFloat("-123.4", &f));
+ ASSERT_FLOAT_EQ(-123.4, f);
+
+ ASSERT_TRUE(android::base::ParseFloat("0", &f, 0.0));
+ ASSERT_FLOAT_EQ(0.0, f);
+ ASSERT_FALSE(android::base::ParseFloat("0", &f, 1e-9));
+ ASSERT_FALSE(android::base::ParseFloat("3.0", &f, -1.0, 2.0));
+ ASSERT_TRUE(android::base::ParseFloat("1.0", &f, 0.0, 2.0));
+ ASSERT_FLOAT_EQ(1.0, f);
+
+ ASSERT_FALSE(android::base::ParseFloat("123.4x", nullptr));
+ ASSERT_TRUE(android::base::ParseFloat("-123.4", nullptr));
+ ASSERT_FALSE(android::base::ParseFloat("3.0", nullptr, -1.0, 2.0));
+ ASSERT_TRUE(android::base::ParseFloat("1.0", nullptr, 0.0, 2.0));
}
diff --git a/base/unique_fd_test.cpp b/base/unique_fd_test.cpp
deleted file mode 100644
index 3fdf12a..0000000
--- a/base/unique_fd_test.cpp
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright (C) 2018 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "android-base/unique_fd.h"
-
-#include <gtest/gtest.h>
-
-#include <errno.h>
-#include <fcntl.h>
-#include <unistd.h>
-
-using android::base::unique_fd;
-
-TEST(unique_fd, unowned_close) {
-#if defined(__BIONIC__)
- unique_fd fd(open("/dev/null", O_RDONLY));
- EXPECT_DEATH(close(fd.get()), "incorrect tag");
-#endif
-}
-
-TEST(unique_fd, untag_on_release) {
- unique_fd fd(open("/dev/null", O_RDONLY));
- close(fd.release());
-}
-
-TEST(unique_fd, move) {
- unique_fd fd(open("/dev/null", O_RDONLY));
- unique_fd fd_moved = std::move(fd);
- ASSERT_EQ(-1, fd.get());
- ASSERT_GT(fd_moved.get(), -1);
-}
-
-TEST(unique_fd, unowned_close_after_move) {
-#if defined(__BIONIC__)
- unique_fd fd(open("/dev/null", O_RDONLY));
- unique_fd fd_moved = std::move(fd);
- ASSERT_EQ(-1, fd.get());
- ASSERT_GT(fd_moved.get(), -1);
- EXPECT_DEATH(close(fd_moved.get()), "incorrect tag");
-#endif
-}
diff --git a/bootstat/bootstat.cpp b/bootstat/bootstat.cpp
index d909ec6..c17e00f 100644
--- a/bootstat/bootstat.cpp
+++ b/bootstat/bootstat.cpp
@@ -186,7 +186,7 @@
{"wdog_bark", 42},
{"wdog_bite", 43},
{"wdog_reset", 44},
- {"shutdown,", 45}, // Trailing comma is intentional.
+ {"shutdown,", 45}, // Trailing comma is intentional. Do NOT use.
{"shutdown,userrequested", 46},
{"reboot,bootloader", 47},
{"reboot,cold", 48},
@@ -262,8 +262,8 @@
{"oem_rpm_undef_error", 116},
{"oem_crash_on_the_lk", 117},
{"oem_rpm_reset", 118},
- {"oem_lpass_cfg", 119},
- {"oem_xpu_ns_error", 120},
+ {"REUSE1", 119}, // Former dupe, can be re-used
+ {"REUSE2", 120}, // Former dupe, can be re-used
{"factory_cable", 121},
{"oem_ar6320_failed_to_powerup", 122},
{"watchdog_rpm_bite", 123},
diff --git a/fastboot/Android.bp b/fastboot/Android.bp
index 51cc62a..3414d53 100644
--- a/fastboot/Android.bp
+++ b/fastboot/Android.bp
@@ -94,27 +94,30 @@
srcs: [
"device/commands.cpp",
"device/fastboot_device.cpp",
+ "device/flashing.cpp",
"device/main.cpp",
"device/usb_client.cpp",
+ "device/utility.cpp",
+ "device/variables.cpp",
],
shared_libs: [
- "libasyncio",
- "libext4_utils",
- "libsparse",
- "liblog",
- "libbootloader_message",
- "libhidltransport",
- "libhidlbase",
- "libhwbinder",
- "libbase",
- "libutils",
- "libcutils",
- "libfs_mgr",
- ],
-
- static_libs: [
+ "android.hardware.boot@1.0",
"libadbd",
+ "libasyncio",
+ "libbase",
+ "libbootloader_message",
+ "libcutils",
+ "libext2_uuid",
+ "libext4_utils",
+ "libfs_mgr",
+ "libhidlbase",
+ "libhidltransport",
+ "libhwbinder",
+ "liblog",
+ "liblp",
+ "libsparse",
+ "libutils",
],
cpp_std: "c++17",
diff --git a/fastboot/Android.mk b/fastboot/Android.mk
index 60c338c..a679143 100644
--- a/fastboot/Android.mk
+++ b/fastboot/Android.mk
@@ -82,6 +82,7 @@
LOCAL_CFLAGS := $(fastboot_cflags)
LOCAL_CFLAGS_darwin := $(fastboot_cflags_darwin)
+LOCAL_CPP_STD := c++17
LOCAL_CXX_STL := $(fastboot_stl)
LOCAL_HEADER_LIBRARIES := bootimg_headers
LOCAL_LDLIBS_darwin := $(fastboot_ldlibs_darwin)
diff --git a/fastboot/constants.h b/fastboot/constants.h
index 7caca3d..43daab0 100644
--- a/fastboot/constants.h
+++ b/fastboot/constants.h
@@ -30,6 +30,9 @@
#define FB_CMD_REBOOT_RECOVERY "reboot-recovery"
#define FB_CMD_REBOOT_FASTBOOT "reboot-fastboot"
#define FB_CMD_POWERDOWN "powerdown"
+#define FB_CMD_CREATE_PARTITION "create-logical-partition"
+#define FB_CMD_DELETE_PARTITION "delete-logical-partition"
+#define FB_CMD_RESIZE_PARTITION "resize-logical-partition"
#define RESPONSE_OKAY "OKAY"
#define RESPONSE_FAIL "FAIL"
@@ -51,3 +54,7 @@
#define FB_VAR_HAS_SLOT "has-slot"
#define FB_VAR_SLOT_COUNT "slot-count"
#define FB_VAR_PARTITION_SIZE "partition-size"
+#define FB_VAR_SLOT_SUCCESSFUL "slot-successful"
+#define FB_VAR_SLOT_UNBOOTABLE "slot-unbootable"
+#define FB_VAR_IS_LOGICAL "is-logical"
+#define FB_VAR_IS_USERSPACE "is-userspace"
diff --git a/fastboot/device/commands.cpp b/fastboot/device/commands.cpp
index a3cbf96..690bfa8 100644
--- a/fastboot/device/commands.cpp
+++ b/fastboot/device/commands.cpp
@@ -26,8 +26,65 @@
#include <android-base/strings.h>
#include <android-base/unique_fd.h>
#include <cutils/android_reboot.h>
+#include <ext4_utils/wipe.h>
+#include <liblp/builder.h>
+#include <liblp/liblp.h>
+#include <uuid/uuid.h>
+#include "constants.h"
#include "fastboot_device.h"
+#include "flashing.h"
+#include "utility.h"
+
+using ::android::hardware::hidl_string;
+using ::android::hardware::boot::V1_0::BoolResult;
+using ::android::hardware::boot::V1_0::CommandResult;
+using ::android::hardware::boot::V1_0::Slot;
+using namespace android::fs_mgr;
+
+bool GetVarHandler(FastbootDevice* device, const std::vector<std::string>& args) {
+ using VariableHandler = std::function<bool(FastbootDevice*, const std::vector<std::string>&)>;
+ const std::unordered_map<std::string, VariableHandler> kVariableMap = {
+ {FB_VAR_VERSION, GetVersion},
+ {FB_VAR_VERSION_BOOTLOADER, GetBootloaderVersion},
+ {FB_VAR_VERSION_BASEBAND, GetBasebandVersion},
+ {FB_VAR_PRODUCT, GetProduct},
+ {FB_VAR_SERIALNO, GetSerial},
+ {FB_VAR_SECURE, GetSecure},
+ {FB_VAR_UNLOCKED, GetUnlocked},
+ {FB_VAR_MAX_DOWNLOAD_SIZE, GetMaxDownloadSize},
+ {FB_VAR_CURRENT_SLOT, ::GetCurrentSlot},
+ {FB_VAR_SLOT_COUNT, GetSlotCount},
+ {FB_VAR_HAS_SLOT, GetHasSlot},
+ {FB_VAR_SLOT_SUCCESSFUL, GetSlotSuccessful},
+ {FB_VAR_SLOT_UNBOOTABLE, GetSlotUnbootable},
+ {FB_VAR_PARTITION_SIZE, GetPartitionSize},
+ {FB_VAR_IS_LOGICAL, GetPartitionIsLogical},
+ {FB_VAR_IS_USERSPACE, GetIsUserspace}};
+
+ // args[0] is command name, args[1] is variable.
+ auto found_variable = kVariableMap.find(args[1]);
+ if (found_variable == kVariableMap.end()) {
+ return device->WriteStatus(FastbootResult::FAIL, "Unknown variable");
+ }
+
+ std::vector<std::string> getvar_args(args.begin() + 2, args.end());
+ return found_variable->second(device, getvar_args);
+}
+
+bool EraseHandler(FastbootDevice* device, const std::vector<std::string>& args) {
+ if (args.size() < 2) {
+ return device->WriteStatus(FastbootResult::FAIL, "Invalid arguments");
+ }
+ PartitionHandle handle;
+ if (!OpenPartition(device, args[1], &handle)) {
+ return device->WriteStatus(FastbootResult::FAIL, "Partition doesn't exist");
+ }
+ if (wipe_block_device(handle.fd(), get_block_device_size(handle.fd())) == 0) {
+ return device->WriteStatus(FastbootResult::OKAY, "Erasing succeeded");
+ }
+ return device->WriteStatus(FastbootResult::FAIL, "Erasing failed");
+}
bool DownloadHandler(FastbootDevice* device, const std::vector<std::string>& args) {
if (args.size() < 2) {
@@ -38,12 +95,12 @@
if (!android::base::ParseUint("0x" + args[1], &size, UINT_MAX)) {
return device->WriteStatus(FastbootResult::FAIL, "Invalid size");
}
- device->get_download_data().resize(size);
+ device->download_data().resize(size);
if (!device->WriteStatus(FastbootResult::DATA, android::base::StringPrintf("%08x", size))) {
return false;
}
- if (device->HandleData(true, &device->get_download_data())) {
+ if (device->HandleData(true, &device->download_data())) {
return device->WriteStatus(FastbootResult::OKAY, "");
}
@@ -51,8 +108,42 @@
return device->WriteStatus(FastbootResult::FAIL, "Couldn't download data");
}
-bool SetActiveHandler(FastbootDevice* device, const std::vector<std::string>& /* args */) {
- return device->WriteStatus(FastbootResult::OKAY, "");
+bool FlashHandler(FastbootDevice* device, const std::vector<std::string>& args) {
+ if (args.size() < 2) {
+ return device->WriteStatus(FastbootResult::FAIL, "Invalid arguments");
+ }
+ int ret = Flash(device, args[1]);
+ if (ret < 0) {
+ return device->WriteStatus(FastbootResult::FAIL, strerror(-ret));
+ }
+ return device->WriteStatus(FastbootResult::OKAY, "Flashing succeeded");
+}
+
+bool SetActiveHandler(FastbootDevice* device, const std::vector<std::string>& args) {
+ if (args.size() < 2) {
+ return device->WriteStatus(FastbootResult::FAIL, "Missing slot argument");
+ }
+
+ // Slot suffix needs to be between 'a' and 'z'.
+ Slot slot;
+ if (!GetSlotNumber(args[1], &slot)) {
+ return device->WriteStatus(FastbootResult::FAIL, "Bad slot suffix");
+ }
+
+ // Non-A/B devices will not have a boot control HAL.
+ auto boot_control_hal = device->boot_control_hal();
+ if (!boot_control_hal) {
+ return device->WriteStatus(FastbootResult::FAIL,
+ "Cannot set slot: boot control HAL absent");
+ }
+ if (slot >= boot_control_hal->getNumberSlots()) {
+ return device->WriteStatus(FastbootResult::FAIL, "Slot out of range");
+ }
+ CommandResult ret;
+ auto cb = [&ret](CommandResult result) { ret = result; };
+ auto result = boot_control_hal->setActiveBootSlot(slot, cb);
+ if (result.isOk() && ret.success) return device->WriteStatus(FastbootResult::OKAY, "");
+ return device->WriteStatus(FastbootResult::FAIL, "Unable to set slot");
}
bool ShutDownHandler(FastbootDevice* device, const std::vector<std::string>& /* args */) {
@@ -124,3 +215,124 @@
TEMP_FAILURE_RETRY(pause());
return status;
}
+
+// Helper class for opening a handle to a MetadataBuilder and writing the new
+// partition table to the same place it was read.
+class PartitionBuilder {
+ public:
+ explicit PartitionBuilder(FastbootDevice* device);
+
+ bool Write();
+ bool Valid() const { return !!builder_; }
+ MetadataBuilder* operator->() const { return builder_.get(); }
+
+ private:
+ std::string super_device_;
+ uint32_t slot_number_;
+ std::unique_ptr<MetadataBuilder> builder_;
+};
+
+PartitionBuilder::PartitionBuilder(FastbootDevice* device) {
+ auto super_device = FindPhysicalPartition(LP_METADATA_PARTITION_NAME);
+ if (!super_device) {
+ return;
+ }
+ super_device_ = *super_device;
+
+ std::string slot = device->GetCurrentSlot();
+ slot_number_ = SlotNumberForSlotSuffix(slot);
+ builder_ = MetadataBuilder::New(super_device_, slot_number_);
+}
+
+bool PartitionBuilder::Write() {
+ std::unique_ptr<LpMetadata> metadata = builder_->Export();
+ if (!metadata) {
+ return false;
+ }
+ return UpdatePartitionTable(super_device_, *metadata.get(), slot_number_);
+}
+
+bool CreatePartitionHandler(FastbootDevice* device, const std::vector<std::string>& args) {
+ if (args.size() < 3) {
+ return device->WriteFail("Invalid partition name and size");
+ }
+
+ uint64_t partition_size;
+ std::string partition_name = args[1];
+ if (!android::base::ParseUint(args[2].c_str(), &partition_size)) {
+ return device->WriteFail("Invalid partition size");
+ }
+
+ PartitionBuilder builder(device);
+ if (!builder.Valid()) {
+ return device->WriteFail("Could not open super partition");
+ }
+ // TODO(112433293) Disallow if the name is in the physical table as well.
+ if (builder->FindPartition(partition_name)) {
+ return device->WriteFail("Partition already exists");
+ }
+
+ // Make a random UUID, since they're not currently used.
+ uuid_t uuid;
+ char uuid_str[37];
+ uuid_generate_random(uuid);
+ uuid_unparse(uuid, uuid_str);
+
+ Partition* partition = builder->AddPartition(partition_name, uuid_str, 0);
+ if (!partition) {
+ return device->WriteFail("Failed to add partition");
+ }
+ if (!builder->ResizePartition(partition, partition_size)) {
+ builder->RemovePartition(partition_name);
+ return device->WriteFail("Not enough space for partition");
+ }
+ if (!builder.Write()) {
+ return device->WriteFail("Failed to write partition table");
+ }
+ return device->WriteOkay("Partition created");
+}
+
+bool DeletePartitionHandler(FastbootDevice* device, const std::vector<std::string>& args) {
+ if (args.size() < 2) {
+ return device->WriteFail("Invalid partition name and size");
+ }
+
+ PartitionBuilder builder(device);
+ if (!builder.Valid()) {
+ return device->WriteFail("Could not open super partition");
+ }
+ builder->RemovePartition(args[1]);
+ if (!builder.Write()) {
+ return device->WriteFail("Failed to write partition table");
+ }
+ return device->WriteOkay("Partition deleted");
+}
+
+bool ResizePartitionHandler(FastbootDevice* device, const std::vector<std::string>& args) {
+ if (args.size() < 3) {
+ return device->WriteFail("Invalid partition name and size");
+ }
+
+ uint64_t partition_size;
+ std::string partition_name = args[1];
+ if (!android::base::ParseUint(args[2].c_str(), &partition_size)) {
+ return device->WriteFail("Invalid partition size");
+ }
+
+ PartitionBuilder builder(device);
+ if (!builder.Valid()) {
+ return device->WriteFail("Could not open super partition");
+ }
+
+ Partition* partition = builder->FindPartition(partition_name);
+ if (!partition) {
+ return device->WriteFail("Partition does not exist");
+ }
+ if (!builder->ResizePartition(partition, partition_size)) {
+ return device->WriteFail("Not enough space to resize partition");
+ }
+ if (!builder.Write()) {
+ return device->WriteFail("Failed to write partition table");
+ }
+ return device->WriteOkay("Partition resized");
+}
diff --git a/fastboot/device/commands.h b/fastboot/device/commands.h
index cd984c8..f67df91 100644
--- a/fastboot/device/commands.h
+++ b/fastboot/device/commands.h
@@ -38,3 +38,9 @@
bool RebootBootloaderHandler(FastbootDevice* device, const std::vector<std::string>& args);
bool RebootFastbootHandler(FastbootDevice* device, const std::vector<std::string>& args);
bool RebootRecoveryHandler(FastbootDevice* device, const std::vector<std::string>& args);
+bool GetVarHandler(FastbootDevice* device, const std::vector<std::string>& args);
+bool EraseHandler(FastbootDevice* device, const std::vector<std::string>& args);
+bool FlashHandler(FastbootDevice* device, const std::vector<std::string>& args);
+bool CreatePartitionHandler(FastbootDevice* device, const std::vector<std::string>& args);
+bool DeletePartitionHandler(FastbootDevice* device, const std::vector<std::string>& args);
+bool ResizePartitionHandler(FastbootDevice* device, const std::vector<std::string>& args);
diff --git a/fastboot/device/fastboot_device.cpp b/fastboot/device/fastboot_device.cpp
index 4c3d23f..c306e67 100644
--- a/fastboot/device/fastboot_device.cpp
+++ b/fastboot/device/fastboot_device.cpp
@@ -18,23 +18,37 @@
#include <android-base/logging.h>
#include <android-base/strings.h>
+#include <android/hardware/boot/1.0/IBootControl.h>
#include <algorithm>
#include "constants.h"
+#include "flashing.h"
#include "usb_client.h"
+using ::android::hardware::hidl_string;
+using ::android::hardware::boot::V1_0::IBootControl;
+using ::android::hardware::boot::V1_0::Slot;
+namespace sph = std::placeholders;
+
FastbootDevice::FastbootDevice()
: kCommandMap({
{FB_CMD_SET_ACTIVE, SetActiveHandler},
{FB_CMD_DOWNLOAD, DownloadHandler},
+ {FB_CMD_GETVAR, GetVarHandler},
{FB_CMD_SHUTDOWN, ShutDownHandler},
{FB_CMD_REBOOT, RebootHandler},
{FB_CMD_REBOOT_BOOTLOADER, RebootBootloaderHandler},
{FB_CMD_REBOOT_FASTBOOT, RebootFastbootHandler},
{FB_CMD_REBOOT_RECOVERY, RebootRecoveryHandler},
+ {FB_CMD_ERASE, EraseHandler},
+ {FB_CMD_FLASH, FlashHandler},
+ {FB_CMD_CREATE_PARTITION, CreatePartitionHandler},
+ {FB_CMD_DELETE_PARTITION, DeletePartitionHandler},
+ {FB_CMD_RESIZE_PARTITION, ResizePartitionHandler},
}),
- transport_(std::make_unique<ClientUsbTransport>()) {}
+ transport_(std::make_unique<ClientUsbTransport>()),
+ boot_control_hal_(IBootControl::getService()) {}
FastbootDevice::~FastbootDevice() {
CloseDevice();
@@ -44,9 +58,21 @@
transport_->Close();
}
+std::string FastbootDevice::GetCurrentSlot() {
+ // Non-A/B devices must not have boot control HALs.
+ if (!boot_control_hal_) {
+ return "";
+ }
+ std::string suffix;
+ auto cb = [&suffix](hidl_string s) { suffix = s; };
+ boot_control_hal_->getSuffix(boot_control_hal_->getCurrentSlot(), cb);
+ return suffix;
+}
+
bool FastbootDevice::WriteStatus(FastbootResult result, const std::string& message) {
constexpr size_t kResponseReasonSize = 4;
constexpr size_t kNumResponseTypes = 4; // "FAIL", "OKAY", "INFO", "DATA"
+
char buf[FB_RESPONSE_SZ];
constexpr size_t kMaxMessageSize = sizeof(buf) - kResponseReasonSize;
size_t msg_len = std::min(kMaxMessageSize, message.size());
@@ -102,3 +128,11 @@
}
}
}
+
+bool FastbootDevice::WriteOkay(const std::string& message) {
+ return WriteStatus(FastbootResult::OKAY, message);
+}
+
+bool FastbootDevice::WriteFail(const std::string& message) {
+ return WriteStatus(FastbootResult::FAIL, message);
+}
diff --git a/fastboot/device/fastboot_device.h b/fastboot/device/fastboot_device.h
index fec42a7..addc2ef 100644
--- a/fastboot/device/fastboot_device.h
+++ b/fastboot/device/fastboot_device.h
@@ -22,10 +22,11 @@
#include <utility>
#include <vector>
+#include <android/hardware/boot/1.0/IBootControl.h>
+
#include "commands.h"
#include "transport.h"
-
-class FastbootDevice;
+#include "variables.h"
class FastbootDevice {
public:
@@ -36,17 +37,22 @@
void ExecuteCommands();
bool WriteStatus(FastbootResult result, const std::string& message);
bool HandleData(bool read, std::vector<char>* data);
+ std::string GetCurrentSlot();
- std::vector<char>& get_download_data() { return download_data_; }
- void set_upload_data(const std::vector<char>& data) { upload_data_ = data; }
- void set_upload_data(std::vector<char>&& data) { upload_data_ = std::move(data); }
+ // Shortcuts for writing OKAY and FAIL status results.
+ bool WriteOkay(const std::string& message);
+ bool WriteFail(const std::string& message);
+
+ std::vector<char>& download_data() { return download_data_; }
Transport* get_transport() { return transport_.get(); }
+ android::sp<android::hardware::boot::V1_0::IBootControl> boot_control_hal() {
+ return boot_control_hal_;
+ }
private:
const std::unordered_map<std::string, CommandHandler> kCommandMap;
std::unique_ptr<Transport> transport_;
-
+ android::sp<android::hardware::boot::V1_0::IBootControl> boot_control_hal_;
std::vector<char> download_data_;
- std::vector<char> upload_data_;
};
diff --git a/fastboot/device/flashing.cpp b/fastboot/device/flashing.cpp
new file mode 100644
index 0000000..b5ed170
--- /dev/null
+++ b/fastboot/device/flashing.cpp
@@ -0,0 +1,101 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "flashing.h"
+
+#include <fcntl.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include <algorithm>
+#include <memory>
+
+#include <android-base/logging.h>
+#include <android-base/strings.h>
+#include <ext4_utils/ext4_utils.h>
+#include <sparse/sparse.h>
+
+#include "fastboot_device.h"
+#include "utility.h"
+
+namespace {
+
+constexpr uint32_t SPARSE_HEADER_MAGIC = 0xed26ff3a;
+
+} // namespace
+
+int FlashRawDataChunk(int fd, const char* data, size_t len) {
+ size_t ret = 0;
+ while (ret < len) {
+ int this_len = std::min(static_cast<size_t>(1048576UL * 8), len - ret);
+ int this_ret = write(fd, data, this_len);
+ if (this_ret < 0) {
+ PLOG(ERROR) << "Failed to flash data of len " << len;
+ return -1;
+ }
+ data += this_ret;
+ ret += this_ret;
+ }
+ return 0;
+}
+
+int FlashRawData(int fd, const std::vector<char>& downloaded_data) {
+ int ret = FlashRawDataChunk(fd, downloaded_data.data(), downloaded_data.size());
+ if (ret < 0) {
+ return -errno;
+ }
+ return ret;
+}
+
+int WriteCallback(void* priv, const void* data, size_t len) {
+ int fd = reinterpret_cast<long long>(priv);
+ if (!data) {
+ return lseek64(fd, len, SEEK_CUR) >= 0 ? 0 : -errno;
+ }
+ return FlashRawDataChunk(fd, reinterpret_cast<const char*>(data), len);
+}
+
+int FlashSparseData(int fd, std::vector<char>& downloaded_data) {
+ struct sparse_file* file = sparse_file_import_buf(downloaded_data.data(), true, false);
+ if (!file) {
+ return -ENOENT;
+ }
+ return sparse_file_callback(file, false, false, WriteCallback, reinterpret_cast<void*>(fd));
+}
+
+int FlashBlockDevice(int fd, std::vector<char>& downloaded_data) {
+ lseek64(fd, 0, SEEK_SET);
+ if (downloaded_data.size() >= sizeof(SPARSE_HEADER_MAGIC) &&
+ *reinterpret_cast<uint32_t*>(downloaded_data.data()) == SPARSE_HEADER_MAGIC) {
+ return FlashSparseData(fd, downloaded_data);
+ } else {
+ return FlashRawData(fd, downloaded_data);
+ }
+}
+
+int Flash(FastbootDevice* device, const std::string& partition_name) {
+ PartitionHandle handle;
+ if (!OpenPartition(device, partition_name, &handle)) {
+ return -ENOENT;
+ }
+
+ std::vector<char> data = std::move(device->download_data());
+ if (data.size() == 0) {
+ return -EINVAL;
+ } else if (data.size() > get_block_device_size(handle.fd())) {
+ return -EOVERFLOW;
+ }
+ return FlashBlockDevice(handle.fd(), data);
+}
diff --git a/fastboot/device/flashing.h b/fastboot/device/flashing.h
new file mode 100644
index 0000000..206a407
--- /dev/null
+++ b/fastboot/device/flashing.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <string>
+#include <vector>
+
+class FastbootDevice;
+
+int Flash(FastbootDevice* device, const std::string& partition_name);
diff --git a/fastboot/device/utility.cpp b/fastboot/device/utility.cpp
new file mode 100644
index 0000000..ec84576
--- /dev/null
+++ b/fastboot/device/utility.cpp
@@ -0,0 +1,125 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "utility.h"
+
+#include <android-base/logging.h>
+#include <fs_mgr_dm_linear.h>
+#include <liblp/liblp.h>
+
+#include "fastboot_device.h"
+
+using namespace android::fs_mgr;
+using android::base::unique_fd;
+using android::hardware::boot::V1_0::Slot;
+
+static bool OpenPhysicalPartition(const std::string& name, PartitionHandle* handle) {
+ std::optional<std::string> path = FindPhysicalPartition(name);
+ if (!path) {
+ return false;
+ }
+ *handle = PartitionHandle(*path);
+ return true;
+}
+
+static bool OpenLogicalPartition(const std::string& name, const std::string& slot,
+ PartitionHandle* handle) {
+ std::optional<std::string> path = FindPhysicalPartition(LP_METADATA_PARTITION_NAME);
+ if (!path) {
+ return false;
+ }
+ uint32_t slot_number = SlotNumberForSlotSuffix(slot);
+ std::string dm_path;
+ if (!CreateLogicalPartition(path->c_str(), slot_number, name, true, &dm_path)) {
+ LOG(ERROR) << "Could not map partition: " << name;
+ return false;
+ }
+ auto closer = [name]() -> void { DestroyLogicalPartition(name); };
+ *handle = PartitionHandle(dm_path, std::move(closer));
+ return true;
+}
+
+bool OpenPartition(FastbootDevice* device, const std::string& name, PartitionHandle* handle) {
+ // We prioritize logical partitions over physical ones, and do this
+ // consistently for other partition operations (like getvar:partition-size).
+ if (LogicalPartitionExists(name, device->GetCurrentSlot())) {
+ if (!OpenLogicalPartition(name, device->GetCurrentSlot(), handle)) {
+ return false;
+ }
+ } else if (!OpenPhysicalPartition(name, handle)) {
+ LOG(ERROR) << "No such partition: " << name;
+ return false;
+ }
+
+ unique_fd fd(TEMP_FAILURE_RETRY(open(handle->path().c_str(), O_WRONLY | O_EXCL)));
+ if (fd < 0) {
+ PLOG(ERROR) << "Failed to open block device: " << handle->path();
+ return false;
+ }
+ handle->set_fd(std::move(fd));
+ return true;
+}
+
+std::optional<std::string> FindPhysicalPartition(const std::string& name) {
+ std::string path = "/dev/block/by-name/" + name;
+ if (access(path.c_str(), R_OK | W_OK) < 0) {
+ return {};
+ }
+ return path;
+}
+
+static const LpMetadataPartition* FindLogicalPartition(const LpMetadata& metadata,
+ const std::string& name) {
+ for (const auto& partition : metadata.partitions) {
+ if (GetPartitionName(partition) == name) {
+ return &partition;
+ }
+ }
+ return nullptr;
+}
+
+bool LogicalPartitionExists(const std::string& name, const std::string& slot_suffix,
+ bool* is_zero_length) {
+ auto path = FindPhysicalPartition(LP_METADATA_PARTITION_NAME);
+ if (!path) {
+ return false;
+ }
+
+ uint32_t slot_number = SlotNumberForSlotSuffix(slot_suffix);
+ std::unique_ptr<LpMetadata> metadata = ReadMetadata(path->c_str(), slot_number);
+ if (!metadata) {
+ return false;
+ }
+ const LpMetadataPartition* partition = FindLogicalPartition(*metadata.get(), name);
+ if (!partition) {
+ return false;
+ }
+ if (is_zero_length) {
+ *is_zero_length = (partition->num_extents == 0);
+ }
+ return true;
+}
+
+bool GetSlotNumber(const std::string& slot, Slot* number) {
+ if (slot.size() != 1) {
+ return false;
+ }
+ if (slot[0] < 'a' || slot[0] > 'z') {
+ return false;
+ }
+ *number = slot[0] - 'a';
+ return true;
+}
diff --git a/fastboot/device/utility.h b/fastboot/device/utility.h
new file mode 100644
index 0000000..0931fc3
--- /dev/null
+++ b/fastboot/device/utility.h
@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#pragma once
+
+#include <optional>
+#include <string>
+
+#include <android-base/unique_fd.h>
+#include <android/hardware/boot/1.0/IBootControl.h>
+
+// Logical partitions are only mapped to a block device as needed, and
+// immediately unmapped when no longer needed. In order to enforce this we
+// require accessing partitions through a Handle abstraction, which may perform
+// additional operations after closing its file descriptor.
+class PartitionHandle {
+ public:
+ PartitionHandle() {}
+ explicit PartitionHandle(const std::string& path) : path_(path) {}
+ PartitionHandle(const std::string& path, std::function<void()>&& closer)
+ : path_(path), closer_(std::move(closer)) {}
+ PartitionHandle(PartitionHandle&& other) = default;
+ PartitionHandle& operator=(PartitionHandle&& other) = default;
+ ~PartitionHandle() {
+ if (closer_) {
+ // Make sure the device is closed first.
+ fd_ = {};
+ closer_();
+ }
+ }
+ const std::string& path() const { return path_; }
+ int fd() const { return fd_.get(); }
+ void set_fd(android::base::unique_fd&& fd) { fd_ = std::move(fd); }
+
+ private:
+ std::string path_;
+ android::base::unique_fd fd_;
+ std::function<void()> closer_;
+};
+
+class FastbootDevice;
+
+std::optional<std::string> FindPhysicalPartition(const std::string& name);
+bool LogicalPartitionExists(const std::string& name, const std::string& slot_suffix,
+ bool* is_zero_length = nullptr);
+bool OpenPartition(FastbootDevice* device, const std::string& name, PartitionHandle* handle);
+
+bool GetSlotNumber(const std::string& slot, android::hardware::boot::V1_0::Slot* number);
diff --git a/fastboot/device/variables.cpp b/fastboot/device/variables.cpp
new file mode 100644
index 0000000..a5dead2
--- /dev/null
+++ b/fastboot/device/variables.cpp
@@ -0,0 +1,171 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "variables.h"
+
+#include <inttypes.h>
+
+#include <android-base/file.h>
+#include <android-base/logging.h>
+#include <android-base/properties.h>
+#include <android-base/stringprintf.h>
+#include <android-base/strings.h>
+#include <ext4_utils/ext4_utils.h>
+
+#include "fastboot_device.h"
+#include "flashing.h"
+#include "utility.h"
+
+using ::android::hardware::boot::V1_0::BoolResult;
+using ::android::hardware::boot::V1_0::Slot;
+
+constexpr int kMaxDownloadSizeDefault = 0x20000000;
+constexpr char kFastbootProtocolVersion[] = "0.4";
+
+bool GetVersion(FastbootDevice* device, const std::vector<std::string>& /* args */) {
+ return device->WriteOkay(kFastbootProtocolVersion);
+}
+
+bool GetBootloaderVersion(FastbootDevice* device, const std::vector<std::string>& /* args */) {
+ return device->WriteOkay(android::base::GetProperty("ro.bootloader", ""));
+}
+
+bool GetBasebandVersion(FastbootDevice* device, const std::vector<std::string>& /* args */) {
+ return device->WriteOkay(android::base::GetProperty("ro.build.expect.baseband", ""));
+}
+
+bool GetProduct(FastbootDevice* device, const std::vector<std::string>& /* args */) {
+ return device->WriteOkay(android::base::GetProperty("ro.product.device", ""));
+}
+
+bool GetSerial(FastbootDevice* device, const std::vector<std::string>& /* args */) {
+ return device->WriteOkay(android::base::GetProperty("ro.serialno", ""));
+}
+
+bool GetSecure(FastbootDevice* device, const std::vector<std::string>& /* args */) {
+ return device->WriteOkay(android::base::GetBoolProperty("ro.secure", "") ? "yes" : "no");
+}
+
+bool GetCurrentSlot(FastbootDevice* device, const std::vector<std::string>& /* args */) {
+ std::string suffix = device->GetCurrentSlot();
+ std::string slot = suffix.size() == 2 ? suffix.substr(1) : suffix;
+ return device->WriteOkay(slot);
+}
+
+bool GetSlotCount(FastbootDevice* device, const std::vector<std::string>& /* args */) {
+ auto boot_control_hal = device->boot_control_hal();
+ if (!boot_control_hal) {
+ return "0";
+ }
+ return device->WriteOkay(std::to_string(boot_control_hal->getNumberSlots()));
+}
+
+bool GetSlotSuccessful(FastbootDevice* device, const std::vector<std::string>& args) {
+ if (args.empty()) {
+ return device->WriteFail("Missing argument");
+ }
+ Slot slot;
+ if (!GetSlotNumber(args[0], &slot)) {
+ return device->WriteFail("Invalid slot");
+ }
+ auto boot_control_hal = device->boot_control_hal();
+ if (!boot_control_hal) {
+ return device->WriteFail("Device has no slots");
+ }
+ if (boot_control_hal->isSlotMarkedSuccessful(slot) != BoolResult::TRUE) {
+ return device->WriteOkay("no");
+ }
+ return device->WriteOkay("yes");
+}
+
+bool GetSlotUnbootable(FastbootDevice* device, const std::vector<std::string>& args) {
+ if (args.empty()) {
+ return device->WriteFail("Missing argument");
+ }
+ Slot slot;
+ if (!GetSlotNumber(args[0], &slot)) {
+ return device->WriteFail("Invalid slot");
+ }
+ auto boot_control_hal = device->boot_control_hal();
+ if (!boot_control_hal) {
+ return device->WriteFail("Device has no slots");
+ }
+ if (boot_control_hal->isSlotBootable(slot) != BoolResult::TRUE) {
+ return device->WriteOkay("yes");
+ }
+ return device->WriteOkay("no");
+}
+
+bool GetMaxDownloadSize(FastbootDevice* device, const std::vector<std::string>& /* args */) {
+ return device->WriteOkay(std::to_string(kMaxDownloadSizeDefault));
+}
+
+bool GetUnlocked(FastbootDevice* device, const std::vector<std::string>& /* args */) {
+ return device->WriteOkay("yes");
+}
+
+bool GetHasSlot(FastbootDevice* device, const std::vector<std::string>& args) {
+ if (args.empty()) {
+ return device->WriteFail("Missing argument");
+ }
+ std::string slot_suffix = device->GetCurrentSlot();
+ if (slot_suffix.empty()) {
+ return device->WriteFail("Invalid slot");
+ }
+ std::string result = (args[0] == "userdata" ? "no" : "yes");
+ return device->WriteOkay(result);
+}
+
+bool GetPartitionSize(FastbootDevice* device, const std::vector<std::string>& args) {
+ if (args.size() < 1) {
+ return device->WriteFail("Missing argument");
+ }
+ // Zero-length partitions cannot be created through device-mapper, so we
+ // special case them here.
+ bool is_zero_length;
+ if (LogicalPartitionExists(args[0], device->GetCurrentSlot(), &is_zero_length) &&
+ is_zero_length) {
+ return device->WriteOkay("0");
+ }
+ // Otherwise, open the partition as normal.
+ PartitionHandle handle;
+ if (!OpenPartition(device, args[0], &handle)) {
+ return device->WriteFail("Could not open partition");
+ }
+ uint64_t size = get_block_device_size(handle.fd());
+ return device->WriteOkay(android::base::StringPrintf("%" PRIX64, size));
+}
+
+bool GetPartitionIsLogical(FastbootDevice* device, const std::vector<std::string>& args) {
+ if (args.size() < 1) {
+ return device->WriteFail("Missing argument");
+ }
+ // Note: if a partition name is in both the GPT and the super partition, we
+ // return "true", to be consistent with prefering to flash logical partitions
+ // over physical ones.
+ std::string partition_name = args[0];
+ if (LogicalPartitionExists(partition_name, device->GetCurrentSlot())) {
+ return device->WriteOkay("yes");
+ }
+ if (FindPhysicalPartition(partition_name)) {
+ return device->WriteOkay("no");
+ }
+ return device->WriteFail("Partition not found");
+}
+
+bool GetIsUserspace(FastbootDevice* device, const std::vector<std::string>& /* args */) {
+ return device->WriteOkay("yes");
+}
diff --git a/fastboot/device/variables.h b/fastboot/device/variables.h
new file mode 100644
index 0000000..554a080
--- /dev/null
+++ b/fastboot/device/variables.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#pragma once
+
+#include <functional>
+#include <string>
+#include <vector>
+
+class FastbootDevice;
+
+bool GetVersion(FastbootDevice* device, const std::vector<std::string>& args);
+bool GetBootloaderVersion(FastbootDevice* device, const std::vector<std::string>& args);
+bool GetBasebandVersion(FastbootDevice* device, const std::vector<std::string>& args);
+bool GetProduct(FastbootDevice* device, const std::vector<std::string>& args);
+bool GetSerial(FastbootDevice* device, const std::vector<std::string>& args);
+bool GetSecure(FastbootDevice* device, const std::vector<std::string>& args);
+bool GetCurrentSlot(FastbootDevice* device, const std::vector<std::string>& args);
+bool GetSlotCount(FastbootDevice* device, const std::vector<std::string>& args);
+bool GetSlotSuccessful(FastbootDevice* device, const std::vector<std::string>& args);
+bool GetSlotUnbootable(FastbootDevice* device, const std::vector<std::string>& args);
+bool GetMaxDownloadSize(FastbootDevice* device, const std::vector<std::string>& args);
+bool GetUnlocked(FastbootDevice* device, const std::vector<std::string>& args);
+bool GetHasSlot(FastbootDevice* device, const std::vector<std::string>& args);
+bool GetPartitionSize(FastbootDevice* device, const std::vector<std::string>& args);
+bool GetPartitionIsLogical(FastbootDevice* device, const std::vector<std::string>& args);
+bool GetIsUserspace(FastbootDevice* device, const std::vector<std::string>& args);
diff --git a/fastboot/engine.cpp b/fastboot/engine.cpp
index 63ee2af..6890643 100644
--- a/fastboot/engine.cpp
+++ b/fastboot/engine.cpp
@@ -155,6 +155,21 @@
total);
}
+void fb_queue_create_partition(const std::string& partition, const std::string& size) {
+ Action& a = queue_action(OP_COMMAND, FB_CMD_CREATE_PARTITION ":" + partition + ":" + size);
+ a.msg = "Creating '" + partition + "'";
+}
+
+void fb_queue_delete_partition(const std::string& partition) {
+ Action& a = queue_action(OP_COMMAND, FB_CMD_DELETE_PARTITION ":" + partition);
+ a.msg = "Deleting '" + partition + "'";
+}
+
+void fb_queue_resize_partition(const std::string& partition, const std::string& size) {
+ Action& a = queue_action(OP_COMMAND, FB_CMD_RESIZE_PARTITION ":" + partition + ":" + size);
+ a.msg = "Resizing '" + partition + "'";
+}
+
static int match(const char* str, const char** value, unsigned count) {
unsigned n;
diff --git a/fastboot/engine.h b/fastboot/engine.h
index 74aaa6a..8aebdd7 100644
--- a/fastboot/engine.h
+++ b/fastboot/engine.h
@@ -69,6 +69,9 @@
void fb_queue_upload(const std::string& outfile);
void fb_queue_notice(const std::string& notice);
void fb_queue_wait_for_disconnect(void);
+void fb_queue_create_partition(const std::string& partition, const std::string& size);
+void fb_queue_delete_partition(const std::string& partition);
+void fb_queue_resize_partition(const std::string& partition, const std::string& size);
int64_t fb_execute_queue();
void fb_set_active(const std::string& slot);
diff --git a/fastboot/fastboot.cpp b/fastboot/fastboot.cpp
index d787d09..dc94952 100644
--- a/fastboot/fastboot.cpp
+++ b/fastboot/fastboot.cpp
@@ -125,7 +125,7 @@
{ "product-services",
"product-services.img",
"product-services.sig",
- "product-services",
+ "product_services",
true, true },
{ "recovery", "recovery.img", "recovery.sig", "recovery", true, false },
{ "super", "super.img", "super.sig", "super", true, true },
@@ -1691,6 +1691,17 @@
} else {
syntax_error("unknown 'flashing' command %s", args[0].c_str());
}
+ } else if (command == "create-logical-partition") {
+ std::string partition = next_arg(&args);
+ std::string size = next_arg(&args);
+ fb_queue_create_partition(partition, size);
+ } else if (command == "delete-logical-partition") {
+ std::string partition = next_arg(&args);
+ fb_queue_delete_partition(partition);
+ } else if (command == "resize-logical-partition") {
+ std::string partition = next_arg(&args);
+ std::string size = next_arg(&args);
+ fb_queue_resize_partition(partition, size);
} else {
syntax_error("unknown command %s", command.c_str());
}
diff --git a/fastboot/fastboot_driver.h b/fastboot/fastboot_driver.h
index e8711cb..dd199c0 100644
--- a/fastboot/fastboot_driver.h
+++ b/fastboot/fastboot_driver.h
@@ -57,7 +57,7 @@
class FastBootDriver {
public:
- static constexpr int RESP_TIMEOUT = 10; // 10 seconds
+ static constexpr int RESP_TIMEOUT = 30; // 30 seconds
static constexpr uint32_t MAX_DOWNLOAD_SIZE = std::numeric_limits<uint32_t>::max();
static constexpr size_t TRANSPORT_CHUNK_SIZE = 1024;
diff --git a/fs_mgr/Android.bp b/fs_mgr/Android.bp
index 196321c..6167cde 100644
--- a/fs_mgr/Android.bp
+++ b/fs_mgr/Android.bp
@@ -31,6 +31,8 @@
}
cc_library {
+ // Do not ever allow this library to be vendor_available as a shared library.
+ // It does not have a stable interface.
name: "libfs_mgr",
defaults: ["fs_mgr_defaults"],
recovery_available: true,
@@ -43,6 +45,7 @@
"fs_mgr_avb.cpp",
"fs_mgr_avb_ops.cpp",
"fs_mgr_dm_linear.cpp",
+ "fs_mgr_overlayfs.cpp",
],
shared_libs: [
"libfec",
@@ -89,6 +92,8 @@
}
cc_library_static {
+ // Do not ever make this a shared library as long as it is vendor_available.
+ // It does not have a stable interface.
name: "libfstab",
vendor_available: true,
recovery_available: true,
diff --git a/fs_mgr/fs_mgr.cpp b/fs_mgr/fs_mgr.cpp
index 5f57182..99f2df8 100644
--- a/fs_mgr/fs_mgr.cpp
+++ b/fs_mgr/fs_mgr.cpp
@@ -14,6 +14,8 @@
* limitations under the License.
*/
+#include "fs_mgr.h"
+
#include <ctype.h>
#include <dirent.h>
#include <errno.h>
@@ -51,6 +53,7 @@
#include <ext4_utils/ext4_sb.h>
#include <ext4_utils/ext4_utils.h>
#include <ext4_utils/wipe.h>
+#include <fs_mgr_overlayfs.h>
#include <libdm/dm.h>
#include <linux/fs.h>
#include <linux/loop.h>
@@ -58,7 +61,6 @@
#include <log/log_properties.h>
#include <logwrap/logwrap.h>
-#include "fs_mgr.h"
#include "fs_mgr_avb.h"
#include "fs_mgr_priv.h"
@@ -1035,6 +1037,10 @@
}
}
+#if ALLOW_ADBD_DISABLE_VERITY == 1 // "userdebug" build
+ fs_mgr_overlayfs_mount_all();
+#endif
+
if (error_count) {
return FS_MGR_MNTALL_FAIL;
} else {
diff --git a/fs_mgr/fs_mgr_fstab.cpp b/fs_mgr/fs_mgr_fstab.cpp
index 8b46d64..f87a3b1 100644
--- a/fs_mgr/fs_mgr_fstab.cpp
+++ b/fs_mgr/fs_mgr_fstab.cpp
@@ -117,21 +117,17 @@
#define EM_ICE 2
#define EM_AES_256_CTS 3
#define EM_AES_256_HEH 4
-#define EM_SPECK_128_256_XTS 5
-#define EM_SPECK_128_256_CTS 6
static const struct flag_list file_contents_encryption_modes[] = {
{"aes-256-xts", EM_AES_256_XTS},
- {"speck128/256-xts", EM_SPECK_128_256_XTS},
{"software", EM_AES_256_XTS}, /* alias for backwards compatibility */
- {"ice", EM_ICE}, /* hardware-specific inline cryptographic engine */
+ {"ice", EM_ICE}, /* hardware-specific inline cryptographic engine */
{0, 0},
};
static const struct flag_list file_names_encryption_modes[] = {
{"aes-256-cts", EM_AES_256_CTS},
{"aes-256-heh", EM_AES_256_HEH},
- {"speck128/256-cts", EM_SPECK_128_256_CTS},
{0, 0},
};
diff --git a/fs_mgr/fs_mgr_overlayfs.cpp b/fs_mgr/fs_mgr_overlayfs.cpp
new file mode 100644
index 0000000..78151d5
--- /dev/null
+++ b/fs_mgr/fs_mgr_overlayfs.cpp
@@ -0,0 +1,479 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <dirent.h>
+#include <errno.h>
+#include <linux/fs.h>
+#include <selinux/selinux.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/mount.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include <map>
+#include <memory>
+#include <string>
+#include <vector>
+
+#include <android-base/file.h>
+#include <android-base/macros.h>
+#include <android-base/properties.h>
+#include <android-base/strings.h>
+#include <fs_mgr_overlayfs.h>
+#include <fstab/fstab.h>
+
+#include "fs_mgr_priv.h"
+
+using namespace std::literals;
+
+#if ALLOW_ADBD_DISABLE_VERITY == 0 // If we are a user build, provide stubs
+
+bool fs_mgr_overlayfs_mount_all() {
+ return false;
+}
+
+bool fs_mgr_overlayfs_setup(const char*, const char*, bool* change) {
+ if (change) *change = false;
+ return false;
+}
+
+bool fs_mgr_overlayfs_teardown(const char*, bool* change) {
+ if (change) *change = false;
+ return false;
+}
+
+#else // ALLOW_ADBD_DISABLE_VERITY == 0
+
+namespace {
+
+// acceptable overlayfs backing storage
+const auto kOverlayMountPoint = "/cache"s;
+
+// Return true if everything is mounted, but before adb is started. Right
+// after 'trigger load_persist_props_action' is done.
+bool fs_mgr_boot_completed() {
+ return android::base::GetBoolProperty("ro.persistent_properties.ready", false);
+}
+
+bool fs_mgr_is_dir(const std::string& path) {
+ struct stat st;
+ return !stat(path.c_str(), &st) && S_ISDIR(st.st_mode);
+}
+
+// Similar test as overlayfs workdir= validation in the kernel for read-write
+// validation, except we use fs_mgr_work. Covers space and storage issues.
+bool fs_mgr_dir_is_writable(const std::string& path) {
+ auto test_directory = path + "/fs_mgr_work";
+ rmdir(test_directory.c_str());
+ auto ret = !mkdir(test_directory.c_str(), 0700);
+ return ret | !rmdir(test_directory.c_str());
+}
+
+std::string fs_mgr_get_context(const std::string& mount_point) {
+ char* ctx = nullptr;
+ auto len = getfilecon(mount_point.c_str(), &ctx);
+ if ((len > 0) && ctx) {
+ std::string context(ctx, len);
+ free(ctx);
+ return context;
+ }
+ return "";
+}
+
+bool fs_mgr_overlayfs_enabled(const struct fstab_rec* fsrec) {
+ // readonly filesystem, can not be mount -o remount,rw
+ return "squashfs"s == fsrec->fs_type;
+}
+
+constexpr char upper_name[] = "upper";
+constexpr char work_name[] = "work";
+
+std::string fs_mgr_get_overlayfs_candidate(const std::string& mount_point) {
+ if (!fs_mgr_is_dir(mount_point)) return "";
+ auto dir = kOverlayMountPoint + "/overlay/" + android::base::Basename(mount_point) + "/";
+ auto upper = dir + upper_name;
+ if (!fs_mgr_is_dir(upper)) return "";
+ auto work = dir + work_name;
+ if (!fs_mgr_is_dir(work)) return "";
+ if (!fs_mgr_dir_is_writable(work)) return "";
+ return dir;
+}
+
+constexpr char lowerdir_option[] = "lowerdir=";
+constexpr char upperdir_option[] = "upperdir=";
+
+// default options for mount_point, returns empty string for none available.
+std::string fs_mgr_get_overlayfs_options(const char* mount_point) {
+ auto fsrec_mount_point = std::string(mount_point);
+ auto candidate = fs_mgr_get_overlayfs_candidate(fsrec_mount_point);
+ if (candidate.empty()) return "";
+
+ auto context = fs_mgr_get_context(fsrec_mount_point);
+ if (!context.empty()) context = ",rootcontext="s + context;
+ return "override_creds=off,"s + lowerdir_option + fsrec_mount_point + "," + upperdir_option +
+ candidate + upper_name + ",workdir=" + candidate + work_name + context;
+}
+
+bool fs_mgr_system_root_image(const fstab* fstab) {
+ if (!fstab) { // can not happen?
+ // This will return empty on init first_stage_mount,
+ // hence why we prefer checking the fstab instead.
+ return android::base::GetBoolProperty("ro.build.system_root_image", false);
+ }
+ for (auto i = 0; i < fstab->num_entries; i++) {
+ const auto fsrec = &fstab->recs[i];
+ auto fsrec_mount_point = fsrec->mount_point;
+ if (!fsrec_mount_point) continue;
+ if ("/system"s == fsrec_mount_point) return false;
+ }
+ return true;
+}
+
+std::string fs_mgr_get_overlayfs_options(const fstab* fstab, const char* mount_point) {
+ if (fs_mgr_system_root_image(fstab) && ("/"s == mount_point)) mount_point = "/system";
+
+ return fs_mgr_get_overlayfs_options(mount_point);
+}
+
+// return true if system supports overlayfs
+bool fs_mgr_wants_overlayfs() {
+ // This will return empty on init first_stage_mount, so speculative
+ // determination, empty (unset) _or_ "1" is true which differs from the
+ // official ro.debuggable policy. ALLOW_ADBD_DISABLE_VERITY == 0 should
+ // protect us from false in any case, so this is insurance.
+ auto debuggable = android::base::GetProperty("ro.debuggable", "1");
+ if (debuggable != "1") return false;
+
+ // Overlayfs available in the kernel, and patched for override_creds?
+ static signed char overlayfs_in_kernel = -1; // cache for constant condition
+ if (overlayfs_in_kernel == -1) {
+ auto save_errno = errno;
+ overlayfs_in_kernel = !access("/sys/module/overlay/parameters/override_creds", F_OK);
+ errno = save_errno;
+ }
+ return overlayfs_in_kernel;
+}
+
+bool fs_mgr_wants_overlayfs(const fstab_rec* fsrec) {
+ if (!fsrec) return false;
+
+ auto fsrec_mount_point = fsrec->mount_point;
+ if (!fsrec_mount_point) return false;
+
+ if (!fsrec->fs_type) return false;
+
+ // Don't check entries that are managed by vold.
+ if (fsrec->fs_mgr_flags & (MF_VOLDMANAGED | MF_RECOVERYONLY)) return false;
+
+ // Only concerned with readonly partitions.
+ if (!(fsrec->flags & MS_RDONLY)) return false;
+
+ // If unbindable, do not allow overlayfs as this could expose us to
+ // security issues. On Android, this could also be used to turn off
+ // the ability to overlay an otherwise acceptable filesystem since
+ // /system and /vendor are never bound(sic) to.
+ if (fsrec->flags & MS_UNBINDABLE) return false;
+
+ if (!fs_mgr_overlayfs_enabled(fsrec)) return false;
+
+ // Verity enabled?
+ const auto basename_mount_point(android::base::Basename(fsrec_mount_point));
+ auto found = false;
+ fs_mgr_update_verity_state(
+ [&basename_mount_point, &found](fstab_rec*, const char* mount_point, int, int) {
+ if (mount_point && (basename_mount_point == mount_point)) found = true;
+ });
+ return !found;
+}
+
+bool fs_mgr_rm_all(const std::string& path, bool* change = nullptr) {
+ auto save_errno = errno;
+ std::unique_ptr<DIR, decltype(&closedir)> dir(opendir(path.c_str()), closedir);
+ if (!dir) {
+ if (errno == ENOENT) {
+ errno = save_errno;
+ return true;
+ }
+ PERROR << "overlayfs open " << path;
+ return false;
+ }
+ dirent* entry;
+ auto ret = true;
+ while ((entry = readdir(dir.get()))) {
+ if (("."s == entry->d_name) || (".."s == entry->d_name)) continue;
+ auto file = path + "/" + entry->d_name;
+ if (entry->d_type == DT_UNKNOWN) {
+ struct stat st;
+ if (!lstat(file.c_str(), &st) && (st.st_mode & S_IFDIR)) entry->d_type = DT_DIR;
+ }
+ if (entry->d_type == DT_DIR) {
+ ret &= fs_mgr_rm_all(file, change);
+ if (!rmdir(file.c_str())) {
+ if (change) *change = true;
+ } else {
+ ret = false;
+ PERROR << "overlayfs rmdir " << file;
+ }
+ continue;
+ }
+ if (!unlink(file.c_str())) {
+ if (change) *change = true;
+ } else {
+ ret = false;
+ PERROR << "overlayfs rm " << file;
+ }
+ }
+ return ret;
+}
+
+bool fs_mgr_overlayfs_setup_one(const std::string& overlay, const std::string& mount_point,
+ bool* change) {
+ auto ret = true;
+ auto fsrec_mount_point = overlay + android::base::Basename(mount_point) + "/";
+ auto save_errno = errno;
+ if (!mkdir(fsrec_mount_point.c_str(), 0755)) {
+ if (change) *change = true;
+ } else if (errno != EEXIST) {
+ ret = false;
+ PERROR << "overlayfs mkdir " << fsrec_mount_point;
+ } else {
+ errno = save_errno;
+ }
+
+ save_errno = errno;
+ if (!mkdir((fsrec_mount_point + work_name).c_str(), 0755)) {
+ if (change) *change = true;
+ } else if (errno != EEXIST) {
+ ret = false;
+ PERROR << "overlayfs mkdir " << fsrec_mount_point << work_name;
+ } else {
+ errno = save_errno;
+ }
+
+ auto new_context = fs_mgr_get_context(mount_point);
+ if (!new_context.empty() && setfscreatecon(new_context.c_str())) {
+ ret = false;
+ PERROR << "overlayfs setfscreatecon " << new_context;
+ }
+ auto upper = fsrec_mount_point + upper_name;
+ save_errno = errno;
+ if (!mkdir(upper.c_str(), 0755)) {
+ if (change) *change = true;
+ } else if (errno != EEXIST) {
+ ret = false;
+ PERROR << "overlayfs mkdir " << upper;
+ } else {
+ errno = save_errno;
+ }
+ if (!new_context.empty()) setfscreatecon(nullptr);
+
+ return ret;
+}
+
+bool fs_mgr_overlayfs_mount(const fstab* fstab, const fstab_rec* fsrec) {
+ if (!fs_mgr_wants_overlayfs(fsrec)) return false;
+ auto fsrec_mount_point = fsrec->mount_point;
+ if (!fsrec_mount_point || !fsrec_mount_point[0]) return false;
+ auto options = fs_mgr_get_overlayfs_options(fstab, fsrec_mount_point);
+ if (options.empty()) return false;
+
+ // hijack __mount() report format to help triage
+ auto report = "__mount(source=overlay,target="s + fsrec_mount_point + ",type=overlay";
+ const auto opt_list = android::base::Split(options, ",");
+ for (const auto opt : opt_list) {
+ if (android::base::StartsWith(opt, upperdir_option)) {
+ report = report + "," + opt;
+ break;
+ }
+ }
+ report = report + ")=";
+
+ auto ret = mount("overlay", fsrec_mount_point, "overlay", MS_RDONLY | MS_RELATIME,
+ options.c_str());
+ if (ret) {
+ PERROR << report << ret;
+ return false;
+ } else {
+ LINFO << report << ret;
+ return true;
+ }
+}
+
+bool fs_mgr_overlayfs_already_mounted(const char* mount_point) {
+ if (!mount_point) return false;
+ std::unique_ptr<struct fstab, decltype(&fs_mgr_free_fstab)> fstab(
+ fs_mgr_read_fstab("/proc/mounts"), fs_mgr_free_fstab);
+ if (!fstab) return false;
+ const auto lowerdir = std::string(lowerdir_option) + mount_point;
+ for (auto i = 0; i < fstab->num_entries; ++i) {
+ const auto fsrec = &fstab->recs[i];
+ const auto fs_type = fsrec->fs_type;
+ if (!fs_type) continue;
+ if (("overlay"s != fs_type) && ("overlayfs"s != fs_type)) continue;
+ auto fsrec_mount_point = fsrec->mount_point;
+ if (!fsrec_mount_point) continue;
+ if (strcmp(fsrec_mount_point, mount_point)) continue;
+ const auto fs_options = fsrec->fs_options;
+ if (!fs_options) continue;
+ const auto options = android::base::Split(fs_options, ",");
+ for (const auto opt : options) {
+ if (opt == lowerdir) {
+ return true;
+ }
+ }
+ }
+ return false;
+}
+
+} // namespace
+
+bool fs_mgr_overlayfs_mount_all() {
+ auto ret = false;
+
+ if (!fs_mgr_wants_overlayfs()) return ret;
+
+ std::unique_ptr<struct fstab, decltype(&fs_mgr_free_fstab)> fstab(fs_mgr_read_fstab_default(),
+ fs_mgr_free_fstab);
+ if (!fstab) return ret;
+
+ for (auto i = 0; i < fstab->num_entries; i++) {
+ const auto fsrec = &fstab->recs[i];
+ auto fsrec_mount_point = fsrec->mount_point;
+ if (!fsrec_mount_point) continue;
+ if (fs_mgr_overlayfs_already_mounted(fsrec_mount_point)) continue;
+
+ if (fs_mgr_overlayfs_mount(fstab.get(), fsrec)) ret = true;
+ }
+ return ret;
+}
+
+// Returns false if setup not permitted, errno set to last error.
+// If something is altered, set *change.
+bool fs_mgr_overlayfs_setup(const char* backing, const char* mount_point, bool* change) {
+ if (change) *change = false;
+ auto ret = false;
+ if (backing && (kOverlayMountPoint != backing)) {
+ errno = EINVAL;
+ return ret;
+ }
+ if (!fs_mgr_wants_overlayfs()) return ret;
+ if (!fs_mgr_boot_completed()) {
+ errno = EBUSY;
+ PERROR << "overlayfs setup";
+ return ret;
+ }
+
+ std::unique_ptr<struct fstab, decltype(&fs_mgr_free_fstab)> fstab(fs_mgr_read_fstab_default(),
+ fs_mgr_free_fstab);
+ std::vector<std::string> mounts;
+ if (fstab) {
+ if (!fs_mgr_get_entry_for_mount_point(fstab.get(), kOverlayMountPoint)) return ret;
+ for (auto i = 0; i < fstab->num_entries; i++) {
+ const auto fsrec = &fstab->recs[i];
+ auto fsrec_mount_point = fsrec->mount_point;
+ if (!fsrec_mount_point) continue;
+ if (mount_point && strcmp(fsrec_mount_point, mount_point)) continue;
+ if (!fs_mgr_wants_overlayfs(fsrec)) continue;
+ mounts.emplace_back(fsrec_mount_point);
+ }
+ if (mounts.empty()) return ret;
+ }
+
+ if (mount_point && ("/"s == mount_point) && fs_mgr_system_root_image(fstab.get())) {
+ mount_point = "/system";
+ }
+ auto overlay = kOverlayMountPoint + "/overlay/";
+ auto save_errno = errno;
+ if (!mkdir(overlay.c_str(), 0755)) {
+ if (change) *change = true;
+ } else if (errno != EEXIST) {
+ PERROR << "overlayfs mkdir " << overlay;
+ } else {
+ errno = save_errno;
+ }
+ if (!fstab && mount_point && fs_mgr_overlayfs_setup_one(overlay, mount_point, change)) {
+ ret = true;
+ }
+ for (const auto& fsrec_mount_point : mounts) {
+ ret |= fs_mgr_overlayfs_setup_one(overlay, fsrec_mount_point, change);
+ }
+ return ret;
+}
+
+// Returns false if teardown not permitted, errno set to last error.
+// If something is altered, set *change.
+bool fs_mgr_overlayfs_teardown(const char* mount_point, bool* change) {
+ if (change) *change = false;
+ if (mount_point && ("/"s == mount_point)) {
+ std::unique_ptr<struct fstab, decltype(&fs_mgr_free_fstab)> fstab(
+ fs_mgr_read_fstab_default(), fs_mgr_free_fstab);
+ if (fs_mgr_system_root_image(fstab.get())) mount_point = "/system";
+ }
+ auto ret = true;
+ const auto overlay = kOverlayMountPoint + "/overlay";
+ const auto oldpath = overlay + (mount_point ?: "");
+ const auto newpath = oldpath + ".teardown";
+ ret &= fs_mgr_rm_all(newpath);
+ auto save_errno = errno;
+ if (!rename(oldpath.c_str(), newpath.c_str())) {
+ if (change) *change = true;
+ } else if (errno != ENOENT) {
+ ret = false;
+ PERROR << "overlayfs mv " << oldpath << " " << newpath;
+ } else {
+ errno = save_errno;
+ }
+ ret &= fs_mgr_rm_all(newpath, change);
+ save_errno = errno;
+ if (!rmdir(newpath.c_str())) {
+ if (change) *change = true;
+ } else if (errno != ENOENT) {
+ ret = false;
+ PERROR << "overlayfs rmdir " << newpath;
+ } else {
+ errno = save_errno;
+ }
+ if (mount_point) {
+ save_errno = errno;
+ if (!rmdir(overlay.c_str())) {
+ if (change) *change = true;
+ } else if ((errno != ENOENT) && (errno != ENOTEMPTY)) {
+ ret = false;
+ PERROR << "overlayfs rmdir " << overlay;
+ } else {
+ errno = save_errno;
+ }
+ }
+ if (!fs_mgr_wants_overlayfs()) {
+ // After obligatory teardown to make sure everything is clean, but if
+ // we didn't want overlayfs in the the first place, we do not want to
+ // waste time on a reboot (or reboot request message).
+ if (change) *change = false;
+ }
+ // And now that we did what we could, lets inform
+ // caller that there may still be more to do.
+ if (!fs_mgr_boot_completed()) {
+ errno = EBUSY;
+ PERROR << "overlayfs teardown";
+ ret = false;
+ }
+ return ret;
+}
+
+#endif // ALLOW_ADBD_DISABLE_VERITY != 0
diff --git a/fs_mgr/include/fs_mgr_overlayfs.h b/fs_mgr/include/fs_mgr_overlayfs.h
new file mode 100644
index 0000000..1d2ff03
--- /dev/null
+++ b/fs_mgr/include/fs_mgr_overlayfs.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <fstab/fstab.h>
+
+bool fs_mgr_overlayfs_mount_all();
+bool fs_mgr_overlayfs_setup(const char* backing = nullptr, const char* mount_point = nullptr,
+ bool* change = nullptr);
+bool fs_mgr_overlayfs_teardown(const char* mount_point = nullptr, bool* change = nullptr);
diff --git a/init/first_stage_mount.cpp b/init/first_stage_mount.cpp
index 41e8fff..0c5cf76 100644
--- a/init/first_stage_mount.cpp
+++ b/init/first_stage_mount.cpp
@@ -35,6 +35,7 @@
#include "fs_mgr.h"
#include "fs_mgr_avb.h"
#include "fs_mgr_dm_linear.h"
+#include "fs_mgr_overlayfs.h"
#include "uevent.h"
#include "uevent_listener.h"
#include "util.h"
@@ -351,6 +352,7 @@
return false;
}
}
+ fs_mgr_overlayfs_mount_all();
return true;
}
diff --git a/init/init_first_stage.cpp b/init/init_first_stage.cpp
index b367f2a..466cde3 100644
--- a/init/init_first_stage.cpp
+++ b/init/init_first_stage.cpp
@@ -138,9 +138,10 @@
SelinuxSetupKernelLogging();
SelinuxInitialize();
- // Unneeded? It's an ext4 file system so shouldn't it have the right domain already?
- // We're in the kernel domain, so re-exec init to transition to the init domain now
- // that the SELinux policy has been loaded.
+ // We're in the kernel domain and want to transition to the init domain when we exec second
+ // stage init. File systems that store SELabels in their xattrs, such as ext4 do not need an
+ // explicit restorecon here, but other file systems do. In particular, this is needed for
+ // ramdisks such as the recovery image for A/B devices.
if (selinux_android_restorecon("/system/bin/init", 0) == -1) {
PLOG(FATAL) << "restorecon failed of /system/bin/init failed";
}
diff --git a/init/reboot.cpp b/init/reboot.cpp
index 7401857..2f88121 100644
--- a/init/reboot.cpp
+++ b/init/reboot.cpp
@@ -473,7 +473,21 @@
"bootloader_message: "
<< err;
}
+ } else if (reboot_target == "sideload" || reboot_target == "sideload-auto-reboot" ||
+ reboot_target == "fastboot") {
+ std::string arg = reboot_target == "sideload-auto-reboot" ? "sideload_auto_reboot"
+ : reboot_target;
+ const std::vector<std::string> options = {
+ "--" + arg,
+ };
+ std::string err;
+ if (!write_bootloader_message(options, &err)) {
+ LOG(ERROR) << "Failed to set bootloader message: " << err;
+ return false;
+ }
+ reboot_target = "recovery";
}
+
// If there is an additional parameter, pass it along
if ((cmd_params.size() == 3) && cmd_params[2].size()) {
reboot_target += "," + cmd_params[2];
diff --git a/libbacktrace/include/backtrace/BacktraceMap.h b/libbacktrace/include/backtrace/BacktraceMap.h
index a9cfce4..c564271 100644
--- a/libbacktrace/include/backtrace/BacktraceMap.h
+++ b/libbacktrace/include/backtrace/BacktraceMap.h
@@ -31,6 +31,7 @@
#include <deque>
#include <iterator>
+#include <memory>
#include <string>
#include <vector>
diff --git a/libsync/Android.bp b/libsync/Android.bp
index c95563d..e56f8ba 100644
--- a/libsync/Android.bp
+++ b/libsync/Android.bp
@@ -20,8 +20,9 @@
cflags: ["-Werror"],
}
-cc_library_shared {
+cc_library {
name: "libsync",
+ recovery_available: true,
defaults: ["libsync_defaults"],
}
@@ -31,14 +32,6 @@
export_include_dirs: ["include"],
}
-// libsync_recovery is only intended for the recovery binary.
-// Future versions of the kernel WILL require an updated libsync, and will break
-// anything statically linked against the current libsync.
-cc_library_static {
- name: "libsync_recovery",
- defaults: ["libsync_defaults"],
-}
-
cc_test {
name: "sync-unit-tests",
shared_libs: ["libsync"],
diff --git a/libunwindstack/DexFile.cpp b/libunwindstack/DexFile.cpp
index 3d982f6..8ec560c 100644
--- a/libunwindstack/DexFile.cpp
+++ b/libunwindstack/DexFile.cpp
@@ -24,6 +24,7 @@
#include <android-base/unique_fd.h>
+#include <dex/class_accessor-inl.h>
#include <dex/code_item_accessors-inl.h>
#include <dex/compact_dex_file.h>
#include <dex/dex_file-inl.h>
@@ -98,38 +99,20 @@
// Check the methods we haven't cached.
for (; class_def_index_ < dex_file_->NumClassDefs(); class_def_index_++) {
- const art::DexFile::ClassDef& class_def = dex_file_->GetClassDef(class_def_index_);
- const uint8_t* class_data = dex_file_->GetClassData(class_def);
- if (class_data == nullptr) {
- continue;
- }
+ art::ClassAccessor accessor(*dex_file_, dex_file_->GetClassDef(class_def_index_));
- if (class_it_.get() == nullptr || !class_it_->HasNext()) {
- class_it_.reset(new art::ClassDataItemIterator(*dex_file_.get(), class_data));
- }
-
- for (; class_it_->HasNext(); class_it_->Next()) {
- if (!class_it_->IsAtMethod()) {
- continue;
- }
- const art::DexFile::CodeItem* code_item = class_it_->GetMethodCodeItem();
- if (code_item == nullptr) {
- continue;
- }
- art::CodeItemInstructionAccessor code(*dex_file_.get(), code_item);
+ for (const art::ClassAccessor::Method& method : accessor.GetMethods()) {
+ art::CodeItemInstructionAccessor code = method.GetInstructions();
if (!code.HasCodeItem()) {
continue;
}
-
uint32_t offset = reinterpret_cast<const uint8_t*>(code.Insns()) - dex_file_->Begin();
- uint32_t offset_end = offset + code.InsnsSizeInCodeUnits() * sizeof(uint16_t);
- uint32_t member_index = class_it_->GetMemberIndex();
+ uint32_t offset_end = offset + code.InsnsSizeInBytes();
+ uint32_t member_index = method.GetIndex();
method_cache_[offset_end] = std::make_pair(offset, member_index);
if (offset <= dex_offset && dex_offset < offset_end) {
*method_name = dex_file_->PrettyMethod(member_index, false);
*method_offset = dex_offset - offset;
- // Move past this element.
- class_it_->Next();
return true;
}
}
diff --git a/libunwindstack/DexFile.h b/libunwindstack/DexFile.h
index 508692d..c123158 100644
--- a/libunwindstack/DexFile.h
+++ b/libunwindstack/DexFile.h
@@ -45,7 +45,6 @@
std::map<uint32_t, std::pair<uint64_t, uint32_t>> method_cache_; // dex offset to method index.
uint32_t class_def_index_ = 0;
- std::unique_ptr<art::ClassDataItemIterator> class_it_;
};
class DexFileFromFile : public DexFile {
diff --git a/libunwindstack/include/unwindstack/RegsGetLocal.h b/libunwindstack/include/unwindstack/RegsGetLocal.h
index 81c0af3..f0b5e3a 100644
--- a/libunwindstack/include/unwindstack/RegsGetLocal.h
+++ b/libunwindstack/include/unwindstack/RegsGetLocal.h
@@ -33,8 +33,7 @@
#if defined(__arm__)
-inline __always_inline void RegsGetLocal(Regs* regs) {
- void* reg_data = regs->RawData();
+inline __attribute__((__always_inline__)) void AsmGetRegs(void* reg_data) {
asm volatile(
".align 2\n"
"bx pc\n"
@@ -55,8 +54,7 @@
#elif defined(__aarch64__)
-inline __always_inline void RegsGetLocal(Regs* regs) {
- void* reg_data = regs->RawData();
+inline __attribute__((__always_inline__)) void AsmGetRegs(void* reg_data) {
asm volatile(
"1:\n"
"stp x0, x1, [%[base], #0]\n"
@@ -87,11 +85,12 @@
extern "C" void AsmGetRegs(void* regs);
-inline void RegsGetLocal(Regs* regs) {
+#endif
+
+inline __attribute__((__always_inline__)) void RegsGetLocal(Regs* regs) {
AsmGetRegs(regs->RawData());
}
-#endif
} // namespace unwindstack
diff --git a/libutils/CallStack.cpp b/libutils/CallStack.cpp
index bd6015e..fe6f33d 100644
--- a/libutils/CallStack.cpp
+++ b/libutils/CallStack.cpp
@@ -16,16 +16,15 @@
#define LOG_TAG "CallStack"
-#include <utils/CallStack.h>
-
-#include <memory>
-
#include <utils/Printer.h>
#include <utils/Errors.h>
#include <utils/Log.h>
#include <backtrace/Backtrace.h>
+#define CALLSTACK_WEAK // Don't generate weak definitions.
+#include <utils/CallStack.h>
+
namespace android {
CallStack::CallStack() {
@@ -76,4 +75,30 @@
}
}
+// The following four functions may be used via weak symbol references from libutils.
+// Clients assume that if any of these symbols are available, then deleteStack() is.
+
+#ifdef WEAKS_AVAILABLE
+
+CallStack::CallStackUPtr CallStack::getCurrentInternal(int ignoreDepth) {
+ CallStack::CallStackUPtr stack(new CallStack());
+ stack->update(ignoreDepth + 1);
+ return stack;
+}
+
+void CallStack::logStackInternal(const char* logtag, const CallStack* stack,
+ android_LogPriority priority) {
+ stack->log(logtag, priority);
+}
+
+String8 CallStack::stackToStringInternal(const char* prefix, const CallStack* stack) {
+ return stack->toString(prefix);
+}
+
+void CallStack::deleteStack(CallStack* stack) {
+ delete stack;
+}
+
+#endif // WEAKS_AVAILABLE
+
}; // namespace android
diff --git a/libutils/RefBase.cpp b/libutils/RefBase.cpp
index 9074850..3f1e79a 100644
--- a/libutils/RefBase.cpp
+++ b/libutils/RefBase.cpp
@@ -17,30 +17,41 @@
#define LOG_TAG "RefBase"
// #define LOG_NDEBUG 0
+#include <memory>
+
#include <utils/RefBase.h>
#include <utils/CallStack.h>
+#include <utils/Mutex.h>
+
#ifndef __unused
#define __unused __attribute__((__unused__))
#endif
-// compile with refcounting debugging enabled
-#define DEBUG_REFS 0
+// Compile with refcounting debugging enabled.
+#define DEBUG_REFS 0
+
+// The following three are ignored unless DEBUG_REFS is set.
// whether ref-tracking is enabled by default, if not, trackMe(true, false)
// needs to be called explicitly
-#define DEBUG_REFS_ENABLED_BY_DEFAULT 0
+#define DEBUG_REFS_ENABLED_BY_DEFAULT 0
// whether callstack are collected (significantly slows things down)
-#define DEBUG_REFS_CALLSTACK_ENABLED 1
+#define DEBUG_REFS_CALLSTACK_ENABLED 1
// folder where stack traces are saved when DEBUG_REFS is enabled
// this folder needs to exist and be writable
-#define DEBUG_REFS_CALLSTACK_PATH "/data/debug"
+#define DEBUG_REFS_CALLSTACK_PATH "/data/debug"
// log all reference counting operations
-#define PRINT_REFS 0
+#define PRINT_REFS 0
+
+// Continue after logging a stack trace if ~RefBase discovers that reference
+// count has never been incremented. Normally we conspicuously crash in that
+// case.
+#define DEBUG_REFBASE_DESTRUCTION 1
// ---------------------------------------------------------------------------
@@ -184,7 +195,7 @@
char inc = refs->ref >= 0 ? '+' : '-';
ALOGD("\t%c ID %p (ref %d):", inc, refs->id, refs->ref);
#if DEBUG_REFS_CALLSTACK_ENABLED
- refs->stack.log(LOG_TAG);
+ CallStack::logStack(LOG_TAG, refs->stack.get());
#endif
refs = refs->next;
}
@@ -198,14 +209,14 @@
char inc = refs->ref >= 0 ? '+' : '-';
ALOGD("\t%c ID %p (ref %d):", inc, refs->id, refs->ref);
#if DEBUG_REFS_CALLSTACK_ENABLED
- refs->stack.log(LOG_TAG);
+ CallStack::logStack(LOG_TAG, refs->stack.get());
#endif
refs = refs->next;
}
}
if (dumpStack) {
ALOGE("above errors at:");
- CallStack stack(LOG_TAG);
+ CallStack::logStack(LOG_TAG);
}
}
@@ -279,7 +290,7 @@
this);
int rc = open(name, O_RDWR | O_CREAT | O_APPEND, 644);
if (rc >= 0) {
- write(rc, text.string(), text.length());
+ (void)write(rc, text.string(), text.length());
close(rc);
ALOGD("STACK TRACE for %p saved in %s", this, name);
}
@@ -294,7 +305,7 @@
ref_entry* next;
const void* id;
#if DEBUG_REFS_CALLSTACK_ENABLED
- CallStack stack;
+ CallStack::CallStackUPtr stack;
#endif
int32_t ref;
};
@@ -311,7 +322,7 @@
ref->ref = mRef;
ref->id = id;
#if DEBUG_REFS_CALLSTACK_ENABLED
- ref->stack.update(2);
+ ref->stack = CallStack::getCurrent(2);
#endif
ref->next = *refs;
*refs = ref;
@@ -346,7 +357,7 @@
ref = ref->next;
}
- CallStack stack(LOG_TAG);
+ CallStack::logStack(LOG_TAG);
}
}
@@ -373,7 +384,7 @@
inc, refs->id, refs->ref);
out->append(buf);
#if DEBUG_REFS_CALLSTACK_ENABLED
- out->append(refs->stack.toString("\t\t"));
+ out->append(CallStack::stackToString("\t\t", refs->stack.get()));
#else
out->append("\t\t(call stacks disabled)");
#endif
@@ -700,16 +711,16 @@
if (mRefs->mWeak.load(std::memory_order_relaxed) == 0) {
delete mRefs;
}
- } else if (mRefs->mStrong.load(std::memory_order_relaxed)
- == INITIAL_STRONG_VALUE) {
+ } else if (mRefs->mStrong.load(std::memory_order_relaxed) == INITIAL_STRONG_VALUE) {
// We never acquired a strong reference on this object.
- LOG_ALWAYS_FATAL_IF(mRefs->mWeak.load() != 0,
- "RefBase: Explicit destruction with non-zero weak "
- "reference count");
- // TODO: Always report if we get here. Currently MediaMetadataRetriever
- // C++ objects are inconsistently managed and sometimes get here.
- // There may be other cases, but we believe they should all be fixed.
- delete mRefs;
+#if DEBUG_REFBASE_DESTRUCTION
+ // Treating this as fatal is prone to causing boot loops. For debugging, it's
+ // better to treat as non-fatal.
+ ALOGD("RefBase: Explicit destruction, weak count = %d (in %p)", mRefs->mWeak.load(), this);
+ CallStack::logStack(LOG_TAG);
+#else
+ LOG_ALWAYS_FATAL("RefBase: Explicit destruction, weak count = %d", mRefs->mWeak.load());
+#endif
}
// For debugging purposes, clear mRefs. Ineffective against outstanding wp's.
const_cast<weakref_impl*&>(mRefs) = nullptr;
diff --git a/libutils/include/utils/CallStack.h b/libutils/include/utils/CallStack.h
index 0c1b875..56004fe 100644
--- a/libutils/include/utils/CallStack.h
+++ b/libutils/include/utils/CallStack.h
@@ -17,6 +17,8 @@
#ifndef ANDROID_CALLSTACK_H
#define ANDROID_CALLSTACK_H
+#include <memory>
+
#include <android/log.h>
#include <backtrace/backtrace_constants.h>
#include <utils/String8.h>
@@ -25,6 +27,19 @@
#include <stdint.h>
#include <sys/types.h>
+#if !defined(__APPLE__) && !defined(_WIN32)
+# define WEAKS_AVAILABLE 1
+#endif
+#ifndef CALLSTACK_WEAK
+# ifdef WEAKS_AVAILABLE
+# define CALLSTACK_WEAK __attribute__((weak))
+# else // !WEAKS_AVAILABLE
+# define CALLSTACK_WEAK
+# endif // !WEAKS_AVAILABLE
+#endif // CALLSTACK_WEAK predefined
+
+#define ALWAYS_INLINE __attribute__((always_inline))
+
namespace android {
class Printer;
@@ -36,7 +51,7 @@
CallStack();
// Create a callstack with the current thread's stack trace.
// Immediately dump it to logcat using the given logtag.
- CallStack(const char* logtag, int32_t ignoreDepth=1);
+ CallStack(const char* logtag, int32_t ignoreDepth = 1);
~CallStack();
// Reset the stack frames (same as creating an empty call stack).
@@ -44,7 +59,7 @@
// Immediately collect the stack traces for the specified thread.
// The default is to dump the stack of the current call.
- void update(int32_t ignoreDepth=1, pid_t tid=BACKTRACE_CURRENT_THREAD);
+ void update(int32_t ignoreDepth = 1, pid_t tid = BACKTRACE_CURRENT_THREAD);
// Dump a stack trace to the log using the supplied logtag.
void log(const char* logtag,
@@ -63,7 +78,88 @@
// Get the count of stack frames that are in this call stack.
size_t size() const { return mFrameLines.size(); }
-private:
+ // DO NOT USE ANYTHING BELOW HERE. The following public members are expected
+ // to disappear again shortly, once a better replacement facility exists.
+ // The replacement facility will be incompatible!
+
+ // Debugging accesses to some basic functionality. These use weak symbols to
+ // avoid introducing a dependency on libutilscallstack. Such a dependency from
+ // libutils results in a cyclic build dependency. These routines can be called
+ // from within libutils. But if the actual library is unavailable, they do
+ // nothing.
+ //
+ // DO NOT USE THESE. They will disappear.
+ struct StackDeleter {
+#ifdef WEAKS_AVAILABLE
+ void operator()(CallStack* stack) {
+ deleteStack(stack);
+ }
+#else
+ void operator()(CallStack*) {}
+#endif
+ };
+
+ typedef std::unique_ptr<CallStack, StackDeleter> CallStackUPtr;
+
+ // Return current call stack if possible, nullptr otherwise.
+#ifdef WEAKS_AVAILABLE
+ static CallStackUPtr ALWAYS_INLINE getCurrent(int32_t ignoreDepth = 1) {
+ if (reinterpret_cast<uintptr_t>(getCurrentInternal) == 0) {
+ ALOGW("CallStack::getCurrentInternal not linked, returning null");
+ return CallStackUPtr(nullptr);
+ } else {
+ return getCurrentInternal(ignoreDepth);
+ }
+ }
+#else // !WEAKS_AVAILABLE
+ static CallStackUPtr ALWAYS_INLINE getCurrent(int32_t = 1) {
+ return CallStackUPtr(nullptr);
+ }
+#endif // !WEAKS_AVAILABLE
+
+#ifdef WEAKS_AVAILABLE
+ static void ALWAYS_INLINE logStack(const char* logtag, CallStack* stack = getCurrent().get(),
+ android_LogPriority priority = ANDROID_LOG_DEBUG) {
+ if (reinterpret_cast<uintptr_t>(logStackInternal) != 0 && stack != nullptr) {
+ logStackInternal(logtag, stack, priority);
+ } else {
+ ALOGW("CallStack::logStackInternal not linked");
+ }
+ }
+
+#else
+ static void ALWAYS_INLINE logStack(const char*, CallStack* = getCurrent().get(),
+ android_LogPriority = ANDROID_LOG_DEBUG) {
+ }
+#endif // !WEAKS_AVAILABLE
+
+#ifdef WEAKS_AVAILABLE
+ static String8 ALWAYS_INLINE stackToString(const char* prefix = nullptr,
+ const CallStack* stack = getCurrent().get()) {
+ if (reinterpret_cast<uintptr_t>(stackToStringInternal) != 0 && stack != nullptr) {
+ return stackToStringInternal(prefix, stack);
+ } else {
+ return String8("<CallStack package not linked>");
+ }
+ }
+#else // !WEAKS_AVAILABLE
+ static String8 ALWAYS_INLINE stackToString(const char* = nullptr,
+ const CallStack* = getCurrent().get()) {
+ return String8("<CallStack package not linked>");
+ }
+#endif // !WEAKS_AVAILABLE
+
+ private:
+#ifdef WEAKS_AVAILABLE
+ static CallStackUPtr CALLSTACK_WEAK getCurrentInternal(int32_t ignoreDepth);
+ static void CALLSTACK_WEAK logStackInternal(const char* logtag, const CallStack* stack,
+ android_LogPriority priority);
+ static String8 CALLSTACK_WEAK stackToStringInternal(const char* prefix, const CallStack* stack);
+ // The deleter is only invoked on non-null pointers. Hence it will never be
+ // invoked if CallStack is not linked.
+ static void CALLSTACK_WEAK deleteStack(CallStack* stack);
+#endif // WEAKS_AVAILABLE
+
Vector<String8> mFrameLines;
};
diff --git a/llkd/README.md b/llkd/README.md
index b2ba2a2..2314583 100644
--- a/llkd/README.md
+++ b/llkd/README.md
@@ -60,7 +60,7 @@
Android Properties
------------------
-Android Properties llkd respond to (<prop>_ms parms are in milliseconds):
+Android Properties llkd respond to (*prop*_ms parms are in milliseconds):
#### ro.config.low_ram
default false, if true do not sysrq t (dump all threads).
@@ -99,19 +99,33 @@
#### ro.llk.blacklist.process
default 0,1,2 (kernel, init and [kthreadd]) plus process names
init,[kthreadd],[khungtaskd],lmkd,lmkd.llkd,llkd,watchdogd,
-[watchdogd],[watchdogd/0],...,[watchdogd/<get_nprocs-1>].
+[watchdogd],[watchdogd/0],...,[watchdogd/***get_nprocs**-1*].
+The string false is the equivalent to an empty list.
+Do not watch these processes. A process can be comm, cmdline or pid reference.
+NB: automated default here can be larger than the current maximum property
+size of 92.
+NB: false is a very very very unlikely process to want to blacklist.
#### ro.llk.blacklist.parent
default 0,2 (kernel and [kthreadd]).
+The string false is the equivalent to an empty list.
+Do not watch processes that have this parent.
+A parent process can be comm, cmdline or pid reference.
#### ro.llk.blacklist.uid
-default <empty>, comma separated list of uid numbers or names.
+default *empty* or false, comma separated list of uid numbers or names.
+The string false is the equivalent to an empty list.
+Do not watch processes that match this uid.
Architectural Concerns
----------------------
+- built-in [khungtask] daemon is too generic and trips on driver code that
+ sits around in D state too much. To switch to S instead makes the task(s)
+ killable, so the drivers should be able to resurrect them if needed.
+- Properties are limited to 92 characters.
- Create kernel module and associated gTest to actually test panic.
-- Create gTest to test out blacklist (ro.llk.blacklist.<properties> generally
+- Create gTest to test out blacklist (ro.llk.blacklist.*properties* generally
not be inputs). Could require more test-only interfaces to libllkd.
-- Speed up gTest using something else than ro.llk.<properties>, which should
- not be inputs.
+- Speed up gTest using something else than ro.llk.*properties*, which should
+ not be inputs as they should be baked into the product.
diff --git a/llkd/libllkd.cpp b/llkd/libllkd.cpp
index f357cc2..48551f2 100644
--- a/llkd/libllkd.cpp
+++ b/llkd/libllkd.cpp
@@ -55,6 +55,7 @@
using namespace std::chrono_literals;
using namespace std::chrono;
+using namespace std::literals;
namespace {
@@ -284,7 +285,7 @@
schedUpdate(0),
nrSwitches(0),
update(llkUpdate),
- count(0),
+ count(0ms),
pid(pid),
ppid(ppid),
uid(-1),
@@ -497,8 +498,7 @@
}
::usleep(200000); // let everything settle
}
- llkWriteStringToFile(std::string("SysRq : Trigger a crash : 'livelock,") + state + "'\n",
- "/dev/kmsg");
+ llkWriteStringToFile("SysRq : Trigger a crash : 'livelock,"s + state + "'\n", "/dev/kmsg");
android::base::WriteStringToFd("c", sysrqTriggerFd);
// NOTREACHED
// DYB
@@ -574,15 +574,19 @@
// We only officially support comma separators, but wetware being what they
// are will take some liberty and I do not believe they should be punished.
-std::unordered_set<std::string> llkSplit(const std::string& s,
- const std::string& delimiters = ", \t:") {
+std::unordered_set<std::string> llkSplit(const std::string& s) {
std::unordered_set<std::string> result;
+ // Special case, allow boolean false to empty the list, otherwise expected
+ // source of input from android::base::GetProperty will supply the default
+ // value on empty content in the property.
+ if (s == "false") return result;
+
size_t base = 0;
- size_t found;
- while (true) {
- found = s.find_first_of(delimiters, base);
- result.emplace(s.substr(base, found - base));
+ while (s.size() > base) {
+ auto found = s.find_first_of(", \t:", base);
+ // Only emplace content, empty entries are not an option
+ if (found != base) result.emplace(s.substr(base, found - base));
if (found == s.npos) break;
base = found + 1;
}
@@ -1070,7 +1074,7 @@
std::to_string(kthreaddPid) + "," + std::to_string(::getpid()) + "," +
std::to_string(::gettid()) + "," LLK_BLACKLIST_PROCESS_DEFAULT);
if (threadname) {
- defaultBlacklistProcess += std::string(",") + threadname;
+ defaultBlacklistProcess += ","s + threadname;
}
for (int cpu = 1; cpu < get_nprocs_conf(); ++cpu) {
defaultBlacklistProcess += ",[watchdog/" + std::to_string(cpu) + "]";
diff --git a/lmkd/Android.bp b/lmkd/Android.bp
index 1369b8b..903d0e2 100644
--- a/lmkd/Android.bp
+++ b/lmkd/Android.bp
@@ -20,6 +20,7 @@
],
},
},
+ logtags: ["event.logtags"],
}
cc_library_static {
diff --git a/lmkd/event.logtags b/lmkd/event.logtags
new file mode 100644
index 0000000..7c2cd18
--- /dev/null
+++ b/lmkd/event.logtags
@@ -0,0 +1,38 @@
+# The entries in this file map a sparse set of log tag numbers to tag names.
+# This is installed on the device, in /system/etc, and parsed by logcat.
+#
+# Tag numbers are decimal integers, from 0 to 2^31. (Let's leave the
+# negative values alone for now.)
+#
+# Tag names are one or more ASCII letters and numbers or underscores, i.e.
+# "[A-Z][a-z][0-9]_". Do not include spaces or punctuation (the former
+# impacts log readability, the latter makes regex searches more annoying).
+#
+# Tag numbers and names are separated by whitespace. Blank lines and lines
+# starting with '#' are ignored.
+#
+# Optionally, after the tag names can be put a description for the value(s)
+# of the tag. Description are in the format
+# (<name>|data type[|data unit])
+# Multiple values are separated by commas.
+#
+# The data type is a number from the following values:
+# 1: int
+# 2: long
+# 3: string
+# 4: list
+#
+# The data unit is a number taken from the following list:
+# 1: Number of objects
+# 2: Number of bytes
+# 3: Number of milliseconds
+# 4: Number of allocations
+# 5: Id
+# 6: Percent
+# s: Number of seconds (monotonic time)
+# Default value for data of type int/long is 2 (bytes).
+#
+# TODO: generate ".java" and ".h" files with integer constants from this file.
+
+# for meminfo logs
+10195355 meminfo (MemFree|1),(Cached|1),(SwapCached|1),(Buffers|1),(Shmem|1),(Unevictable|1),(SwapFree|1),(ActiveAnon|1),(InactiveAnon|1),(ActiveFile|1),(InactiveFile|1),(SReclaimable|1),(SUnreclaim|1),(KernelStack|1),(PageTables|1),(ION_heap|1),(ION_heap_pool|1),(CmaFree|1)
diff --git a/lmkd/lmkd.c b/lmkd/lmkd.c
index 4fb9678..02534f2 100644
--- a/lmkd/lmkd.c
+++ b/lmkd/lmkd.c
@@ -37,6 +37,7 @@
#include <cutils/sockets.h>
#include <lmkd.h>
#include <log/log.h>
+#include <log/log_event_list.h>
#ifdef LMKD_LOG_STATS
#include "statslog.h"
@@ -72,6 +73,9 @@
#define MEMINFO_PATH "/proc/meminfo"
#define LINE_MAX 128
+/* Android Logger event logtags (see event.logtags) */
+#define MEMINFO_LOG_TAG 10195355
+
/* gid containing AID_SYSTEM required */
#define INKERNEL_MINFREE_PATH "/sys/module/lowmemorykiller/parameters/minfree"
#define INKERNEL_ADJ_PATH "/sys/module/lowmemorykiller/parameters/adj"
@@ -82,6 +86,11 @@
/* Defined as ProcessList.SYSTEM_ADJ in ProcessList.java */
#define SYSTEM_ADJ (-900)
+#define STRINGIFY(x) STRINGIFY_INTERNAL(x)
+#define STRINGIFY_INTERNAL(x) #x
+
+#define min(a, b) (((a) < (b)) ? (a) : (b))
+
/* default to old in-kernel interface if no memory pressure events */
static bool use_inkernel_interface = true;
static bool has_inkernel_module;
@@ -118,6 +127,8 @@
static bool per_app_memcg;
static int swap_free_low_percentage;
+static android_log_context ctx;
+
/* data required to handle events */
struct event_handler_info {
int data;
@@ -197,7 +208,17 @@
MI_UNEVICTABLE,
MI_TOTAL_SWAP,
MI_FREE_SWAP,
- MI_DIRTY,
+ MI_ACTIVE_ANON,
+ MI_INACTIVE_ANON,
+ MI_ACTIVE_FILE,
+ MI_INACTIVE_FILE,
+ MI_SRECLAIMABLE,
+ MI_SUNRECLAIM,
+ MI_KERNEL_STACK,
+ MI_PAGE_TABLES,
+ MI_ION_HELP,
+ MI_ION_HELP_POOL,
+ MI_CMA_FREE,
MI_FIELD_COUNT
};
@@ -210,7 +231,17 @@
"Unevictable:",
"SwapTotal:",
"SwapFree:",
- "Dirty:",
+ "Active(anon):",
+ "Inactive(anon):",
+ "Active(file):",
+ "Inactive(file):",
+ "SReclaimable:",
+ "SUnreclaim:",
+ "KernelStack:",
+ "PageTables:",
+ "ION_heap:",
+ "ION_heap_pool:",
+ "CmaFree:",
};
union meminfo {
@@ -223,7 +254,17 @@
int64_t unevictable;
int64_t total_swap;
int64_t free_swap;
- int64_t dirty;
+ int64_t active_anon;
+ int64_t inactive_anon;
+ int64_t active_file;
+ int64_t inactive_file;
+ int64_t sreclaimable;
+ int64_t sunreclaimable;
+ int64_t kernel_stack;
+ int64_t page_tables;
+ int64_t ion_heap;
+ int64_t ion_heap_pool;
+ int64_t cma_free;
/* fields below are calculated rather than read from the file */
int64_t nr_file_pages;
} field;
@@ -734,10 +775,10 @@
#ifdef LMKD_LOG_STATS
static void memory_stat_parse_line(char *line, struct memory_stat *mem_st) {
- char key[LINE_MAX];
+ char key[LINE_MAX + 1];
int64_t value;
- sscanf(line,"%s %" SCNd64 "", key, &value);
+ sscanf(line, "%" STRINGIFY(LINE_MAX) "s %" SCNd64 "", key, &value);
if (strcmp(key, "total_") < 0) {
return;
@@ -756,24 +797,31 @@
}
static int memory_stat_parse(struct memory_stat *mem_st, int pid, uid_t uid) {
- FILE *fp;
- char buf[PATH_MAX];
+ FILE *fp;
+ char buf[PATH_MAX];
- snprintf(buf, sizeof(buf), MEMCG_PROCESS_MEMORY_STAT_PATH, uid, pid);
+ /*
+ * Per-application memory.stat files are available only when
+ * per-application memcgs are enabled.
+ */
+ if (!per_app_memcg)
+ return -1;
- fp = fopen(buf, "r");
+ snprintf(buf, sizeof(buf), MEMCG_PROCESS_MEMORY_STAT_PATH, uid, pid);
- if (fp == NULL) {
- ALOGE("%s open failed: %s", buf, strerror(errno));
- return -1;
- }
+ fp = fopen(buf, "r");
- while (fgets(buf, PAGE_SIZE, fp) != NULL ) {
- memory_stat_parse_line(buf, mem_st);
- }
- fclose(fp);
+ if (fp == NULL) {
+ ALOGE("%s open failed: %s", buf, strerror(errno));
+ return -1;
+ }
- return 0;
+ while (fgets(buf, PAGE_SIZE, fp) != NULL ) {
+ memory_stat_parse_line(buf, mem_st);
+ }
+ fclose(fp);
+
+ return 0;
}
#endif
@@ -916,6 +964,15 @@
return 0;
}
+static void meminfo_log(union meminfo *mi) {
+ for (int field_idx = 0; field_idx < MI_FIELD_COUNT; field_idx++) {
+ android_log_write_int32(ctx, (int32_t)min(mi->arr[field_idx] * page_k, INT32_MAX));
+ }
+
+ android_log_write_list(ctx, LOG_ID_EVENTS);
+ android_log_reset(ctx);
+}
+
static int proc_get_size(int pid) {
char path[PATH_MAX];
char line[LINE_MAX];
@@ -1327,6 +1384,8 @@
if (debug_process_killing) {
ALOGI("Nothing to kill");
}
+ } else {
+ meminfo_log(&mi);
}
} else {
int pages_freed;
@@ -1375,6 +1434,9 @@
pages_to_free, pages_freed);
gettimeofday(&last_report_tm, NULL);
}
+ if (pages_freed > 0) {
+ meminfo_log(&mi);
+ }
}
}
@@ -1591,6 +1653,8 @@
swap_free_low_percentage =
property_get_int32("ro.lmk.swap_free_low_percentage", 10);
+ ctx = create_android_logger(MEMINFO_LOG_TAG);
+
#ifdef LMKD_LOG_STATS
statslog_init(&log_ctx, &enable_stats_log);
#endif
@@ -1626,6 +1690,8 @@
statslog_destroy(&log_ctx);
#endif
+ android_log_destroy(&ctx);
+
ALOGI("exiting");
return 0;
}
diff --git a/logd/LogAudit.cpp b/logd/LogAudit.cpp
index 4ea7877..fc8c960 100644
--- a/logd/LogAudit.cpp
+++ b/logd/LogAudit.cpp
@@ -19,6 +19,7 @@
#include <errno.h>
#include <limits.h>
#include <stdarg.h>
+#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <sys/prctl.h>
@@ -344,8 +345,7 @@
rc = logbuf->log(
LOG_ID_EVENTS, now, uid, pid, tid, reinterpret_cast<char*>(event),
- (message_len <= USHRT_MAX) ? (unsigned short)message_len
- : USHRT_MAX);
+ (message_len <= UINT16_MAX) ? (uint16_t)message_len : UINT16_MAX);
if (rc >= 0) {
notify |= 1 << LOG_ID_EVENTS;
}
@@ -399,9 +399,9 @@
strncpy(newstr + 1 + str_len + prefix_len + suffix_len,
denial_metadata.c_str(), denial_metadata.length());
- rc = logbuf->log(LOG_ID_MAIN, now, uid, pid, tid, newstr,
- (message_len <= USHRT_MAX) ? (unsigned short)message_len
- : USHRT_MAX);
+ rc = logbuf->log(
+ LOG_ID_MAIN, now, uid, pid, tid, newstr,
+ (message_len <= UINT16_MAX) ? (uint16_t)message_len : UINT16_MAX);
if (rc >= 0) {
notify |= 1 << LOG_ID_MAIN;
diff --git a/logd/LogBuffer.cpp b/logd/LogBuffer.cpp
index 9b04363..fd1b8b2 100644
--- a/logd/LogBuffer.cpp
+++ b/logd/LogBuffer.cpp
@@ -199,7 +199,7 @@
}
int LogBuffer::log(log_id_t log_id, log_time realtime, uid_t uid, pid_t pid,
- pid_t tid, const char* msg, unsigned short len) {
+ pid_t tid, const char* msg, uint16_t len) {
if (log_id >= LOG_ID_MAX) {
return -EINVAL;
}
@@ -240,7 +240,7 @@
LogBufferElement* currentLast = lastLoggedElements[log_id];
if (currentLast) {
LogBufferElement* dropped = droppedElements[log_id];
- unsigned short count = dropped ? dropped->getDropped() : 0;
+ uint16_t count = dropped ? dropped->getDropped() : 0;
//
// State Init
// incoming:
@@ -584,13 +584,13 @@
LogBufferElementMap map;
public:
- bool coalesce(LogBufferElement* element, unsigned short dropped) {
+ bool coalesce(LogBufferElement* element, uint16_t dropped) {
LogBufferElementKey key(element->getUid(), element->getPid(),
element->getTid());
LogBufferElementMap::iterator it = map.find(key.getKey());
if (it != map.end()) {
LogBufferElement* found = it->second;
- unsigned short moreDropped = found->getDropped();
+ uint16_t moreDropped = found->getDropped();
if ((dropped + moreDropped) > USHRT_MAX) {
map.erase(it);
} else {
@@ -847,7 +847,7 @@
mLastSet[id] = true;
}
- unsigned short dropped = element->getDropped();
+ uint16_t dropped = element->getDropped();
// remove any leading drops
if (leading && dropped) {
@@ -927,7 +927,7 @@
kick = true;
- unsigned short len = element->getMsgLen();
+ uint16_t len = element->getMsgLen();
// do not create any leading drops
if (leading) {
diff --git a/logd/LogBuffer.h b/logd/LogBuffer.h
index 0942987..774d4ab 100644
--- a/logd/LogBuffer.h
+++ b/logd/LogBuffer.h
@@ -115,7 +115,7 @@
}
int log(log_id_t log_id, log_time realtime, uid_t uid, pid_t pid, pid_t tid,
- const char* msg, unsigned short len) override;
+ const char* msg, uint16_t len) override;
// lastTid is an optional context to help detect if the last previous
// valid message was from the same source so we can differentiate chatty
// filter types (identical or expired)
diff --git a/logd/LogBufferElement.cpp b/logd/LogBufferElement.cpp
index 2d627b9..19e6d68 100644
--- a/logd/LogBufferElement.cpp
+++ b/logd/LogBufferElement.cpp
@@ -35,7 +35,7 @@
LogBufferElement::LogBufferElement(log_id_t log_id, log_time realtime,
uid_t uid, pid_t pid, pid_t tid,
- const char* msg, unsigned short len)
+ const char* msg, uint16_t len)
: mUid(uid),
mPid(pid),
mTid(tid),
@@ -71,7 +71,7 @@
: 0;
}
-unsigned short LogBufferElement::setDropped(unsigned short value) {
+uint16_t LogBufferElement::setDropped(uint16_t value) {
// The tag information is saved in mMsg data, if the tag is non-zero
// save only the information needed to get the tag.
if (getTag() != 0) {
diff --git a/logd/LogBufferElement.h b/logd/LogBufferElement.h
index b168645..57b0a95 100644
--- a/logd/LogBufferElement.h
+++ b/logd/LogBufferElement.h
@@ -18,6 +18,7 @@
#define _LOGD_LOG_BUFFER_ELEMENT_H__
#include <stdatomic.h>
+#include <stdint.h>
#include <stdlib.h>
#include <sys/types.h>
@@ -56,7 +57,7 @@
public:
LogBufferElement(log_id_t log_id, log_time realtime, uid_t uid, pid_t pid,
- pid_t tid, const char* msg, unsigned short len);
+ pid_t tid, const char* msg, uint16_t len);
LogBufferElement(const LogBufferElement& elem);
~LogBufferElement();
@@ -77,11 +78,11 @@
return mTid;
}
uint32_t getTag() const;
- unsigned short getDropped(void) const {
+ uint16_t getDropped(void) const {
return mDropped ? mDroppedCount : 0;
}
- unsigned short setDropped(unsigned short value);
- unsigned short getMsgLen() const {
+ uint16_t setDropped(uint16_t value);
+ uint16_t getMsgLen() const {
return mDropped ? 0 : mMsgLen;
}
const char* getMsg() const {
diff --git a/logd/LogBufferInterface.h b/logd/LogBufferInterface.h
index ff73a22..f31e244 100644
--- a/logd/LogBufferInterface.h
+++ b/logd/LogBufferInterface.h
@@ -31,7 +31,7 @@
// Handles a log entry when available in LogListener.
// Returns the size of the handled log message.
virtual int log(log_id_t log_id, log_time realtime, uid_t uid, pid_t pid,
- pid_t tid, const char* msg, unsigned short len) = 0;
+ pid_t tid, const char* msg, uint16_t len) = 0;
virtual uid_t pidToUid(pid_t pid);
virtual pid_t tidToPid(pid_t tid);
diff --git a/logd/LogKlog.cpp b/logd/LogKlog.cpp
index ab980ac..e4393a3 100644
--- a/logd/LogKlog.cpp
+++ b/logd/LogKlog.cpp
@@ -821,8 +821,7 @@
}
// Log message
- int rc = logbuf->log(LOG_ID_KERNEL, now, uid, pid, tid, newstr,
- (unsigned short)n);
+ int rc = logbuf->log(LOG_ID_KERNEL, now, uid, pid, tid, newstr, (uint16_t)n);
// notify readers
if (rc > 0) {
diff --git a/logd/LogListener.cpp b/logd/LogListener.cpp
index e568ddc..2f22778 100644
--- a/logd/LogListener.cpp
+++ b/logd/LogListener.cpp
@@ -136,7 +136,7 @@
if (logbuf != nullptr) {
int res = logbuf->log(
logId, header->realtime, cred->uid, cred->pid, header->tid, msg,
- ((size_t)n <= USHRT_MAX) ? (unsigned short)n : USHRT_MAX);
+ ((size_t)n <= UINT16_MAX) ? (uint16_t)n : UINT16_MAX);
if (res > 0 && reader != nullptr) {
reader->notifyNewLog(static_cast<log_mask_t>(1 << logId));
}
diff --git a/logd/LogStatistics.cpp b/logd/LogStatistics.cpp
index cefacf7..116e08e 100644
--- a/logd/LogStatistics.cpp
+++ b/logd/LogStatistics.cpp
@@ -83,7 +83,7 @@
if (element->getDropped()) return;
log_id_t log_id = element->getLogId();
- unsigned short size = element->getMsgLen();
+ uint16_t size = element->getMsgLen();
mSizesTotal[log_id] += size;
SizesTotal += size;
++mElementsTotal[log_id];
@@ -91,7 +91,7 @@
void LogStatistics::add(LogBufferElement* element) {
log_id_t log_id = element->getLogId();
- unsigned short size = element->getMsgLen();
+ uint16_t size = element->getMsgLen();
mSizes[log_id] += size;
++mElements[log_id];
@@ -161,7 +161,7 @@
void LogStatistics::subtract(LogBufferElement* element) {
log_id_t log_id = element->getLogId();
- unsigned short size = element->getMsgLen();
+ uint16_t size = element->getMsgLen();
mSizes[log_id] -= size;
--mElements[log_id];
if (element->getDropped()) {
@@ -206,7 +206,7 @@
// entry->setDropped(1) must follow this call, caller should do this explicitly.
void LogStatistics::drop(LogBufferElement* element) {
log_id_t log_id = element->getLogId();
- unsigned short size = element->getMsgLen();
+ uint16_t size = element->getMsgLen();
mSizes[log_id] -= size;
++mDroppedElements[log_id];
@@ -613,13 +613,13 @@
std::string LogStatistics::format(uid_t uid, pid_t pid,
unsigned int logMask) const {
- static const unsigned short spaces_total = 19;
+ static const uint16_t spaces_total = 19;
// Report on total logging, current and for all time
std::string output = "size/num";
size_t oldLength;
- short spaces = 1;
+ int16_t spaces = 1;
log_id_for_each(id) {
if (!(logMask & (1 << id))) continue;
diff --git a/logd/LogStatistics.h b/logd/LogStatistics.h
index ac3cf9a..d6b8ab3 100644
--- a/logd/LogStatistics.h
+++ b/logd/LogStatistics.h
@@ -520,7 +520,7 @@
return;
}
++msg;
- unsigned short len = element->getMsgLen();
+ uint16_t len = element->getMsgLen();
len = (len <= 1) ? 0 : strnlen(msg, len - 1);
if (!len) {
name = std::string_view("<NULL>", strlen("<NULL>"));
diff --git a/rootdir/Android.mk b/rootdir/Android.mk
index 3a6a5e8..2429b49 100644
--- a/rootdir/Android.mk
+++ b/rootdir/Android.mk
@@ -162,66 +162,6 @@
)
endef
-# Update namespace configuration file with library lists and VNDK version
-#
-# $(1): Input source file (ld.config.txt)
-# $(2): Output built module
-# $(3): VNDK version suffix
-# $(4): true if libz must be included in llndk not in vndk-sp
-define update_and_install_ld_config
-# If $(4) is true, move libz to llndk from vndk-sp.
-$(if $(filter true,$(4)),\
- $(eval llndk_libraries_list := $(LLNDK_LIBRARIES) libz) \
- $(eval vndksp_libraries_list := $(filter-out libz,$(VNDK_SAMEPROCESS_LIBRARIES))),\
- $(eval llndk_libraries_list := $(LLNDK_LIBRARIES)) \
- $(eval vndksp_libraries_list := $(VNDK_SAMEPROCESS_LIBRARIES)))
-
-llndk_libraries := $(call normalize-path-list,$(addsuffix .so,\
- $(filter-out $(VNDK_PRIVATE_LIBRARIES),$(llndk_libraries_list))))
-private_llndk_libraries := $(call normalize-path-list,$(addsuffix .so,\
- $(filter $(VNDK_PRIVATE_LIBRARIES),$(llndk_libraries_list))))
-vndk_sameprocess_libraries := $(call normalize-path-list,$(addsuffix .so,\
- $(filter-out $(VNDK_PRIVATE_LIBRARIES),$(vndksp_libraries_list))))
-vndk_core_libraries := $(call normalize-path-list,$(addsuffix .so,\
- $(filter-out $(VNDK_PRIVATE_LIBRARIES),$(VNDK_CORE_LIBRARIES))))
-sanitizer_runtime_libraries := $(call normalize-path-list,$(addsuffix .so,\
- $(ADDRESS_SANITIZER_RUNTIME_LIBRARY) \
- $(UBSAN_RUNTIME_LIBRARY) \
- $(TSAN_RUNTIME_LIBRARY) \
- $(2ND_ADDRESS_SANITIZER_RUNTIME_LIBRARY) \
- $(2ND_UBSAN_RUNTIME_LIBRARY) \
- $(2ND_TSAN_RUNTIME_LIBRARY)))
-# If BOARD_VNDK_VERSION is not defined, VNDK version suffix will not be used.
-vndk_version_suffix := $(if $(strip $(3)),-$(strip $(3)))
-
-$(2): PRIVATE_LLNDK_LIBRARIES := $$(llndk_libraries)
-$(2): PRIVATE_PRIVATE_LLNDK_LIBRARIES := $$(private_llndk_libraries)
-$(2): PRIVATE_VNDK_SAMEPROCESS_LIBRARIES := $$(vndk_sameprocess_libraries)
-$(2): PRIVATE_VNDK_CORE_LIBRARIES := $$(vndk_core_libraries)
-$(2): PRIVATE_SANITIZER_RUNTIME_LIBRARIES := $$(sanitizer_runtime_libraries)
-$(2): PRIVATE_VNDK_VERSION := $$(vndk_version_suffix)
-$(2): $(1)
- @echo "Generate: $$< -> $$@"
- @mkdir -p $$(dir $$@)
- $$(hide) sed -e 's?%LLNDK_LIBRARIES%?$$(PRIVATE_LLNDK_LIBRARIES)?g' $$< >$$@
- $$(hide) sed -i -e 's?%PRIVATE_LLNDK_LIBRARIES%?$$(PRIVATE_PRIVATE_LLNDK_LIBRARIES)?g' $$@
- $$(hide) sed -i -e 's?%VNDK_SAMEPROCESS_LIBRARIES%?$$(PRIVATE_VNDK_SAMEPROCESS_LIBRARIES)?g' $$@
- $$(hide) sed -i -e 's?%VNDK_CORE_LIBRARIES%?$$(PRIVATE_VNDK_CORE_LIBRARIES)?g' $$@
- $$(hide) sed -i -e 's?%SANITIZER_RUNTIME_LIBRARIES%?$$(PRIVATE_SANITIZER_RUNTIME_LIBRARIES)?g' $$@
- $$(hide) sed -i -e 's?%VNDK_VER%?$$(PRIVATE_VNDK_VERSION)?g' $$@
- $$(hide) sed -i -e 's?%PRODUCT%?$$(TARGET_COPY_OUT_PRODUCT)?g' $$@
- $$(hide) sed -i -e 's?%PRODUCTSERVICES%?$$(TARGET_COPY_OUT_PRODUCTSERVICES)?g' $$@
-
-llndk_libraries_list :=
-vndksp_libraries_list :=
-llndk_libraries :=
-private_llndk_libraries :=
-vndk_sameprocess_libraries :=
-vndk_core_libraries :=
-sanitizer_runtime_libraries :=
-vndk_version_suffix :=
-endef # update_and_install_ld_config
-
#######################################
# ld.config.txt selection variables
@@ -265,21 +205,19 @@
# for VNDK enforced devices
LOCAL_MODULE_STEM := $(call append_vndk_version,$(LOCAL_MODULE))
include $(BUILD_SYSTEM)/base_rules.mk
-$(eval $(call update_and_install_ld_config,\
- $(LOCAL_PATH)/etc/ld.config.txt,\
- $(LOCAL_BUILT_MODULE),\
- $(PLATFORM_VNDK_VERSION)))
+ld_config_template := $(LOCAL_PATH)/etc/ld.config.txt
+vndk_version := $(PLATFORM_VNDK_VERSION)
+include $(LOCAL_PATH)/update_and_install_ld_config.mk
else ifeq ($(_enforce_vndk_lite_at_runtime),true)
# for treblized but VNDK lightly enforced devices
LOCAL_MODULE_STEM := ld.config.vndk_lite.txt
include $(BUILD_SYSTEM)/base_rules.mk
-$(eval $(call update_and_install_ld_config,\
- $(LOCAL_PATH)/etc/ld.config.vndk_lite.txt,\
- $(LOCAL_BUILT_MODULE),\
- $(PLATFORM_VNDK_VERSION),\
- true))
+ld_config_template := $(LOCAL_PATH)/etc/ld.config.vndk_lite.txt
+vndk_version := $(PLATFORM_VNDK_VERSION)
+libz_is_llndk := true
+include $(LOCAL_PATH)/update_and_install_ld_config.mk
else
@@ -290,6 +228,37 @@
endif # ifeq ($(_enforce_vndk_at_runtime),true)
+# ld.config.txt for VNDK versions older than PLATFORM_VNDK_VERSION
+# are built with the VNDK libraries lists under /prebuilts/vndk.
+#
+# ld.config.$(VER).txt is built and installed for all VNDK versions
+# listed in PRODUCT_EXTRA_VNDK_VERSIONS.
+#
+# $(1): VNDK version
+define build_versioned_ld_config
+include $(CLEAR_VARS)
+LOCAL_MODULE := ld.config.$(1).txt
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)
+LOCAL_MODULE_STEM := $$(LOCAL_MODULE)
+include $(BUILD_SYSTEM)/base_rules.mk
+ld_config_template := $(LOCAL_PATH)/etc/ld.config.txt
+vndk_version := $(1)
+lib_list_from_prebuilts := true
+include $(LOCAL_PATH)/update_and_install_ld_config.mk
+endef
+
+# For VNDK snapshot versions prior to 28, ld.config.txt is installed from the
+# prebuilt under /prebuilts/vndk
+vndk_snapshots := $(wildcard prebuilts/vndk/*)
+supported_vndk_snapshot_versions := \
+ $(strip $(foreach ver,$(patsubst prebuilts/vndk/v%,%,$(vndk_snapshots)),\
+ $(if $(call math_gt_or_eq,$(ver),28),$(ver),)))
+$(eval $(foreach ver,$(supported_vndk_snapshot_versions),\
+ $(call build_versioned_ld_config,$(ver))))
+
+vndk_snapshots :=
+supported_vndk_snapshot_versions :=
#######################################
# ld.config.vndk_lite.txt
@@ -304,11 +273,10 @@
LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)
LOCAL_MODULE_STEM := $(LOCAL_MODULE)
include $(BUILD_SYSTEM)/base_rules.mk
-$(eval $(call update_and_install_ld_config,\
- $(LOCAL_PATH)/etc/ld.config.vndk_lite.txt,\
- $(LOCAL_BUILT_MODULE),\
- $(PLATFORM_VNDK_VERSION),\
- true))
+ld_config_template := $(LOCAL_PATH)/etc/ld.config.vndk_lite.txt
+vndk_version := $(PLATFORM_VNDK_VERSION)
+libz_is_llndk := true
+include $(LOCAL_PATH)/update_and_install_ld_config.mk
endif # ifeq ($(_enforce_vndk_lite_at_runtime),false)
diff --git a/rootdir/update_and_install_ld_config.mk b/rootdir/update_and_install_ld_config.mk
new file mode 100644
index 0000000..1b42c32
--- /dev/null
+++ b/rootdir/update_and_install_ld_config.mk
@@ -0,0 +1,125 @@
+#####################################################################
+# Builds linker config file, ld.config.txt, from the specified template
+# under $(LOCAL_PATH)/etc/*.
+#
+# Inputs:
+# (expected to follow an include of $(BUILD_SYSTEM)/base_rules.mk)
+# ld_config_template: template linker config file to use,
+# e.g. $(LOCAL_PATH)/etc/ld.config.txt
+# vndk_version: version of the VNDK library lists used to update the
+# template linker config file, e.g. 28
+# lib_list_from_prebuilts: should be set to 'true' if the VNDK library
+# lists should be read from /prebuilts/vndk/*
+# libz_is_llndk: should be set to 'true' if libz must be included in
+# llndk and not in vndk-sp
+# Outputs:
+# Builds and installs ld.config.$VER.txt or ld.config.vndk_lite.txt
+#####################################################################
+
+# Read inputs
+ld_config_template := $(strip $(ld_config_template))
+vndk_version := $(strip $(vndk_version))
+lib_list_from_prebuilts := $(strip $(lib_list_from_prebuilts))
+libz_is_llndk := $(strip $(libz_is_llndk))
+
+intermediates_dir := $(call intermediates-dir-for,ETC,$(LOCAL_MODULE))
+library_lists_dir := $(intermediates_dir)
+ifeq ($(lib_list_from_prebuilts),true)
+ library_lists_dir := prebuilts/vndk/v$(vndk_version)/$(TARGET_ARCH)/configs
+endif
+
+llndk_libraries_file := $(library_lists_dir)/llndk.libraries.$(vndk_version).txt
+vndksp_libraries_file := $(library_lists_dir)/vndksp.libraries.$(vndk_version).txt
+vndkcore_libraries_file := $(library_lists_dir)/vndkcore.libraries.txt
+vndkprivate_libraries_file := $(library_lists_dir)/vndkprivate.libraries.txt
+
+sanitizer_runtime_libraries := $(call normalize-path-list,$(addsuffix .so,\
+ $(ADDRESS_SANITIZER_RUNTIME_LIBRARY) \
+ $(UBSAN_RUNTIME_LIBRARY) \
+ $(TSAN_RUNTIME_LIBRARY) \
+ $(2ND_ADDRESS_SANITIZER_RUNTIME_LIBRARY) \
+ $(2ND_UBSAN_RUNTIME_LIBRARY) \
+ $(2ND_TSAN_RUNTIME_LIBRARY)))
+# If BOARD_VNDK_VERSION is not defined, VNDK version suffix will not be used.
+vndk_version_suffix := $(if $(vndk_version),-$(vndk_version))
+
+ifneq ($(lib_list_from_prebuilts),true)
+ifeq ($(libz_is_llndk),true)
+ llndk_libraries_list := $(LLNDK_LIBRARIES) libz
+ vndksp_libraries_list := $(filter-out libz,$(VNDK_SAMEPROCESS_LIBRARIES))
+else
+ llndk_libraries_list := $(LLNDK_LIBRARIES)
+ vndksp_libraries_list := $(VNDK_SAMEPROCESS_LIBRARIES)
+endif
+
+# $(1): list of libraries
+# $(2): output file to write the list of libraries to
+define write-libs-to-file
+$(2): PRIVATE_LIBRARIES := $(1)
+$(2):
+ echo -n > $$@ && $$(foreach lib,$$(PRIVATE_LIBRARIES),echo $$(lib).so >> $$@;)
+endef
+$(eval $(call write-libs-to-file,$(llndk_libraries_list),$(llndk_libraries_file)))
+$(eval $(call write-libs-to-file,$(vndksp_libraries_list),$(vndksp_libraries_file)))
+$(eval $(call write-libs-to-file,$(VNDK_CORE_LIBRARIES),$(vndkcore_libraries_file)))
+$(eval $(call write-libs-to-file,$(VNDK_PRIVATE_LIBRARIES),$(vndkprivate_libraries_file)))
+endif # ifneq ($(lib_list_from_prebuilts),true)
+
+# Given a file with a list of libs, filter-out the VNDK private libraries
+# and write resulting list to a new file in "a:b:c" format
+#
+# $(1): libs file from which to filter-out VNDK private libraries
+# $(2): output file with the filtered list of lib names
+$(LOCAL_BUILT_MODULE): private-filter-out-private-libs = \
+ paste -sd ":" $(1) > $(2) && \
+ cat $(PRIVATE_VNDK_PRIVATE_LIBRARIES_FILE) | xargs -n 1 -I privatelib bash -c "sed -i.bak 's/privatelib//' $(2)" && \
+ sed -i.bak -e 's/::\+/:/g ; s/^:\+// ; s/:\+$$//' $(2) && \
+ rm -f $(2).bak
+$(LOCAL_BUILT_MODULE): PRIVATE_LLNDK_LIBRARIES_FILE := $(llndk_libraries_file)
+$(LOCAL_BUILT_MODULE): PRIVATE_VNDK_SP_LIBRARIES_FILE := $(vndksp_libraries_file)
+$(LOCAL_BUILT_MODULE): PRIVATE_VNDK_CORE_LIBRARIES_FILE := $(vndkcore_libraries_file)
+$(LOCAL_BUILT_MODULE): PRIVATE_VNDK_PRIVATE_LIBRARIES_FILE := $(vndkprivate_libraries_file)
+$(LOCAL_BUILT_MODULE): PRIVATE_SANITIZER_RUNTIME_LIBRARIES := $(sanitizer_runtime_libraries)
+$(LOCAL_BUILT_MODULE): PRIVATE_VNDK_VERSION_SUFFIX := $(vndk_version_suffix)
+$(LOCAL_BUILT_MODULE): PRIVATE_INTERMEDIATES_DIR := $(intermediates_dir)
+deps := $(llndk_libraries_file) $(vndksp_libraries_file) $(vndkcore_libraries_file) \
+ $(vndkprivate_libraries_file)
+
+$(LOCAL_BUILT_MODULE): $(ld_config_template) $(deps)
+ @echo "Generate: $< -> $@"
+ @mkdir -p $(dir $@)
+ $(call private-filter-out-private-libs,$(PRIVATE_LLNDK_LIBRARIES_FILE),$(PRIVATE_INTERMEDIATES_DIR)/llndk_filtered)
+ $(hide) sed -e "s?%LLNDK_LIBRARIES%?$$(cat $(PRIVATE_INTERMEDIATES_DIR)/llndk_filtered)?g" $< >$@
+ $(call private-filter-out-private-libs,$(PRIVATE_VNDK_SP_LIBRARIES_FILE),$(PRIVATE_INTERMEDIATES_DIR)/vndksp_filtered)
+ $(hide) sed -i.bak -e "s?%VNDK_SAMEPROCESS_LIBRARIES%?$$(cat $(PRIVATE_INTERMEDIATES_DIR)/vndksp_filtered)?g" $@
+ $(call private-filter-out-private-libs,$(PRIVATE_VNDK_CORE_LIBRARIES_FILE),$(PRIVATE_INTERMEDIATES_DIR)/vndkcore_filtered)
+ $(hide) sed -i.bak -e "s?%VNDK_CORE_LIBRARIES%?$$(cat $(PRIVATE_INTERMEDIATES_DIR)/vndkcore_filtered)?g" $@
+
+ $(hide) echo -n > $(PRIVATE_INTERMEDIATES_DIR)/private_llndk && \
+ cat $(PRIVATE_VNDK_PRIVATE_LIBRARIES_FILE) | \
+ xargs -n 1 -I privatelib bash -c "(grep privatelib $(PRIVATE_LLNDK_LIBRARIES_FILE) || true) >> $(PRIVATE_INTERMEDIATES_DIR)/private_llndk" && \
+ paste -sd ":" $(PRIVATE_INTERMEDIATES_DIR)/private_llndk | \
+ sed -i.bak -e "s?%PRIVATE_LLNDK_LIBRARIES%?$$(cat -)?g" $@
+
+ $(hide) sed -i.bak -e 's?%SANITIZER_RUNTIME_LIBRARIES%?$(PRIVATE_SANITIZER_RUNTIME_LIBRARIES)?g' $@
+ $(hide) sed -i.bak -e 's?%VNDK_VER%?$(PRIVATE_VNDK_VERSION_SUFFIX)?g' $@
+ $(hide) sed -i.bak -e 's?%PRODUCT%?$(TARGET_COPY_OUT_PRODUCT)?g' $@
+ $(hide) sed -i.bak -e 's?%PRODUCTSERVICES%?$(TARGET_COPY_OUT_PRODUCTSERVICES)?g' $@
+ $(hide) rm -f $@.bak
+
+ld_config_template :=
+vndk_version :=
+lib_list_from_prebuilts :=
+libz_is_llndk :=
+intermediates_dir :=
+library_lists_dir :=
+llndk_libraries_file :=
+vndksp_libraries_file :=
+vndkcore_libraries_file :=
+vndkprivate_libraries_file :=
+deps :=
+sanitizer_runtime_libraries :=
+vndk_version_suffix :=
+llndk_libraries_list :=
+vndksp_libraries_list :=
+write-libs-to-file :=
diff --git a/trusty/keymaster/3.0/TrustyKeymaster3Device.cpp b/trusty/keymaster/3.0/TrustyKeymaster3Device.cpp
new file mode 100644
index 0000000..8e3b3b1
--- /dev/null
+++ b/trusty/keymaster/3.0/TrustyKeymaster3Device.cpp
@@ -0,0 +1,448 @@
+/*
+ **
+ ** Copyright 2018, The Android Open Source Project
+ **
+ ** Licensed under the Apache License, Version 2.0 (the "License");
+ ** you may not use this file except in compliance with the License.
+ ** You may obtain a copy of the License at
+ **
+ ** http://www.apache.org/licenses/LICENSE-2.0
+ **
+ ** Unless required by applicable law or agreed to in writing, software
+ ** distributed under the License is distributed on an "AS IS" BASIS,
+ ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ** See the License for the specific language governing permissions and
+ ** limitations under the License.
+ */
+
+#define LOG_TAG "android.hardware.keymaster@3.0-impl.trusty"
+
+#include <authorization_set.h>
+#include <cutils/log.h>
+#include <keymaster/android_keymaster_messages.h>
+#include <trusty_keymaster/TrustyKeymaster3Device.h>
+
+using ::keymaster::AbortOperationRequest;
+using ::keymaster::AbortOperationResponse;
+using ::keymaster::AddEntropyRequest;
+using ::keymaster::AddEntropyResponse;
+using ::keymaster::AttestKeyRequest;
+using ::keymaster::AttestKeyResponse;
+using ::keymaster::AuthorizationSet;
+using ::keymaster::BeginOperationRequest;
+using ::keymaster::BeginOperationResponse;
+using ::keymaster::ExportKeyRequest;
+using ::keymaster::ExportKeyResponse;
+using ::keymaster::FinishOperationRequest;
+using ::keymaster::FinishOperationResponse;
+using ::keymaster::GenerateKeyRequest;
+using ::keymaster::GenerateKeyResponse;
+using ::keymaster::GetKeyCharacteristicsRequest;
+using ::keymaster::GetKeyCharacteristicsResponse;
+using ::keymaster::ImportKeyRequest;
+using ::keymaster::ImportKeyResponse;
+using ::keymaster::UpdateOperationRequest;
+using ::keymaster::UpdateOperationResponse;
+using ::keymaster::ng::Tag;
+
+namespace keymaster {
+
+namespace {
+
+inline keymaster_tag_t legacy_enum_conversion(const Tag value) {
+ return keymaster_tag_t(value);
+}
+inline Tag legacy_enum_conversion(const keymaster_tag_t value) {
+ return Tag(value);
+}
+inline keymaster_purpose_t legacy_enum_conversion(const KeyPurpose value) {
+ return keymaster_purpose_t(value);
+}
+inline keymaster_key_format_t legacy_enum_conversion(const KeyFormat value) {
+ return keymaster_key_format_t(value);
+}
+inline ErrorCode legacy_enum_conversion(const keymaster_error_t value) {
+ return ErrorCode(value);
+}
+
+inline keymaster_tag_type_t typeFromTag(const keymaster_tag_t tag) {
+ return keymaster_tag_get_type(tag);
+}
+
+class KmParamSet : public keymaster_key_param_set_t {
+ public:
+ KmParamSet(const hidl_vec<KeyParameter>& keyParams) {
+ params = new keymaster_key_param_t[keyParams.size()];
+ length = keyParams.size();
+ for (size_t i = 0; i < keyParams.size(); ++i) {
+ auto tag = legacy_enum_conversion(keyParams[i].tag);
+ switch (typeFromTag(tag)) {
+ case KM_ENUM:
+ case KM_ENUM_REP:
+ params[i] = keymaster_param_enum(tag, keyParams[i].f.integer);
+ break;
+ case KM_UINT:
+ case KM_UINT_REP:
+ params[i] = keymaster_param_int(tag, keyParams[i].f.integer);
+ break;
+ case KM_ULONG:
+ case KM_ULONG_REP:
+ params[i] = keymaster_param_long(tag, keyParams[i].f.longInteger);
+ break;
+ case KM_DATE:
+ params[i] = keymaster_param_date(tag, keyParams[i].f.dateTime);
+ break;
+ case KM_BOOL:
+ if (keyParams[i].f.boolValue)
+ params[i] = keymaster_param_bool(tag);
+ else
+ params[i].tag = KM_TAG_INVALID;
+ break;
+ case KM_BIGNUM:
+ case KM_BYTES:
+ params[i] = keymaster_param_blob(tag, &keyParams[i].blob[0],
+ keyParams[i].blob.size());
+ break;
+ case KM_INVALID:
+ default:
+ params[i].tag = KM_TAG_INVALID;
+ /* just skip */
+ break;
+ }
+ }
+ }
+ KmParamSet(KmParamSet&& other) : keymaster_key_param_set_t{other.params, other.length} {
+ other.length = 0;
+ other.params = nullptr;
+ }
+ KmParamSet(const KmParamSet&) = delete;
+ ~KmParamSet() { delete[] params; }
+};
+
+inline hidl_vec<uint8_t> kmBlob2hidlVec(const keymaster_key_blob_t& blob) {
+ hidl_vec<uint8_t> result;
+ result.setToExternal(const_cast<unsigned char*>(blob.key_material), blob.key_material_size);
+ return result;
+}
+
+inline hidl_vec<uint8_t> kmBlob2hidlVec(const keymaster_blob_t& blob) {
+ hidl_vec<uint8_t> result;
+ result.setToExternal(const_cast<unsigned char*>(blob.data), blob.data_length);
+ return result;
+}
+
+inline hidl_vec<uint8_t> kmBuffer2hidlVec(const ::keymaster::Buffer& buf) {
+ hidl_vec<uint8_t> result;
+ result.setToExternal(const_cast<unsigned char*>(buf.peek_read()), buf.available_read());
+ return result;
+}
+
+inline static hidl_vec<hidl_vec<uint8_t>> kmCertChain2Hidl(
+ const keymaster_cert_chain_t& cert_chain) {
+ hidl_vec<hidl_vec<uint8_t>> result;
+ if (!cert_chain.entry_count || !cert_chain.entries) return result;
+
+ result.resize(cert_chain.entry_count);
+ for (size_t i = 0; i < cert_chain.entry_count; ++i) {
+ result[i] = kmBlob2hidlVec(cert_chain.entries[i]);
+ }
+
+ return result;
+}
+
+static inline hidl_vec<KeyParameter> kmParamSet2Hidl(const keymaster_key_param_set_t& set) {
+ hidl_vec<KeyParameter> result;
+ if (set.length == 0 || set.params == nullptr) return result;
+
+ result.resize(set.length);
+ keymaster_key_param_t* params = set.params;
+ for (size_t i = 0; i < set.length; ++i) {
+ auto tag = params[i].tag;
+ result[i].tag = legacy_enum_conversion(tag);
+ switch (typeFromTag(tag)) {
+ case KM_ENUM:
+ case KM_ENUM_REP:
+ result[i].f.integer = params[i].enumerated;
+ break;
+ case KM_UINT:
+ case KM_UINT_REP:
+ result[i].f.integer = params[i].integer;
+ break;
+ case KM_ULONG:
+ case KM_ULONG_REP:
+ result[i].f.longInteger = params[i].long_integer;
+ break;
+ case KM_DATE:
+ result[i].f.dateTime = params[i].date_time;
+ break;
+ case KM_BOOL:
+ result[i].f.boolValue = params[i].boolean;
+ break;
+ case KM_BIGNUM:
+ case KM_BYTES:
+ result[i].blob.setToExternal(const_cast<unsigned char*>(params[i].blob.data),
+ params[i].blob.data_length);
+ break;
+ case KM_INVALID:
+ default:
+ params[i].tag = KM_TAG_INVALID;
+ /* just skip */
+ break;
+ }
+ }
+ return result;
+}
+
+void addClientAndAppData(const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData,
+ ::keymaster::AuthorizationSet* params) {
+ params->Clear();
+ if (clientId.size()) {
+ params->push_back(::keymaster::TAG_APPLICATION_ID, clientId.data(), clientId.size());
+ }
+ if (appData.size()) {
+ params->push_back(::keymaster::TAG_APPLICATION_DATA, appData.data(), appData.size());
+ }
+}
+
+} // anonymous namespace
+
+TrustyKeymaster3Device::TrustyKeymaster3Device(TrustyKeymaster* impl) : impl_(impl) {}
+
+TrustyKeymaster3Device::~TrustyKeymaster3Device() {}
+
+Return<void> TrustyKeymaster3Device::getHardwareFeatures(getHardwareFeatures_cb _hidl_cb) {
+ _hidl_cb(true /* is_secure */, true /* supports_ec */,
+ true /* supports_symmetric_cryptography */, true /* supports_attestation */,
+ true /* supportsAllDigests */, "TrustyKeymaster", "Google");
+ return Void();
+}
+
+Return<ErrorCode> TrustyKeymaster3Device::addRngEntropy(const hidl_vec<uint8_t>& data) {
+ if (data.size() == 0) return ErrorCode::OK;
+ AddEntropyRequest request;
+ request.random_data.Reinitialize(data.data(), data.size());
+
+ AddEntropyResponse response;
+ impl_->AddRngEntropy(request, &response);
+
+ return legacy_enum_conversion(response.error);
+}
+
+Return<void> TrustyKeymaster3Device::generateKey(const hidl_vec<KeyParameter>& keyParams,
+ generateKey_cb _hidl_cb) {
+ GenerateKeyRequest request;
+ request.key_description.Reinitialize(KmParamSet(keyParams));
+
+ GenerateKeyResponse response;
+ impl_->GenerateKey(request, &response);
+
+ KeyCharacteristics resultCharacteristics;
+ hidl_vec<uint8_t> resultKeyBlob;
+ if (response.error == KM_ERROR_OK) {
+ resultKeyBlob = kmBlob2hidlVec(response.key_blob);
+ resultCharacteristics.teeEnforced = kmParamSet2Hidl(response.enforced);
+ resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
+ }
+ _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob, resultCharacteristics);
+ return Void();
+}
+
+Return<void> TrustyKeymaster3Device::getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
+ const hidl_vec<uint8_t>& clientId,
+ const hidl_vec<uint8_t>& appData,
+ getKeyCharacteristics_cb _hidl_cb) {
+ GetKeyCharacteristicsRequest request;
+ request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
+ addClientAndAppData(clientId, appData, &request.additional_params);
+
+ GetKeyCharacteristicsResponse response;
+ impl_->GetKeyCharacteristics(request, &response);
+
+ KeyCharacteristics resultCharacteristics;
+ if (response.error == KM_ERROR_OK) {
+ resultCharacteristics.teeEnforced = kmParamSet2Hidl(response.enforced);
+ resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
+ }
+ _hidl_cb(legacy_enum_conversion(response.error), resultCharacteristics);
+ return Void();
+}
+
+Return<void> TrustyKeymaster3Device::importKey(const hidl_vec<KeyParameter>& params,
+ KeyFormat keyFormat,
+ const hidl_vec<uint8_t>& keyData,
+ importKey_cb _hidl_cb) {
+ ImportKeyRequest request;
+ request.key_description.Reinitialize(KmParamSet(params));
+ request.key_format = legacy_enum_conversion(keyFormat);
+ request.SetKeyMaterial(keyData.data(), keyData.size());
+
+ ImportKeyResponse response;
+ impl_->ImportKey(request, &response);
+
+ KeyCharacteristics resultCharacteristics;
+ hidl_vec<uint8_t> resultKeyBlob;
+ if (response.error == KM_ERROR_OK) {
+ resultKeyBlob = kmBlob2hidlVec(response.key_blob);
+ resultCharacteristics.teeEnforced = kmParamSet2Hidl(response.enforced);
+ resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
+ }
+ _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob, resultCharacteristics);
+ return Void();
+}
+
+Return<void> TrustyKeymaster3Device::exportKey(KeyFormat exportFormat,
+ const hidl_vec<uint8_t>& keyBlob,
+ const hidl_vec<uint8_t>& clientId,
+ const hidl_vec<uint8_t>& appData,
+ exportKey_cb _hidl_cb) {
+ ExportKeyRequest request;
+ request.key_format = legacy_enum_conversion(exportFormat);
+ request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
+ addClientAndAppData(clientId, appData, &request.additional_params);
+
+ ExportKeyResponse response;
+ impl_->ExportKey(request, &response);
+
+ hidl_vec<uint8_t> resultKeyBlob;
+ if (response.error == KM_ERROR_OK) {
+ resultKeyBlob.setToExternal(response.key_data, response.key_data_length);
+ }
+ _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob);
+ return Void();
+}
+
+Return<void> TrustyKeymaster3Device::attestKey(const hidl_vec<uint8_t>& keyToAttest,
+ const hidl_vec<KeyParameter>& attestParams,
+ attestKey_cb _hidl_cb) {
+ AttestKeyRequest request;
+ request.SetKeyMaterial(keyToAttest.data(), keyToAttest.size());
+ request.attest_params.Reinitialize(KmParamSet(attestParams));
+
+ AttestKeyResponse response;
+ impl_->AttestKey(request, &response);
+
+ hidl_vec<hidl_vec<uint8_t>> resultCertChain;
+ if (response.error == KM_ERROR_OK) {
+ resultCertChain = kmCertChain2Hidl(response.certificate_chain);
+ }
+ _hidl_cb(legacy_enum_conversion(response.error), resultCertChain);
+ return Void();
+}
+
+Return<void> TrustyKeymaster3Device::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
+ const hidl_vec<KeyParameter>& upgradeParams,
+ upgradeKey_cb _hidl_cb) {
+ UpgradeKeyRequest request;
+ request.SetKeyMaterial(keyBlobToUpgrade.data(), keyBlobToUpgrade.size());
+ request.upgrade_params.Reinitialize(KmParamSet(upgradeParams));
+
+ UpgradeKeyResponse response;
+ impl_->UpgradeKey(request, &response);
+
+ if (response.error == KM_ERROR_OK) {
+ _hidl_cb(ErrorCode::OK, kmBlob2hidlVec(response.upgraded_key));
+ } else {
+ _hidl_cb(legacy_enum_conversion(response.error), hidl_vec<uint8_t>());
+ }
+ return Void();
+}
+
+Return<ErrorCode> TrustyKeymaster3Device::deleteKey(const hidl_vec<uint8_t>& keyBlob) {
+ DeleteKeyRequest request;
+ request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
+
+ DeleteKeyResponse response;
+ impl_->DeleteKey(request, &response);
+
+ return legacy_enum_conversion(response.error);
+}
+
+Return<ErrorCode> TrustyKeymaster3Device::deleteAllKeys() {
+ DeleteAllKeysRequest request;
+ DeleteAllKeysResponse response;
+ impl_->DeleteAllKeys(request, &response);
+
+ return legacy_enum_conversion(response.error);
+}
+
+Return<ErrorCode> TrustyKeymaster3Device::destroyAttestationIds() {
+ return ErrorCode::UNIMPLEMENTED;
+}
+
+Return<void> TrustyKeymaster3Device::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
+ const hidl_vec<KeyParameter>& inParams,
+ begin_cb _hidl_cb) {
+ BeginOperationRequest request;
+ request.purpose = legacy_enum_conversion(purpose);
+ request.SetKeyMaterial(key.data(), key.size());
+ request.additional_params.Reinitialize(KmParamSet(inParams));
+
+ BeginOperationResponse response;
+ impl_->BeginOperation(request, &response);
+
+ hidl_vec<KeyParameter> resultParams;
+ if (response.error == KM_ERROR_OK) {
+ resultParams = kmParamSet2Hidl(response.output_params);
+ }
+
+ _hidl_cb(legacy_enum_conversion(response.error), resultParams, response.op_handle);
+ return Void();
+}
+
+Return<void> TrustyKeymaster3Device::update(uint64_t operationHandle,
+ const hidl_vec<KeyParameter>& inParams,
+ const hidl_vec<uint8_t>& input, update_cb _hidl_cb) {
+ UpdateOperationRequest request;
+ request.op_handle = operationHandle;
+ request.input.Reinitialize(input.data(), input.size());
+ request.additional_params.Reinitialize(KmParamSet(inParams));
+
+ UpdateOperationResponse response;
+ impl_->UpdateOperation(request, &response);
+
+ uint32_t resultConsumed = 0;
+ hidl_vec<KeyParameter> resultParams;
+ hidl_vec<uint8_t> resultBlob;
+ if (response.error == KM_ERROR_OK) {
+ resultConsumed = response.input_consumed;
+ resultParams = kmParamSet2Hidl(response.output_params);
+ resultBlob = kmBuffer2hidlVec(response.output);
+ }
+ _hidl_cb(legacy_enum_conversion(response.error), resultConsumed, resultParams, resultBlob);
+ return Void();
+}
+
+Return<void> TrustyKeymaster3Device::finish(uint64_t operationHandle,
+ const hidl_vec<KeyParameter>& inParams,
+ const hidl_vec<uint8_t>& input,
+ const hidl_vec<uint8_t>& signature,
+ finish_cb _hidl_cb) {
+ FinishOperationRequest request;
+ request.op_handle = operationHandle;
+ request.input.Reinitialize(input.data(), input.size());
+ request.signature.Reinitialize(signature.data(), signature.size());
+ request.additional_params.Reinitialize(KmParamSet(inParams));
+
+ FinishOperationResponse response;
+ impl_->FinishOperation(request, &response);
+
+ hidl_vec<KeyParameter> resultParams;
+ hidl_vec<uint8_t> resultBlob;
+ if (response.error == KM_ERROR_OK) {
+ resultParams = kmParamSet2Hidl(response.output_params);
+ resultBlob = kmBuffer2hidlVec(response.output);
+ }
+ _hidl_cb(legacy_enum_conversion(response.error), resultParams, resultBlob);
+ return Void();
+}
+
+Return<ErrorCode> TrustyKeymaster3Device::abort(uint64_t operationHandle) {
+ AbortOperationRequest request;
+ request.op_handle = operationHandle;
+
+ AbortOperationResponse response;
+ impl_->AbortOperation(request, &response);
+
+ return legacy_enum_conversion(response.error);
+}
+} // namespace keymaster
diff --git a/trusty/keymaster/3.0/android.hardware.keymaster@3.0-service.trusty.rc b/trusty/keymaster/3.0/android.hardware.keymaster@3.0-service.trusty.rc
new file mode 100644
index 0000000..e9d3054
--- /dev/null
+++ b/trusty/keymaster/3.0/android.hardware.keymaster@3.0-service.trusty.rc
@@ -0,0 +1,4 @@
+service vendor.keymaster-3-0 /vendor/bin/hw/android.hardware.keymaster@3.0-service.trusty
+ class early_hal
+ user nobody
+ group system drmrpc
diff --git a/trusty/keymaster/3.0/service.cpp b/trusty/keymaster/3.0/service.cpp
new file mode 100644
index 0000000..0d8436e
--- /dev/null
+++ b/trusty/keymaster/3.0/service.cpp
@@ -0,0 +1,43 @@
+/*
+**
+** Copyright 2018, The Android Open Source Project
+**
+** Licensed under the Apache License, Version 2.0 (the "License");
+** you may not use this file except in compliance with the License.
+** You may obtain a copy of the License at
+**
+** http://www.apache.org/licenses/LICENSE-2.0
+**
+** Unless required by applicable law or agreed to in writing, software
+** distributed under the License is distributed on an "AS IS" BASIS,
+** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+** See the License for the specific language governing permissions and
+** limitations under the License.
+*/
+
+#include <android-base/logging.h>
+#include <android/hardware/keymaster/3.0/IKeymasterDevice.h>
+#include <hidl/HidlTransportSupport.h>
+#include <trusty_keymaster/TrustyKeymaster.h>
+#include <trusty_keymaster/TrustyKeymaster3Device.h>
+
+int main() {
+ ::android::hardware::configureRpcThreadpool(1, true);
+ auto trustyKeymaster = new keymaster::TrustyKeymaster();
+ int err = trustyKeymaster->Initialize();
+ if (err != 0) {
+ LOG(FATAL) << "Could not initialize TrustyKeymaster (" << err << ")";
+ return -1;
+ }
+
+ auto keymaster = new ::keymaster::TrustyKeymaster3Device(trustyKeymaster);
+
+ auto status = keymaster->registerAsService();
+ if (status != android::OK) {
+ LOG(FATAL) << "Could not register service for Keymaster 3.0 (" << status << ")";
+ return -1;
+ }
+
+ android::hardware::joinRpcThreadpool();
+ return -1; // Should never get here.
+}
diff --git a/trusty/keymaster/Android.bp b/trusty/keymaster/Android.bp
index 899f8a3..819851f 100644
--- a/trusty/keymaster/Android.bp
+++ b/trusty/keymaster/Android.bp
@@ -27,14 +27,17 @@
name: "trusty_keymaster_tipc",
vendor: true,
srcs: [
- "trusty_keymaster_device.cpp",
- "trusty_keymaster_ipc.cpp",
- "trusty_keymaster_main.cpp",
+ "ipc/trusty_keymaster_ipc.cpp",
+ "legacy/trusty_keymaster_device.cpp",
+ "legacy/trusty_keymaster_main.cpp",
],
cflags: [
"-Wall",
"-Werror",
],
+
+ local_include_dirs: ["include"],
+
shared_libs: [
"libcrypto",
"libcutils",
@@ -52,9 +55,9 @@
vendor: true,
relative_install_path: "hw",
srcs: [
- "module.cpp",
- "trusty_keymaster_ipc.cpp",
- "trusty_keymaster_device.cpp",
+ "ipc/trusty_keymaster_ipc.cpp",
+ "legacy/module.cpp",
+ "legacy/trusty_keymaster_device.cpp",
],
cflags: [
@@ -63,6 +66,8 @@
"-Werror",
],
+ local_include_dirs: ["include"],
+
shared_libs: [
"libcrypto",
"libkeymaster_messages",
@@ -72,3 +77,34 @@
],
header_libs: ["libhardware_headers"],
}
+
+cc_binary {
+ name: "android.hardware.keymaster@3.0-service.trusty",
+ defaults: ["hidl_defaults"],
+ relative_install_path: "hw",
+ vendor: true,
+ init_rc: ["3.0/android.hardware.keymaster@3.0-service.trusty.rc"],
+ srcs: [
+ "3.0/service.cpp",
+ "3.0/TrustyKeymaster3Device.cpp",
+ "ipc/trusty_keymaster_ipc.cpp",
+ "TrustyKeymaster.cpp",
+ ],
+
+ local_include_dirs: ["include"],
+
+ shared_libs: [
+ "liblog",
+ "libcutils",
+ "libdl",
+ "libbase",
+ "libutils",
+ "libhardware",
+ "libhidlbase",
+ "libhidltransport",
+ "libtrusty",
+ "libkeymaster_messages",
+ "libkeymaster3device",
+ "android.hardware.keymaster@3.0"
+ ],
+}
diff --git a/trusty/keymaster/TrustyKeymaster.cpp b/trusty/keymaster/TrustyKeymaster.cpp
new file mode 100644
index 0000000..7f5e87f
--- /dev/null
+++ b/trusty/keymaster/TrustyKeymaster.cpp
@@ -0,0 +1,196 @@
+/*
+ * Copyright 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <cutils/log.h>
+#include <keymaster/android_keymaster_messages.h>
+#include <keymaster/keymaster_configuration.h>
+#include <trusty_keymaster/TrustyKeymaster.h>
+#include <trusty_keymaster/ipc/trusty_keymaster_ipc.h>
+
+namespace keymaster {
+
+int TrustyKeymaster::Initialize() {
+ int err;
+
+ err = trusty_keymaster_connect();
+ if (err) {
+ ALOGE("Failed to connect to trusty keymaster %d", err);
+ return err;
+ }
+
+ ConfigureRequest req;
+ req.os_version = GetOsVersion();
+ req.os_patchlevel = GetOsPatchlevel();
+
+ ConfigureResponse rsp;
+ Configure(req, &rsp);
+
+ if (rsp.error != KM_ERROR_OK) {
+ ALOGE("Failed to configure keymaster %d", rsp.error);
+ return -1;
+ }
+
+ return 0;
+}
+
+TrustyKeymaster::TrustyKeymaster() {}
+
+TrustyKeymaster::~TrustyKeymaster() {
+ trusty_keymaster_disconnect();
+}
+
+static void ForwardCommand(enum keymaster_command command, const Serializable& req,
+ KeymasterResponse* rsp) {
+ keymaster_error_t err;
+ err = trusty_keymaster_send(command, req, rsp);
+ if (err != KM_ERROR_OK) {
+ ALOGE("Failed to send cmd %d err: %d", command, err);
+ rsp->error = err;
+ }
+}
+
+void TrustyKeymaster::GetVersion(const GetVersionRequest& request, GetVersionResponse* response) {
+ ForwardCommand(KM_GET_VERSION, request, response);
+}
+
+void TrustyKeymaster::SupportedAlgorithms(const SupportedAlgorithmsRequest& request,
+ SupportedAlgorithmsResponse* response) {
+ ForwardCommand(KM_GET_SUPPORTED_ALGORITHMS, request, response);
+}
+
+void TrustyKeymaster::SupportedBlockModes(const SupportedBlockModesRequest& request,
+ SupportedBlockModesResponse* response) {
+ ForwardCommand(KM_GET_SUPPORTED_BLOCK_MODES, request, response);
+}
+
+void TrustyKeymaster::SupportedPaddingModes(const SupportedPaddingModesRequest& request,
+ SupportedPaddingModesResponse* response) {
+ ForwardCommand(KM_GET_SUPPORTED_PADDING_MODES, request, response);
+}
+
+void TrustyKeymaster::SupportedDigests(const SupportedDigestsRequest& request,
+ SupportedDigestsResponse* response) {
+ ForwardCommand(KM_GET_SUPPORTED_DIGESTS, request, response);
+}
+
+void TrustyKeymaster::SupportedImportFormats(const SupportedImportFormatsRequest& request,
+ SupportedImportFormatsResponse* response) {
+ ForwardCommand(KM_GET_SUPPORTED_IMPORT_FORMATS, request, response);
+}
+
+void TrustyKeymaster::SupportedExportFormats(const SupportedExportFormatsRequest& request,
+ SupportedExportFormatsResponse* response) {
+ ForwardCommand(KM_GET_SUPPORTED_EXPORT_FORMATS, request, response);
+}
+
+void TrustyKeymaster::AddRngEntropy(const AddEntropyRequest& request,
+ AddEntropyResponse* response) {
+ ForwardCommand(KM_ADD_RNG_ENTROPY, request, response);
+}
+
+void TrustyKeymaster::Configure(const ConfigureRequest& request, ConfigureResponse* response) {
+ ForwardCommand(KM_CONFIGURE, request, response);
+}
+
+void TrustyKeymaster::GenerateKey(const GenerateKeyRequest& request,
+ GenerateKeyResponse* response) {
+ GenerateKeyRequest datedRequest(request.message_version);
+ datedRequest.key_description = request.key_description;
+
+ if (!request.key_description.Contains(TAG_CREATION_DATETIME)) {
+ datedRequest.key_description.push_back(TAG_CREATION_DATETIME, java_time(time(NULL)));
+ }
+
+ ForwardCommand(KM_GENERATE_KEY, datedRequest, response);
+}
+
+void TrustyKeymaster::GetKeyCharacteristics(const GetKeyCharacteristicsRequest& request,
+ GetKeyCharacteristicsResponse* response) {
+ ForwardCommand(KM_GET_KEY_CHARACTERISTICS, request, response);
+}
+
+void TrustyKeymaster::ImportKey(const ImportKeyRequest& request, ImportKeyResponse* response) {
+ ForwardCommand(KM_IMPORT_KEY, request, response);
+}
+
+void TrustyKeymaster::ImportWrappedKey(const ImportWrappedKeyRequest& request,
+ ImportWrappedKeyResponse* response) {
+ ForwardCommand(KM_IMPORT_WRAPPED_KEY, request, response);
+}
+
+void TrustyKeymaster::ExportKey(const ExportKeyRequest& request, ExportKeyResponse* response) {
+ ForwardCommand(KM_EXPORT_KEY, request, response);
+}
+
+void TrustyKeymaster::AttestKey(const AttestKeyRequest& request, AttestKeyResponse* response) {
+ ForwardCommand(KM_ATTEST_KEY, request, response);
+}
+
+void TrustyKeymaster::UpgradeKey(const UpgradeKeyRequest& request, UpgradeKeyResponse* response) {
+ ForwardCommand(KM_UPGRADE_KEY, request, response);
+}
+
+void TrustyKeymaster::DeleteKey(const DeleteKeyRequest& request, DeleteKeyResponse* response) {
+ ForwardCommand(KM_DELETE_KEY, request, response);
+}
+
+void TrustyKeymaster::DeleteAllKeys(const DeleteAllKeysRequest& request,
+ DeleteAllKeysResponse* response) {
+ ForwardCommand(KM_DELETE_ALL_KEYS, request, response);
+}
+
+void TrustyKeymaster::BeginOperation(const BeginOperationRequest& request,
+ BeginOperationResponse* response) {
+ ForwardCommand(KM_BEGIN_OPERATION, request, response);
+}
+
+void TrustyKeymaster::UpdateOperation(const UpdateOperationRequest& request,
+ UpdateOperationResponse* response) {
+ ForwardCommand(KM_UPDATE_OPERATION, request, response);
+}
+
+void TrustyKeymaster::FinishOperation(const FinishOperationRequest& request,
+ FinishOperationResponse* response) {
+ ForwardCommand(KM_FINISH_OPERATION, request, response);
+}
+
+void TrustyKeymaster::AbortOperation(const AbortOperationRequest& request,
+ AbortOperationResponse* response) {
+ ForwardCommand(KM_ABORT_OPERATION, request, response);
+}
+
+/* Methods for Keymaster 4.0 functionality -- not yet implemented */
+GetHmacSharingParametersResponse TrustyKeymaster::GetHmacSharingParameters() {
+ GetHmacSharingParametersResponse response;
+ response.error = KM_ERROR_UNIMPLEMENTED;
+ return response;
+}
+
+ComputeSharedHmacResponse TrustyKeymaster::ComputeSharedHmac(
+ const ComputeSharedHmacRequest& /* request */) {
+ ComputeSharedHmacResponse response;
+ response.error = KM_ERROR_UNIMPLEMENTED;
+ return response;
+}
+
+VerifyAuthorizationResponse TrustyKeymaster::VerifyAuthorization(
+ const VerifyAuthorizationRequest& /* request */) {
+ VerifyAuthorizationResponse response;
+ response.error = KM_ERROR_UNIMPLEMENTED;
+ return response;
+}
+
+} // namespace keymaster
diff --git a/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
new file mode 100644
index 0000000..030b645
--- /dev/null
+++ b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef TRUSTY_KEYMASTER_H_
+#define TRUSTY_KEYMASTER_H_
+
+#include <keymaster/android_keymaster_messages.h>
+
+namespace keymaster {
+
+class TrustyKeymaster {
+ public:
+ TrustyKeymaster();
+ ~TrustyKeymaster();
+ int Initialize();
+ void GetVersion(const GetVersionRequest& request, GetVersionResponse* response);
+ void SupportedAlgorithms(const SupportedAlgorithmsRequest& request,
+ SupportedAlgorithmsResponse* response);
+ void SupportedBlockModes(const SupportedBlockModesRequest& request,
+ SupportedBlockModesResponse* response);
+ void SupportedPaddingModes(const SupportedPaddingModesRequest& request,
+ SupportedPaddingModesResponse* response);
+ void SupportedDigests(const SupportedDigestsRequest& request,
+ SupportedDigestsResponse* response);
+ void SupportedImportFormats(const SupportedImportFormatsRequest& request,
+ SupportedImportFormatsResponse* response);
+ void SupportedExportFormats(const SupportedExportFormatsRequest& request,
+ SupportedExportFormatsResponse* response);
+ void AddRngEntropy(const AddEntropyRequest& request, AddEntropyResponse* response);
+ void Configure(const ConfigureRequest& request, ConfigureResponse* response);
+ void GenerateKey(const GenerateKeyRequest& request, GenerateKeyResponse* response);
+ void GetKeyCharacteristics(const GetKeyCharacteristicsRequest& request,
+ GetKeyCharacteristicsResponse* response);
+ void ImportKey(const ImportKeyRequest& request, ImportKeyResponse* response);
+ void ImportWrappedKey(const ImportWrappedKeyRequest& request,
+ ImportWrappedKeyResponse* response);
+ void ExportKey(const ExportKeyRequest& request, ExportKeyResponse* response);
+ void AttestKey(const AttestKeyRequest& request, AttestKeyResponse* response);
+ void UpgradeKey(const UpgradeKeyRequest& request, UpgradeKeyResponse* response);
+ void DeleteKey(const DeleteKeyRequest& request, DeleteKeyResponse* response);
+ void DeleteAllKeys(const DeleteAllKeysRequest& request, DeleteAllKeysResponse* response);
+ void BeginOperation(const BeginOperationRequest& request, BeginOperationResponse* response);
+ void UpdateOperation(const UpdateOperationRequest& request, UpdateOperationResponse* response);
+ void FinishOperation(const FinishOperationRequest& request, FinishOperationResponse* response);
+ void AbortOperation(const AbortOperationRequest& request, AbortOperationResponse* response);
+ GetHmacSharingParametersResponse GetHmacSharingParameters();
+ ComputeSharedHmacResponse ComputeSharedHmac(const ComputeSharedHmacRequest& request);
+ VerifyAuthorizationResponse VerifyAuthorization(const VerifyAuthorizationRequest& request);
+};
+
+} // namespace keymaster
+
+#endif // TRUSTY_KEYMASTER_H_
diff --git a/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster3Device.h b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster3Device.h
new file mode 100644
index 0000000..6fc79ce
--- /dev/null
+++ b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster3Device.h
@@ -0,0 +1,84 @@
+/*
+ **
+ ** Copyright 2018, The Android Open Source Project
+ **
+ ** Licensed under the Apache License, Version 2.0 (the "License");
+ ** you may not use this file except in compliance with the License.
+ ** You may obtain a copy of the License at
+ **
+ ** http://www.apache.org/licenses/LICENSE-2.0
+ **
+ ** Unless required by applicable law or agreed to in writing, software
+ ** distributed under the License is distributed on an "AS IS" BASIS,
+ ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ** See the License for the specific language governing permissions and
+ ** limitations under the License.
+ */
+
+#ifndef HIDL_android_hardware_keymaster_V3_0_TrustyKeymaster3Device_H_
+#define HIDL_android_hardware_keymaster_V3_0_TrustyKeymaster3Device_H_
+
+#include <android/hardware/keymaster/3.0/IKeymasterDevice.h>
+
+#include <hidl/MQDescriptor.h>
+#include <hidl/Status.h>
+
+#include <trusty_keymaster/TrustyKeymaster.h>
+
+namespace keymaster {
+
+using ::android::sp;
+using ::android::hardware::hidl_string;
+using ::android::hardware::hidl_vec;
+using ::android::hardware::Return;
+using ::android::hardware::Void;
+using ::android::hardware::keymaster::V3_0::ErrorCode;
+using ::android::hardware::keymaster::V3_0::IKeymasterDevice;
+using ::android::hardware::keymaster::V3_0::KeyCharacteristics;
+using ::android::hardware::keymaster::V3_0::KeyFormat;
+using ::android::hardware::keymaster::V3_0::KeyParameter;
+using ::android::hardware::keymaster::V3_0::KeyPurpose;
+
+class TrustyKeymaster3Device : public IKeymasterDevice {
+ public:
+ TrustyKeymaster3Device(TrustyKeymaster* impl);
+ virtual ~TrustyKeymaster3Device();
+
+ Return<void> getHardwareFeatures(getHardwareFeatures_cb _hidl_cb);
+ Return<ErrorCode> addRngEntropy(const hidl_vec<uint8_t>& data) override;
+ Return<void> generateKey(const hidl_vec<KeyParameter>& keyParams,
+ generateKey_cb _hidl_cb) override;
+ Return<void> getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
+ const hidl_vec<uint8_t>& clientId,
+ const hidl_vec<uint8_t>& appData,
+ getKeyCharacteristics_cb _hidl_cb) override;
+ Return<void> importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
+ const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) override;
+ Return<void> exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
+ const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData,
+ exportKey_cb _hidl_cb) override;
+ Return<void> attestKey(const hidl_vec<uint8_t>& keyToAttest,
+ const hidl_vec<KeyParameter>& attestParams,
+ attestKey_cb _hidl_cb) override;
+ Return<void> upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
+ const hidl_vec<KeyParameter>& upgradeParams,
+ upgradeKey_cb _hidl_cb) override;
+ Return<ErrorCode> deleteKey(const hidl_vec<uint8_t>& keyBlob) override;
+ Return<ErrorCode> deleteAllKeys() override;
+ Return<ErrorCode> destroyAttestationIds() override;
+ Return<void> begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
+ const hidl_vec<KeyParameter>& inParams, begin_cb _hidl_cb) override;
+ Return<void> update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
+ const hidl_vec<uint8_t>& input, update_cb _hidl_cb) override;
+ Return<void> finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
+ const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
+ finish_cb _hidl_cb) override;
+ Return<ErrorCode> abort(uint64_t operationHandle) override;
+
+ private:
+ std::unique_ptr<TrustyKeymaster> impl_;
+};
+
+} // namespace keymaster
+
+#endif // HIDL_android_hardware_keymaster_V3_0_TrustyKeymaster3Device_H_
diff --git a/trusty/keymaster/keymaster_ipc.h b/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
similarity index 83%
rename from trusty/keymaster/keymaster_ipc.h
rename to trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
index d63757b..13e6725 100644
--- a/trusty/keymaster/keymaster_ipc.h
+++ b/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
@@ -46,6 +46,13 @@
KM_ATTEST_KEY = (16 << KEYMASTER_REQ_SHIFT),
KM_UPGRADE_KEY = (17 << KEYMASTER_REQ_SHIFT),
KM_CONFIGURE = (18 << KEYMASTER_REQ_SHIFT),
+ KM_GET_HMAC_SHARING_PARAMETERS = (19 << KEYMASTER_REQ_SHIFT),
+ KM_COMPUTE_SHARED_HMAC = (20 << KEYMASTER_REQ_SHIFT),
+ KM_VERIFY_AUTHORIZATION = (21 << KEYMASTER_REQ_SHIFT),
+ KM_DELETE_KEY = (22 << KEYMASTER_REQ_SHIFT),
+ KM_DELETE_ALL_KEYS = (23 << KEYMASTER_REQ_SHIFT),
+ KM_DESTROY_ATTESTATION_IDS = (24 << KEYMASTER_REQ_SHIFT),
+ KM_IMPORT_WRAPPED_KEY = (25 << KEYMASTER_REQ_SHIFT),
};
#ifdef __ANDROID__
diff --git a/trusty/keymaster/trusty_keymaster_ipc.h b/trusty/keymaster/include/trusty_keymaster/ipc/trusty_keymaster_ipc.h
similarity index 66%
rename from trusty/keymaster/trusty_keymaster_ipc.h
rename to trusty/keymaster/include/trusty_keymaster/ipc/trusty_keymaster_ipc.h
index c15f7c1..16207e6 100644
--- a/trusty/keymaster/trusty_keymaster_ipc.h
+++ b/trusty/keymaster/include/trusty_keymaster/ipc/trusty_keymaster_ipc.h
@@ -17,13 +17,24 @@
#ifndef TRUSTY_KEYMASTER_TRUSTY_KEYMASTER_IPC_H_
#define TRUSTY_KEYMASTER_TRUSTY_KEYMASTER_IPC_H_
+#include <keymaster/android_keymaster_messages.h>
+#include <trusty_keymaster/ipc/keymaster_ipc.h>
+
__BEGIN_DECLS
+const uint32_t TRUSTY_KEYMASTER_RECV_BUF_SIZE = 2 * PAGE_SIZE;
+const uint32_t TRUSTY_KEYMASTER_SEND_BUF_SIZE =
+ (PAGE_SIZE - sizeof(struct keymaster_message) - 16 /* tipc header */);
+
int trusty_keymaster_connect(void);
int trusty_keymaster_call(uint32_t cmd, void* in, uint32_t in_size, uint8_t* out,
uint32_t* out_size);
void trusty_keymaster_disconnect(void);
+keymaster_error_t translate_error(int err);
+keymaster_error_t trusty_keymaster_send(uint32_t command, const keymaster::Serializable& req,
+ keymaster::KeymasterResponse* rsp);
+
__END_DECLS
#endif // TRUSTY_KEYMASTER_TRUSTY_KEYMASTER_IPC_H_
diff --git a/trusty/keymaster/trusty_keymaster_device.h b/trusty/keymaster/include/trusty_keymaster/legacy/trusty_keymaster_device.h
similarity index 96%
rename from trusty/keymaster/trusty_keymaster_device.h
rename to trusty/keymaster/include/trusty_keymaster/legacy/trusty_keymaster_device.h
index cfada1b..5a80795 100644
--- a/trusty/keymaster/trusty_keymaster_device.h
+++ b/trusty/keymaster/include/trusty_keymaster/legacy/trusty_keymaster_device.h
@@ -36,7 +36,8 @@
* These are the only symbols that will be exported by libtrustykeymaster. All functionality
* can be reached via the function pointers in device_.
*/
- __attribute__((visibility("default"))) explicit TrustyKeymasterDevice(const hw_module_t* module);
+ __attribute__((visibility("default"))) explicit TrustyKeymasterDevice(
+ const hw_module_t* module);
__attribute__((visibility("default"))) hw_device_t* hw_device();
~TrustyKeymasterDevice();
@@ -134,12 +135,15 @@
keymaster_operation_handle_t operation_handle,
const keymaster_key_param_set_t* in_params,
const keymaster_blob_t* input, size_t* input_consumed,
- keymaster_key_param_set_t* out_params, keymaster_blob_t* output);
+ keymaster_key_param_set_t* out_params,
+ keymaster_blob_t* output);
static keymaster_error_t finish(const keymaster2_device_t* dev,
keymaster_operation_handle_t operation_handle,
const keymaster_key_param_set_t* in_params,
- const keymaster_blob_t* input, const keymaster_blob_t* signature,
- keymaster_key_param_set_t* out_params, keymaster_blob_t* output);
+ const keymaster_blob_t* input,
+ const keymaster_blob_t* signature,
+ keymaster_key_param_set_t* out_params,
+ keymaster_blob_t* output);
static keymaster_error_t abort(const keymaster2_device_t* dev,
keymaster_operation_handle_t operation_handle);
diff --git a/trusty/keymaster/ipc/trusty_keymaster_ipc.cpp b/trusty/keymaster/ipc/trusty_keymaster_ipc.cpp
new file mode 100644
index 0000000..8c5cff6
--- /dev/null
+++ b/trusty/keymaster/ipc/trusty_keymaster_ipc.cpp
@@ -0,0 +1,182 @@
+/*
+ * Copyright (C) 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "TrustyKeymaster"
+
+// TODO: make this generic in libtrusty
+
+#include <errno.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/uio.h>
+#include <unistd.h>
+
+#include <algorithm>
+
+#include <log/log.h>
+#include <trusty/tipc.h>
+
+#include <trusty_keymaster/ipc/keymaster_ipc.h>
+#include <trusty_keymaster/ipc/trusty_keymaster_ipc.h>
+
+#define TRUSTY_DEVICE_NAME "/dev/trusty-ipc-dev0"
+
+static int handle_ = -1;
+
+int trusty_keymaster_connect() {
+ int rc = tipc_connect(TRUSTY_DEVICE_NAME, KEYMASTER_PORT);
+ if (rc < 0) {
+ return rc;
+ }
+
+ handle_ = rc;
+ return 0;
+}
+
+int trusty_keymaster_call(uint32_t cmd, void* in, uint32_t in_size, uint8_t* out,
+ uint32_t* out_size) {
+ if (handle_ < 0) {
+ ALOGE("not connected\n");
+ return -EINVAL;
+ }
+
+ size_t msg_size = in_size + sizeof(struct keymaster_message);
+ struct keymaster_message* msg = reinterpret_cast<struct keymaster_message*>(malloc(msg_size));
+ if (!msg) {
+ ALOGE("failed to allocate msg buffer\n");
+ return -EINVAL;
+ }
+
+ msg->cmd = cmd;
+ memcpy(msg->payload, in, in_size);
+
+ ssize_t rc = write(handle_, msg, msg_size);
+ free(msg);
+
+ if (rc < 0) {
+ ALOGE("failed to send cmd (%d) to %s: %s\n", cmd, KEYMASTER_PORT, strerror(errno));
+ return -errno;
+ }
+ size_t out_max_size = *out_size;
+ *out_size = 0;
+ struct iovec iov[2];
+ struct keymaster_message header;
+ iov[0] = {.iov_base = &header, .iov_len = sizeof(struct keymaster_message)};
+ while (true) {
+ iov[1] = {.iov_base = out + *out_size,
+ .iov_len = std::min<uint32_t>(KEYMASTER_MAX_BUFFER_LENGTH,
+ out_max_size - *out_size)};
+ rc = readv(handle_, iov, 2);
+ if (rc < 0) {
+ ALOGE("failed to retrieve response for cmd (%d) to %s: %s\n", cmd, KEYMASTER_PORT,
+ strerror(errno));
+ return -errno;
+ }
+
+ if ((size_t)rc < sizeof(struct keymaster_message)) {
+ ALOGE("invalid response size (%d)\n", (int)rc);
+ return -EINVAL;
+ }
+
+ if ((cmd | KEYMASTER_RESP_BIT) != (header.cmd & ~(KEYMASTER_STOP_BIT))) {
+ ALOGE("invalid command (%d)", header.cmd);
+ return -EINVAL;
+ }
+ *out_size += ((size_t)rc - sizeof(struct keymaster_message));
+ if (header.cmd & KEYMASTER_STOP_BIT) {
+ break;
+ }
+ }
+
+ return rc;
+}
+
+void trusty_keymaster_disconnect() {
+ if (handle_ >= 0) {
+ tipc_close(handle_);
+ }
+ handle_ = -1;
+}
+
+keymaster_error_t translate_error(int err) {
+ switch (err) {
+ case 0:
+ return KM_ERROR_OK;
+ case -EPERM:
+ case -EACCES:
+ return KM_ERROR_SECURE_HW_ACCESS_DENIED;
+
+ case -ECANCELED:
+ return KM_ERROR_OPERATION_CANCELLED;
+
+ case -ENODEV:
+ return KM_ERROR_UNIMPLEMENTED;
+
+ case -ENOMEM:
+ return KM_ERROR_MEMORY_ALLOCATION_FAILED;
+
+ case -EBUSY:
+ return KM_ERROR_SECURE_HW_BUSY;
+
+ case -EIO:
+ return KM_ERROR_SECURE_HW_COMMUNICATION_FAILED;
+
+ case -EOVERFLOW:
+ return KM_ERROR_INVALID_INPUT_LENGTH;
+
+ default:
+ return KM_ERROR_UNKNOWN_ERROR;
+ }
+}
+
+keymaster_error_t trusty_keymaster_send(uint32_t command, const keymaster::Serializable& req,
+ keymaster::KeymasterResponse* rsp) {
+ uint32_t req_size = req.SerializedSize();
+ if (req_size > TRUSTY_KEYMASTER_SEND_BUF_SIZE) {
+ ALOGE("Request too big: %u Max size: %u", req_size, TRUSTY_KEYMASTER_SEND_BUF_SIZE);
+ return KM_ERROR_INVALID_INPUT_LENGTH;
+ }
+
+ uint8_t send_buf[TRUSTY_KEYMASTER_SEND_BUF_SIZE];
+ keymaster::Eraser send_buf_eraser(send_buf, TRUSTY_KEYMASTER_SEND_BUF_SIZE);
+ req.Serialize(send_buf, send_buf + req_size);
+
+ // Send it
+ uint8_t recv_buf[TRUSTY_KEYMASTER_RECV_BUF_SIZE];
+ keymaster::Eraser recv_buf_eraser(recv_buf, TRUSTY_KEYMASTER_RECV_BUF_SIZE);
+ uint32_t rsp_size = TRUSTY_KEYMASTER_RECV_BUF_SIZE;
+ int rc = trusty_keymaster_call(command, send_buf, req_size, recv_buf, &rsp_size);
+ if (rc < 0) {
+ // Reset the connection on tipc error
+ trusty_keymaster_disconnect();
+ trusty_keymaster_connect();
+ ALOGE("tipc error: %d\n", rc);
+ // TODO(swillden): Distinguish permanent from transient errors and set error_ appropriately.
+ return translate_error(rc);
+ } else {
+ ALOGE("Received %d byte response\n", rsp_size);
+ }
+
+ const uint8_t* p = recv_buf;
+ if (!rsp->Deserialize(&p, p + rsp_size)) {
+ ALOGE("Error deserializing response of size %d\n", (int)rsp_size);
+ return KM_ERROR_UNKNOWN_ERROR;
+ } else if (rsp->error != KM_ERROR_OK) {
+ ALOGE("Response of size %d contained error code %d\n", (int)rsp_size, (int)rsp->error);
+ return rsp->error;
+ }
+ return rsp->error;
+}
diff --git a/trusty/keymaster/Makefile b/trusty/keymaster/legacy/Makefile
similarity index 100%
rename from trusty/keymaster/Makefile
rename to trusty/keymaster/legacy/Makefile
diff --git a/trusty/keymaster/module.cpp b/trusty/keymaster/legacy/module.cpp
similarity index 65%
rename from trusty/keymaster/module.cpp
rename to trusty/keymaster/legacy/module.cpp
index b472680..7aa1a4e 100644
--- a/trusty/keymaster/module.cpp
+++ b/trusty/keymaster/legacy/module.cpp
@@ -19,14 +19,15 @@
#include <hardware/hardware.h>
#include <hardware/keymaster0.h>
-#include "trusty_keymaster_device.h"
+#include <trusty_keymaster/legacy/trusty_keymaster_device.h>
using keymaster::TrustyKeymasterDevice;
/*
* Generic device handling
*/
-static int trusty_keymaster_open(const hw_module_t* module, const char* name, hw_device_t** device) {
+static int trusty_keymaster_open(const hw_module_t* module, const char* name,
+ hw_device_t** device) {
if (strcmp(name, KEYSTORE_KEYMASTER) != 0) {
return -EINVAL;
}
@@ -42,20 +43,20 @@
}
static struct hw_module_methods_t keystore_module_methods = {
- .open = trusty_keymaster_open,
+ .open = trusty_keymaster_open,
};
struct keystore_module HAL_MODULE_INFO_SYM __attribute__((visibility("default"))) = {
- .common =
- {
- .tag = HARDWARE_MODULE_TAG,
- .module_api_version = KEYMASTER_MODULE_API_VERSION_2_0,
- .hal_api_version = HARDWARE_HAL_API_VERSION,
- .id = KEYSTORE_HARDWARE_MODULE_ID,
- .name = "Trusty Keymaster HAL",
- .author = "The Android Open Source Project",
- .methods = &keystore_module_methods,
- .dso = 0,
- .reserved = {},
- },
+ .common =
+ {
+ .tag = HARDWARE_MODULE_TAG,
+ .module_api_version = KEYMASTER_MODULE_API_VERSION_2_0,
+ .hal_api_version = HARDWARE_HAL_API_VERSION,
+ .id = KEYSTORE_HARDWARE_MODULE_ID,
+ .name = "Trusty Keymaster HAL",
+ .author = "The Android Open Source Project",
+ .methods = &keystore_module_methods,
+ .dso = 0,
+ .reserved = {},
+ },
};
diff --git a/trusty/keymaster/trusty_keymaster_device.cpp b/trusty/keymaster/legacy/trusty_keymaster_device.cpp
similarity index 79%
rename from trusty/keymaster/trusty_keymaster_device.cpp
rename to trusty/keymaster/legacy/trusty_keymaster_device.cpp
index b8c2032..ea00a92 100644
--- a/trusty/keymaster/trusty_keymaster_device.cpp
+++ b/trusty/keymaster/legacy/trusty_keymaster_device.cpp
@@ -33,50 +33,15 @@
#include <keymaster/authorization_set.h>
#include <log/log.h>
-#include "keymaster_ipc.h"
-#include "trusty_keymaster_device.h"
-#include "trusty_keymaster_ipc.h"
-
-// Maximum size of message from Trusty is 8K (for RSA attestation key and chain)
-const uint32_t RECV_BUF_SIZE = 2*PAGE_SIZE;
-const uint32_t SEND_BUF_SIZE = (PAGE_SIZE - sizeof(struct keymaster_message) - 16 /* tipc header */);
+#include <trusty_keymaster/ipc/keymaster_ipc.h>
+#include <trusty_keymaster/ipc/trusty_keymaster_ipc.h>
+#include <trusty_keymaster/legacy/trusty_keymaster_device.h>
const size_t kMaximumAttestationChallengeLength = 128;
const size_t kMaximumFinishInputLength = 2048;
namespace keymaster {
-static keymaster_error_t translate_error(int err) {
- switch (err) {
- case 0:
- return KM_ERROR_OK;
- case -EPERM:
- case -EACCES:
- return KM_ERROR_SECURE_HW_ACCESS_DENIED;
-
- case -ECANCELED:
- return KM_ERROR_OPERATION_CANCELLED;
-
- case -ENODEV:
- return KM_ERROR_UNIMPLEMENTED;
-
- case -ENOMEM:
- return KM_ERROR_MEMORY_ALLOCATION_FAILED;
-
- case -EBUSY:
- return KM_ERROR_SECURE_HW_BUSY;
-
- case -EIO:
- return KM_ERROR_SECURE_HW_COMMUNICATION_FAILED;
-
- case -EOVERFLOW:
- return KM_ERROR_INVALID_INPUT_LENGTH;
-
- default:
- return KM_ERROR_UNKNOWN_ERROR;
- }
-}
-
TrustyKeymasterDevice::TrustyKeymasterDevice(const hw_module_t* module) {
static_assert(std::is_standard_layout<TrustyKeymasterDevice>::value,
"TrustyKeymasterDevice must be standard layout");
@@ -121,7 +86,7 @@
GetVersionRequest version_request;
GetVersionResponse version_response;
- error_ = Send(KM_GET_VERSION, version_request, &version_response);
+ error_ = trusty_keymaster_send(KM_GET_VERSION, version_request, &version_response);
if (error_ == KM_ERROR_INVALID_ARGUMENT || error_ == KM_ERROR_UNIMPLEMENTED) {
ALOGE("\"Bad parameters\" error on GetVersion call. Version 0 is not supported.");
error_ = KM_ERROR_VERSION_MISMATCH;
@@ -186,7 +151,7 @@
}
ConfigureResponse response(message_version_);
- keymaster_error_t err = Send(KM_CONFIGURE, request, &response);
+ keymaster_error_t err = trusty_keymaster_send(KM_CONFIGURE, request, &response);
if (err != KM_ERROR_OK) {
return err;
}
@@ -204,12 +169,12 @@
AddEntropyRequest request(message_version_);
request.random_data.Reinitialize(data, data_length);
AddEntropyResponse response(message_version_);
- return Send(KM_ADD_RNG_ENTROPY, request, &response);
+ return trusty_keymaster_send(KM_ADD_RNG_ENTROPY, request, &response);
}
keymaster_error_t TrustyKeymasterDevice::generate_key(
- const keymaster_key_param_set_t* params, keymaster_key_blob_t* key_blob,
- keymaster_key_characteristics_t* characteristics) {
+ const keymaster_key_param_set_t* params, keymaster_key_blob_t* key_blob,
+ keymaster_key_characteristics_t* characteristics) {
ALOGD("Device received generate_key");
if (error_ != KM_ERROR_OK) {
@@ -227,14 +192,14 @@
request.key_description.push_back(TAG_CREATION_DATETIME, java_time(time(NULL)));
GenerateKeyResponse response(message_version_);
- keymaster_error_t err = Send(KM_GENERATE_KEY, request, &response);
+ keymaster_error_t err = trusty_keymaster_send(KM_GENERATE_KEY, request, &response);
if (err != KM_ERROR_OK) {
return err;
}
key_blob->key_material_size = response.key_blob.key_material_size;
key_blob->key_material =
- DuplicateBuffer(response.key_blob.key_material, response.key_blob.key_material_size);
+ DuplicateBuffer(response.key_blob.key_material, response.key_blob.key_material_size);
if (!key_blob->key_material) {
return KM_ERROR_MEMORY_ALLOCATION_FAILED;
}
@@ -248,8 +213,8 @@
}
keymaster_error_t TrustyKeymasterDevice::get_key_characteristics(
- const keymaster_key_blob_t* key_blob, const keymaster_blob_t* client_id,
- const keymaster_blob_t* app_data, keymaster_key_characteristics_t* characteristics) {
+ const keymaster_key_blob_t* key_blob, const keymaster_blob_t* client_id,
+ const keymaster_blob_t* app_data, keymaster_key_characteristics_t* characteristics) {
ALOGD("Device received get_key_characteristics");
if (error_ != KM_ERROR_OK) {
@@ -267,7 +232,7 @@
AddClientAndAppData(client_id, app_data, &request);
GetKeyCharacteristicsResponse response(message_version_);
- keymaster_error_t err = Send(KM_GET_KEY_CHARACTERISTICS, request, &response);
+ keymaster_error_t err = trusty_keymaster_send(KM_GET_KEY_CHARACTERISTICS, request, &response);
if (err != KM_ERROR_OK) {
return err;
}
@@ -279,9 +244,9 @@
}
keymaster_error_t TrustyKeymasterDevice::import_key(
- const keymaster_key_param_set_t* params, keymaster_key_format_t key_format,
- const keymaster_blob_t* key_data, keymaster_key_blob_t* key_blob,
- keymaster_key_characteristics_t* characteristics) {
+ const keymaster_key_param_set_t* params, keymaster_key_format_t key_format,
+ const keymaster_blob_t* key_data, keymaster_key_blob_t* key_blob,
+ keymaster_key_characteristics_t* characteristics) {
ALOGD("Device received import_key");
if (error_ != KM_ERROR_OK) {
@@ -302,14 +267,14 @@
request.SetKeyMaterial(key_data->data, key_data->data_length);
ImportKeyResponse response(message_version_);
- keymaster_error_t err = Send(KM_IMPORT_KEY, request, &response);
+ keymaster_error_t err = trusty_keymaster_send(KM_IMPORT_KEY, request, &response);
if (err != KM_ERROR_OK) {
return err;
}
key_blob->key_material_size = response.key_blob.key_material_size;
key_blob->key_material =
- DuplicateBuffer(response.key_blob.key_material, response.key_blob.key_material_size);
+ DuplicateBuffer(response.key_blob.key_material, response.key_blob.key_material_size);
if (!key_blob->key_material) {
return KM_ERROR_MEMORY_ALLOCATION_FAILED;
}
@@ -348,7 +313,7 @@
AddClientAndAppData(client_id, app_data, &request);
ExportKeyResponse response(message_version_);
- keymaster_error_t err = Send(KM_EXPORT_KEY, request, &response);
+ keymaster_error_t err = trusty_keymaster_send(KM_EXPORT_KEY, request, &response);
if (err != KM_ERROR_OK) {
return err;
}
@@ -393,7 +358,7 @@
}
AttestKeyResponse response(message_version_);
- keymaster_error_t err = Send(KM_ATTEST_KEY, request, &response);
+ keymaster_error_t err = trusty_keymaster_send(KM_ATTEST_KEY, request, &response);
if (err != KM_ERROR_OK) {
return err;
}
@@ -401,7 +366,7 @@
// Allocate and clear storage for cert_chain.
keymaster_cert_chain_t& rsp_chain = response.certificate_chain;
cert_chain->entries = reinterpret_cast<keymaster_blob_t*>(
- malloc(rsp_chain.entry_count * sizeof(*cert_chain->entries)));
+ malloc(rsp_chain.entry_count * sizeof(*cert_chain->entries)));
if (!cert_chain->entries) {
return KM_ERROR_MEMORY_ALLOCATION_FAILED;
}
@@ -425,9 +390,9 @@
return KM_ERROR_OK;
}
-keymaster_error_t TrustyKeymasterDevice::upgrade_key(const keymaster_key_blob_t* key_to_upgrade,
- const keymaster_key_param_set_t* upgrade_params,
- keymaster_key_blob_t* upgraded_key) {
+keymaster_error_t TrustyKeymasterDevice::upgrade_key(
+ const keymaster_key_blob_t* key_to_upgrade, const keymaster_key_param_set_t* upgrade_params,
+ keymaster_key_blob_t* upgraded_key) {
ALOGD("Device received upgrade_key");
if (error_ != KM_ERROR_OK) {
@@ -445,7 +410,7 @@
request.upgrade_params.Reinitialize(*upgrade_params);
UpgradeKeyResponse response(message_version_);
- keymaster_error_t err = Send(KM_UPGRADE_KEY, request, &response);
+ keymaster_error_t err = trusty_keymaster_send(KM_UPGRADE_KEY, request, &response);
if (err != KM_ERROR_OK) {
return err;
}
@@ -487,7 +452,7 @@
request.additional_params.Reinitialize(*in_params);
BeginOperationResponse response(message_version_);
- keymaster_error_t err = Send(KM_BEGIN_OPERATION, request, &response);
+ keymaster_error_t err = trusty_keymaster_send(KM_BEGIN_OPERATION, request, &response);
if (err != KM_ERROR_OK) {
return err;
}
@@ -535,12 +500,12 @@
request.additional_params.Reinitialize(*in_params);
}
if (input && input->data_length > 0) {
- size_t max_input_size = SEND_BUF_SIZE - request.SerializedSize();
+ size_t max_input_size = TRUSTY_KEYMASTER_SEND_BUF_SIZE - request.SerializedSize();
request.input.Reinitialize(input->data, std::min(input->data_length, max_input_size));
}
UpdateOperationResponse response(message_version_);
- keymaster_error_t err = Send(KM_UPDATE_OPERATION, request, &response);
+ keymaster_error_t err = trusty_keymaster_send(KM_UPDATE_OPERATION, request, &response);
if (err != KM_ERROR_OK) {
return err;
}
@@ -578,8 +543,8 @@
return error_;
}
if (input && input->data_length > kMaximumFinishInputLength) {
- ALOGE("%zu-byte input to finish; only %zu bytes allowed",
- input->data_length, kMaximumFinishInputLength);
+ ALOGE("%zu-byte input to finish; only %zu bytes allowed", input->data_length,
+ kMaximumFinishInputLength);
return KM_ERROR_INVALID_INPUT_LENGTH;
}
@@ -603,7 +568,7 @@
}
FinishOperationResponse response(message_version_);
- keymaster_error_t err = Send(KM_FINISH_OPERATION, request, &response);
+ keymaster_error_t err = trusty_keymaster_send(KM_FINISH_OPERATION, request, &response);
if (err != KM_ERROR_OK) {
return err;
}
@@ -638,7 +603,7 @@
AbortOperationRequest request(message_version_);
request.op_handle = operation_handle;
AbortOperationResponse response(message_version_);
- return Send(KM_ABORT_OPERATION, request, &response);
+ return trusty_keymaster_send(KM_ABORT_OPERATION, request, &response);
}
hw_device_t* TrustyKeymasterDevice::hw_device() {
@@ -669,25 +634,25 @@
/* static */
keymaster_error_t TrustyKeymasterDevice::generate_key(
- const keymaster2_device_t* dev, const keymaster_key_param_set_t* params,
- keymaster_key_blob_t* key_blob, keymaster_key_characteristics_t* characteristics) {
+ const keymaster2_device_t* dev, const keymaster_key_param_set_t* params,
+ keymaster_key_blob_t* key_blob, keymaster_key_characteristics_t* characteristics) {
return convert_device(dev)->generate_key(params, key_blob, characteristics);
}
/* static */
keymaster_error_t TrustyKeymasterDevice::get_key_characteristics(
- const keymaster2_device_t* dev, const keymaster_key_blob_t* key_blob,
- const keymaster_blob_t* client_id, const keymaster_blob_t* app_data,
- keymaster_key_characteristics_t* characteristics) {
+ const keymaster2_device_t* dev, const keymaster_key_blob_t* key_blob,
+ const keymaster_blob_t* client_id, const keymaster_blob_t* app_data,
+ keymaster_key_characteristics_t* characteristics) {
return convert_device(dev)->get_key_characteristics(key_blob, client_id, app_data,
characteristics);
}
/* static */
keymaster_error_t TrustyKeymasterDevice::import_key(
- const keymaster2_device_t* dev, const keymaster_key_param_set_t* params,
- keymaster_key_format_t key_format, const keymaster_blob_t* key_data,
- keymaster_key_blob_t* key_blob, keymaster_key_characteristics_t* characteristics) {
+ const keymaster2_device_t* dev, const keymaster_key_param_set_t* params,
+ keymaster_key_format_t key_format, const keymaster_blob_t* key_data,
+ keymaster_key_blob_t* key_blob, keymaster_key_characteristics_t* characteristics) {
return convert_device(dev)->import_key(params, key_format, key_data, key_blob, characteristics);
}
@@ -711,10 +676,9 @@
}
/* static */
-keymaster_error_t TrustyKeymasterDevice::upgrade_key(const keymaster2_device_t* dev,
- const keymaster_key_blob_t* key_to_upgrade,
- const keymaster_key_param_set_t* upgrade_params,
- keymaster_key_blob_t* upgraded_key) {
+keymaster_error_t TrustyKeymasterDevice::upgrade_key(
+ const keymaster2_device_t* dev, const keymaster_key_blob_t* key_to_upgrade,
+ const keymaster_key_param_set_t* upgrade_params, keymaster_key_blob_t* upgraded_key) {
return convert_device(dev)->upgrade_key(key_to_upgrade, upgrade_params, upgraded_key);
}
@@ -730,9 +694,9 @@
/* static */
keymaster_error_t TrustyKeymasterDevice::update(
- const keymaster2_device_t* dev, keymaster_operation_handle_t operation_handle,
- const keymaster_key_param_set_t* in_params, const keymaster_blob_t* input,
- size_t* input_consumed, keymaster_key_param_set_t* out_params, keymaster_blob_t* output) {
+ const keymaster2_device_t* dev, keymaster_operation_handle_t operation_handle,
+ const keymaster_key_param_set_t* in_params, const keymaster_blob_t* input,
+ size_t* input_consumed, keymaster_key_param_set_t* out_params, keymaster_blob_t* output) {
return convert_device(dev)->update(operation_handle, in_params, input, input_consumed,
out_params, output);
}
@@ -755,42 +719,4 @@
return convert_device(dev)->abort(operation_handle);
}
-keymaster_error_t TrustyKeymasterDevice::Send(uint32_t command, const Serializable& req,
- KeymasterResponse* rsp) {
- uint32_t req_size = req.SerializedSize();
- if (req_size > SEND_BUF_SIZE) {
- return KM_ERROR_MEMORY_ALLOCATION_FAILED;
- }
- uint8_t send_buf[SEND_BUF_SIZE];
- Eraser send_buf_eraser(send_buf, SEND_BUF_SIZE);
- req.Serialize(send_buf, send_buf + req_size);
-
- // Send it
- uint8_t recv_buf[RECV_BUF_SIZE];
- Eraser recv_buf_eraser(recv_buf, RECV_BUF_SIZE);
- uint32_t rsp_size = RECV_BUF_SIZE;
- ALOGV("Sending %d byte request\n", (int)req.SerializedSize());
- int rc = trusty_keymaster_call(command, send_buf, req_size, recv_buf, &rsp_size);
- if (rc < 0) {
- // Reset the connection on tipc error
- trusty_keymaster_disconnect();
- trusty_keymaster_connect();
- ALOGE("tipc error: %d\n", rc);
- // TODO(swillden): Distinguish permanent from transient errors and set error_ appropriately.
- return translate_error(rc);
- } else {
- ALOGV("Received %d byte response\n", rsp_size);
- }
-
- const uint8_t* p = recv_buf;
- if (!rsp->Deserialize(&p, p + rsp_size)) {
- ALOGE("Error deserializing response of size %d\n", (int)rsp_size);
- return KM_ERROR_UNKNOWN_ERROR;
- } else if (rsp->error != KM_ERROR_OK) {
- ALOGE("Response of size %d contained error code %d\n", (int)rsp_size, (int)rsp->error);
- return rsp->error;
- }
- return rsp->error;
-}
-
} // namespace keymaster
diff --git a/trusty/keymaster/trusty_keymaster_device_test.cpp b/trusty/keymaster/legacy/trusty_keymaster_device_test.cpp
similarity index 90%
rename from trusty/keymaster/trusty_keymaster_device_test.cpp
rename to trusty/keymaster/legacy/trusty_keymaster_device_test.cpp
index 9227964..68def58 100644
--- a/trusty/keymaster/trusty_keymaster_device_test.cpp
+++ b/trusty/keymaster/legacy/trusty_keymaster_device_test.cpp
@@ -28,15 +28,15 @@
#include <keymaster/keymaster_tags.h>
#include <keymaster/soft_keymaster_context.h>
+#include <trusty_keymaster/legacy/trusty_keymaster_device.h>
#include "android_keymaster_test_utils.h"
-#include "trusty_keymaster_device.h"
#include "openssl_utils.h"
-using std::string;
using std::ifstream;
using std::istreambuf_iterator;
+using std::string;
-static keymaster::AndroidKeymaster *impl_ = nullptr;
+static keymaster::AndroidKeymaster* impl_ = nullptr;
extern "C" {
int __android_log_print();
@@ -65,8 +65,8 @@
template <typename Req, typename Rsp>
static int fake_call(keymaster::AndroidKeymaster* device,
- void (keymaster::AndroidKeymaster::*method)(const Req&, Rsp*), void* in_buf,
- uint32_t in_size, void* out_buf, uint32_t* out_size) {
+ void (keymaster::AndroidKeymaster::*method)(const Req&, Rsp*), void* in_buf,
+ uint32_t in_size, void* out_buf, uint32_t* out_size) {
Req req;
const uint8_t* in = static_cast<uint8_t*>(in_buf);
req.Deserialize(&in, in + in_size);
@@ -80,29 +80,28 @@
}
int trusty_keymaster_call(uint32_t cmd, void* in_buf, uint32_t in_size, void* out_buf,
- uint32_t* out_size) {
+ uint32_t* out_size) {
switch (cmd) {
- case KM_GENERATE_KEY:
- return fake_call(impl_, &keymaster::AndroidKeymaster::GenerateKey, in_buf, in_size,
- out_buf, out_size);
- case KM_BEGIN_OPERATION:
- return fake_call(impl_, &keymaster::AndroidKeymaster::BeginOperation, in_buf, in_size,
- out_buf, out_size);
- case KM_UPDATE_OPERATION:
- return fake_call(impl_, &keymaster::AndroidKeymaster::UpdateOperation, in_buf, in_size,
- out_buf, out_size);
- case KM_FINISH_OPERATION:
- return fake_call(impl_, &keymaster::AndroidKeymaster::FinishOperation, in_buf, in_size,
- out_buf, out_size);
- case KM_IMPORT_KEY:
- return fake_call(impl_, &keymaster::AndroidKeymaster::ImportKey, in_buf, in_size, out_buf,
- out_size);
- case KM_EXPORT_KEY:
- return fake_call(impl_, &keymaster::AndroidKeymaster::ExportKey, in_buf, in_size, out_buf,
- out_size);
+ case KM_GENERATE_KEY:
+ return fake_call(impl_, &keymaster::AndroidKeymaster::GenerateKey, in_buf, in_size,
+ out_buf, out_size);
+ case KM_BEGIN_OPERATION:
+ return fake_call(impl_, &keymaster::AndroidKeymaster::BeginOperation, in_buf, in_size,
+ out_buf, out_size);
+ case KM_UPDATE_OPERATION:
+ return fake_call(impl_, &keymaster::AndroidKeymaster::UpdateOperation, in_buf, in_size,
+ out_buf, out_size);
+ case KM_FINISH_OPERATION:
+ return fake_call(impl_, &keymaster::AndroidKeymaster::FinishOperation, in_buf, in_size,
+ out_buf, out_size);
+ case KM_IMPORT_KEY:
+ return fake_call(impl_, &keymaster::AndroidKeymaster::ImportKey, in_buf, in_size,
+ out_buf, out_size);
+ case KM_EXPORT_KEY:
+ return fake_call(impl_, &keymaster::AndroidKeymaster::ExportKey, in_buf, in_size,
+ out_buf, out_size);
}
return -EINVAL;
-
}
namespace keymaster {
@@ -127,15 +126,15 @@
size_t dsa_message_len(const keymaster_dsa_keygen_params_t& params) {
switch (params.key_size) {
- case 256:
- case 1024:
- return 48;
- case 2048:
- case 4096:
- return 72;
- default:
- // Oops.
- return 0;
+ case 256:
+ case 1024:
+ return 48;
+ case 2048:
+ case 4096:
+ return 72;
+ default:
+ // Oops.
+ return 0;
}
}
@@ -323,9 +322,9 @@
Malloc_Delete sig_deleter(signature);
signature[siglen / 2]++;
- EXPECT_EQ(
- KM_ERROR_VERIFICATION_FAILED,
- device.verify_data(&sig_params, ptr, size, message.get(), message_len, signature, siglen));
+ EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED,
+ device.verify_data(&sig_params, ptr, size, message.get(), message_len, signature,
+ siglen));
}
TEST_F(VerificationTest, RsaBadMessage) {
@@ -345,9 +344,9 @@
&signature, &siglen));
Malloc_Delete sig_deleter(signature);
message[0]++;
- EXPECT_EQ(
- KM_ERROR_VERIFICATION_FAILED,
- device.verify_data(&sig_params, ptr, size, message.get(), message_len, signature, siglen));
+ EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED,
+ device.verify_data(&sig_params, ptr, size, message.get(), message_len, signature,
+ siglen));
}
TEST_F(VerificationTest, RsaShortMessage) {
diff --git a/trusty/keymaster/legacy/trusty_keymaster_main.cpp b/trusty/keymaster/legacy/trusty_keymaster_main.cpp
new file mode 100644
index 0000000..e3e70e6
--- /dev/null
+++ b/trusty/keymaster/legacy/trusty_keymaster_main.cpp
@@ -0,0 +1,408 @@
+/*
+ * Copyright 2014 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <keymaster/keymaster_configuration.h>
+
+#include <stdio.h>
+#include <memory>
+
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+#include <trusty_keymaster/legacy/trusty_keymaster_device.h>
+
+using keymaster::TrustyKeymasterDevice;
+
+unsigned char rsa_privkey_pk8_der[] = {
+ 0x30, 0x82, 0x02, 0x75, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+ 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x5f, 0x30, 0x82, 0x02, 0x5b,
+ 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xc6, 0x09, 0x54, 0x09, 0x04, 0x7d, 0x86, 0x34,
+ 0x81, 0x2d, 0x5a, 0x21, 0x81, 0x76, 0xe4, 0x5c, 0x41, 0xd6, 0x0a, 0x75, 0xb1, 0x39, 0x01,
+ 0xf2, 0x34, 0x22, 0x6c, 0xff, 0xe7, 0x76, 0x52, 0x1c, 0x5a, 0x77, 0xb9, 0xe3, 0x89, 0x41,
+ 0x7b, 0x71, 0xc0, 0xb6, 0xa4, 0x4d, 0x13, 0xaf, 0xe4, 0xe4, 0xa2, 0x80, 0x5d, 0x46, 0xc9,
+ 0xda, 0x29, 0x35, 0xad, 0xb1, 0xff, 0x0c, 0x1f, 0x24, 0xea, 0x06, 0xe6, 0x2b, 0x20, 0xd7,
+ 0x76, 0x43, 0x0a, 0x4d, 0x43, 0x51, 0x57, 0x23, 0x3c, 0x6f, 0x91, 0x67, 0x83, 0xc3, 0x0e,
+ 0x31, 0x0f, 0xcb, 0xd8, 0x9b, 0x85, 0xc2, 0xd5, 0x67, 0x71, 0x16, 0x97, 0x85, 0xac, 0x12,
+ 0xbc, 0xa2, 0x44, 0xab, 0xda, 0x72, 0xbf, 0xb1, 0x9f, 0xc4, 0x4d, 0x27, 0xc8, 0x1e, 0x1d,
+ 0x92, 0xde, 0x28, 0x4f, 0x40, 0x61, 0xed, 0xfd, 0x99, 0x28, 0x07, 0x45, 0xea, 0x6d, 0x25,
+ 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x1b, 0xe0, 0xf0, 0x4d, 0x9c, 0xae, 0x37,
+ 0x18, 0x69, 0x1f, 0x03, 0x53, 0x38, 0x30, 0x8e, 0x91, 0x56, 0x4b, 0x55, 0x89, 0x9f, 0xfb,
+ 0x50, 0x84, 0xd2, 0x46, 0x0e, 0x66, 0x30, 0x25, 0x7e, 0x05, 0xb3, 0xce, 0xab, 0x02, 0x97,
+ 0x2d, 0xfa, 0xbc, 0xd6, 0xce, 0x5f, 0x6e, 0xe2, 0x58, 0x9e, 0xb6, 0x79, 0x11, 0xed, 0x0f,
+ 0xac, 0x16, 0xe4, 0x3a, 0x44, 0x4b, 0x8c, 0x86, 0x1e, 0x54, 0x4a, 0x05, 0x93, 0x36, 0x57,
+ 0x72, 0xf8, 0xba, 0xf6, 0xb2, 0x2f, 0xc9, 0xe3, 0xc5, 0xf1, 0x02, 0x4b, 0x06, 0x3a, 0xc0,
+ 0x80, 0xa7, 0xb2, 0x23, 0x4c, 0xf8, 0xae, 0xe8, 0xf6, 0xc4, 0x7b, 0xbf, 0x4f, 0xd3, 0xac,
+ 0xe7, 0x24, 0x02, 0x90, 0xbe, 0xf1, 0x6c, 0x0b, 0x3f, 0x7f, 0x3c, 0xdd, 0x64, 0xce, 0x3a,
+ 0xb5, 0x91, 0x2c, 0xf6, 0xe3, 0x2f, 0x39, 0xab, 0x18, 0x83, 0x58, 0xaf, 0xcc, 0xcd, 0x80,
+ 0x81, 0x02, 0x41, 0x00, 0xe4, 0xb4, 0x9e, 0xf5, 0x0f, 0x76, 0x5d, 0x3b, 0x24, 0xdd, 0xe0,
+ 0x1a, 0xce, 0xaa, 0xf1, 0x30, 0xf2, 0xc7, 0x66, 0x70, 0xa9, 0x1a, 0x61, 0xae, 0x08, 0xaf,
+ 0x49, 0x7b, 0x4a, 0x82, 0xbe, 0x6d, 0xee, 0x8f, 0xcd, 0xd5, 0xe3, 0xf7, 0xba, 0x1c, 0xfb,
+ 0x1f, 0x0c, 0x92, 0x6b, 0x88, 0xf8, 0x8c, 0x92, 0xbf, 0xab, 0x13, 0x7f, 0xba, 0x22, 0x85,
+ 0x22, 0x7b, 0x83, 0xc3, 0x42, 0xff, 0x7c, 0x55, 0x02, 0x41, 0x00, 0xdd, 0xab, 0xb5, 0x83,
+ 0x9c, 0x4c, 0x7f, 0x6b, 0xf3, 0xd4, 0x18, 0x32, 0x31, 0xf0, 0x05, 0xb3, 0x1a, 0xa5, 0x8a,
+ 0xff, 0xdd, 0xa5, 0xc7, 0x9e, 0x4c, 0xce, 0x21, 0x7f, 0x6b, 0xc9, 0x30, 0xdb, 0xe5, 0x63,
+ 0xd4, 0x80, 0x70, 0x6c, 0x24, 0xe9, 0xeb, 0xfc, 0xab, 0x28, 0xa6, 0xcd, 0xef, 0xd3, 0x24,
+ 0xb7, 0x7e, 0x1b, 0xf7, 0x25, 0x1b, 0x70, 0x90, 0x92, 0xc2, 0x4f, 0xf5, 0x01, 0xfd, 0x91,
+ 0x02, 0x40, 0x23, 0xd4, 0x34, 0x0e, 0xda, 0x34, 0x45, 0xd8, 0xcd, 0x26, 0xc1, 0x44, 0x11,
+ 0xda, 0x6f, 0xdc, 0xa6, 0x3c, 0x1c, 0xcd, 0x4b, 0x80, 0xa9, 0x8a, 0xd5, 0x2b, 0x78, 0xcc,
+ 0x8a, 0xd8, 0xbe, 0xb2, 0x84, 0x2c, 0x1d, 0x28, 0x04, 0x05, 0xbc, 0x2f, 0x6c, 0x1b, 0xea,
+ 0x21, 0x4a, 0x1d, 0x74, 0x2a, 0xb9, 0x96, 0xb3, 0x5b, 0x63, 0xa8, 0x2a, 0x5e, 0x47, 0x0f,
+ 0xa8, 0x8d, 0xbf, 0x82, 0x3c, 0xdd, 0x02, 0x40, 0x1b, 0x7b, 0x57, 0x44, 0x9a, 0xd3, 0x0d,
+ 0x15, 0x18, 0x24, 0x9a, 0x5f, 0x56, 0xbb, 0x98, 0x29, 0x4d, 0x4b, 0x6a, 0xc1, 0x2f, 0xfc,
+ 0x86, 0x94, 0x04, 0x97, 0xa5, 0xa5, 0x83, 0x7a, 0x6c, 0xf9, 0x46, 0x26, 0x2b, 0x49, 0x45,
+ 0x26, 0xd3, 0x28, 0xc1, 0x1e, 0x11, 0x26, 0x38, 0x0f, 0xde, 0x04, 0xc2, 0x4f, 0x91, 0x6d,
+ 0xec, 0x25, 0x08, 0x92, 0xdb, 0x09, 0xa6, 0xd7, 0x7c, 0xdb, 0xa3, 0x51, 0x02, 0x40, 0x77,
+ 0x62, 0xcd, 0x8f, 0x4d, 0x05, 0x0d, 0xa5, 0x6b, 0xd5, 0x91, 0xad, 0xb5, 0x15, 0xd2, 0x4d,
+ 0x7c, 0xcd, 0x32, 0xcc, 0xa0, 0xd0, 0x5f, 0x86, 0x6d, 0x58, 0x35, 0x14, 0xbd, 0x73, 0x24,
+ 0xd5, 0xf3, 0x36, 0x45, 0xe8, 0xed, 0x8b, 0x4a, 0x1c, 0xb3, 0xcc, 0x4a, 0x1d, 0x67, 0x98,
+ 0x73, 0x99, 0xf2, 0xa0, 0x9f, 0x5b, 0x3f, 0xb6, 0x8c, 0x88, 0xd5, 0xe5, 0xd9, 0x0a, 0xc3,
+ 0x34, 0x92, 0xd6};
+unsigned int rsa_privkey_pk8_der_len = 633;
+
+unsigned char dsa_privkey_pk8_der[] = {
+ 0x30, 0x82, 0x01, 0x4b, 0x02, 0x01, 0x00, 0x30, 0x82, 0x01, 0x2b, 0x06, 0x07, 0x2a, 0x86,
+ 0x48, 0xce, 0x38, 0x04, 0x01, 0x30, 0x82, 0x01, 0x1e, 0x02, 0x81, 0x81, 0x00, 0xa3, 0xf3,
+ 0xe9, 0xb6, 0x7e, 0x7d, 0x88, 0xf6, 0xb7, 0xe5, 0xf5, 0x1f, 0x3b, 0xee, 0xac, 0xd7, 0xad,
+ 0xbc, 0xc9, 0xd1, 0x5a, 0xf8, 0x88, 0xc4, 0xef, 0x6e, 0x3d, 0x74, 0x19, 0x74, 0xe7, 0xd8,
+ 0xe0, 0x26, 0x44, 0x19, 0x86, 0xaf, 0x19, 0xdb, 0x05, 0xe9, 0x3b, 0x8b, 0x58, 0x58, 0xde,
+ 0xe5, 0x4f, 0x48, 0x15, 0x01, 0xea, 0xe6, 0x83, 0x52, 0xd7, 0xc1, 0x21, 0xdf, 0xb9, 0xb8,
+ 0x07, 0x66, 0x50, 0xfb, 0x3a, 0x0c, 0xb3, 0x85, 0xee, 0xbb, 0x04, 0x5f, 0xc2, 0x6d, 0x6d,
+ 0x95, 0xfa, 0x11, 0x93, 0x1e, 0x59, 0x5b, 0xb1, 0x45, 0x8d, 0xe0, 0x3d, 0x73, 0xaa, 0xf2,
+ 0x41, 0x14, 0x51, 0x07, 0x72, 0x3d, 0xa2, 0xf7, 0x58, 0xcd, 0x11, 0xa1, 0x32, 0xcf, 0xda,
+ 0x42, 0xb7, 0xcc, 0x32, 0x80, 0xdb, 0x87, 0x82, 0xec, 0x42, 0xdb, 0x5a, 0x55, 0x24, 0x24,
+ 0xa2, 0xd1, 0x55, 0x29, 0xad, 0xeb, 0x02, 0x15, 0x00, 0xeb, 0xea, 0x17, 0xd2, 0x09, 0xb3,
+ 0xd7, 0x21, 0x9a, 0x21, 0x07, 0x82, 0x8f, 0xab, 0xfe, 0x88, 0x71, 0x68, 0xf7, 0xe3, 0x02,
+ 0x81, 0x80, 0x19, 0x1c, 0x71, 0xfd, 0xe0, 0x03, 0x0c, 0x43, 0xd9, 0x0b, 0xf6, 0xcd, 0xd6,
+ 0xa9, 0x70, 0xe7, 0x37, 0x86, 0x3a, 0x78, 0xe9, 0xa7, 0x47, 0xa7, 0x47, 0x06, 0x88, 0xb1,
+ 0xaf, 0xd7, 0xf3, 0xf1, 0xa1, 0xd7, 0x00, 0x61, 0x28, 0x88, 0x31, 0x48, 0x60, 0xd8, 0x11,
+ 0xef, 0xa5, 0x24, 0x1a, 0x81, 0xc4, 0x2a, 0xe2, 0xea, 0x0e, 0x36, 0xd2, 0xd2, 0x05, 0x84,
+ 0x37, 0xcf, 0x32, 0x7d, 0x09, 0xe6, 0x0f, 0x8b, 0x0c, 0xc8, 0xc2, 0xa4, 0xb1, 0xdc, 0x80,
+ 0xca, 0x68, 0xdf, 0xaf, 0xd2, 0x90, 0xc0, 0x37, 0x58, 0x54, 0x36, 0x8f, 0x49, 0xb8, 0x62,
+ 0x75, 0x8b, 0x48, 0x47, 0xc0, 0xbe, 0xf7, 0x9a, 0x92, 0xa6, 0x68, 0x05, 0xda, 0x9d, 0xaf,
+ 0x72, 0x9a, 0x67, 0xb3, 0xb4, 0x14, 0x03, 0xae, 0x4f, 0x4c, 0x76, 0xb9, 0xd8, 0x64, 0x0a,
+ 0xba, 0x3b, 0xa8, 0x00, 0x60, 0x4d, 0xae, 0x81, 0xc3, 0xc5, 0x04, 0x17, 0x02, 0x15, 0x00,
+ 0x81, 0x9d, 0xfd, 0x53, 0x0c, 0xc1, 0x8f, 0xbe, 0x8b, 0xea, 0x00, 0x26, 0x19, 0x29, 0x33,
+ 0x91, 0x84, 0xbe, 0xad, 0x81};
+unsigned int dsa_privkey_pk8_der_len = 335;
+
+unsigned char ec_privkey_pk8_der[] = {
+ 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce,
+ 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x04,
+ 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20, 0x73, 0x7c, 0x2e, 0xcd, 0x7b, 0x8d,
+ 0x19, 0x40, 0xbf, 0x29, 0x30, 0xaa, 0x9b, 0x4e, 0xd3, 0xff, 0x94, 0x1e, 0xed, 0x09,
+ 0x36, 0x6b, 0xc0, 0x32, 0x99, 0x98, 0x64, 0x81, 0xf3, 0xa4, 0xd8, 0x59, 0xa1, 0x44,
+ 0x03, 0x42, 0x00, 0x04, 0xbf, 0x85, 0xd7, 0x72, 0x0d, 0x07, 0xc2, 0x54, 0x61, 0x68,
+ 0x3b, 0xc6, 0x48, 0xb4, 0x77, 0x8a, 0x9a, 0x14, 0xdd, 0x8a, 0x02, 0x4e, 0x3b, 0xdd,
+ 0x8c, 0x7d, 0xdd, 0x9a, 0xb2, 0xb5, 0x28, 0xbb, 0xc7, 0xaa, 0x1b, 0x51, 0xf1, 0x4e,
+ 0xbb, 0xbb, 0x0b, 0xd0, 0xce, 0x21, 0xbc, 0xc4, 0x1c, 0x6e, 0xb0, 0x00, 0x83, 0xcf,
+ 0x33, 0x76, 0xd1, 0x1f, 0xd4, 0x49, 0x49, 0xe0, 0xb2, 0x18, 0x3b, 0xfe};
+unsigned int ec_privkey_pk8_der_len = 138;
+
+keymaster_key_param_t ec_params[] = {
+ keymaster_param_enum(KM_TAG_ALGORITHM, KM_ALGORITHM_EC),
+ keymaster_param_long(KM_TAG_EC_CURVE, KM_EC_CURVE_P_521),
+ keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_SIGN),
+ keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_VERIFY),
+ keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
+ keymaster_param_bool(KM_TAG_NO_AUTH_REQUIRED),
+};
+keymaster_key_param_set_t ec_param_set = {ec_params, sizeof(ec_params) / sizeof(*ec_params)};
+
+keymaster_key_param_t rsa_params[] = {
+ keymaster_param_enum(KM_TAG_ALGORITHM, KM_ALGORITHM_RSA),
+ keymaster_param_int(KM_TAG_KEY_SIZE, 1024),
+ keymaster_param_long(KM_TAG_RSA_PUBLIC_EXPONENT, 65537),
+ keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_SIGN),
+ keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_VERIFY),
+ keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
+ keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
+ keymaster_param_bool(KM_TAG_NO_AUTH_REQUIRED),
+};
+keymaster_key_param_set_t rsa_param_set = {rsa_params, sizeof(rsa_params) / sizeof(*rsa_params)};
+
+struct EVP_PKEY_Delete {
+ void operator()(EVP_PKEY* p) const { EVP_PKEY_free(p); }
+};
+
+struct EVP_PKEY_CTX_Delete {
+ void operator()(EVP_PKEY_CTX* p) { EVP_PKEY_CTX_free(p); }
+};
+
+static bool do_operation(TrustyKeymasterDevice* device, keymaster_purpose_t purpose,
+ keymaster_key_blob_t* key, keymaster_blob_t* input,
+ keymaster_blob_t* signature, keymaster_blob_t* output) {
+ keymaster_key_param_t params[] = {
+ keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
+ keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
+ };
+ keymaster_key_param_set_t param_set = {params, sizeof(params) / sizeof(*params)};
+ keymaster_operation_handle_t op_handle;
+ keymaster_error_t error = device->begin(purpose, key, ¶m_set, nullptr, &op_handle);
+ if (error != KM_ERROR_OK) {
+ printf("Keymaster begin() failed: %d\n", error);
+ return false;
+ }
+ size_t input_consumed;
+ error = device->update(op_handle, nullptr, input, &input_consumed, nullptr, nullptr);
+ if (error != KM_ERROR_OK) {
+ printf("Keymaster update() failed: %d\n", error);
+ return false;
+ }
+ if (input_consumed != input->data_length) {
+ // This should never happen. If it does, it's a bug in the keymaster implementation.
+ printf("Keymaster update() did not consume all data.\n");
+ device->abort(op_handle);
+ return false;
+ }
+ error = device->finish(op_handle, nullptr, nullptr, signature, nullptr, output);
+ if (error != KM_ERROR_OK) {
+ printf("Keymaster finish() failed: %d\n", error);
+ return false;
+ }
+ return true;
+}
+
+static bool test_import_rsa(TrustyKeymasterDevice* device) {
+ printf("===================\n");
+ printf("= RSA Import Test =\n");
+ printf("===================\n\n");
+
+ printf("=== Importing RSA keypair === \n");
+ keymaster_key_blob_t key;
+ keymaster_blob_t private_key = {rsa_privkey_pk8_der, rsa_privkey_pk8_der_len};
+ int error =
+ device->import_key(&rsa_param_set, KM_KEY_FORMAT_PKCS8, &private_key, &key, nullptr);
+ if (error != KM_ERROR_OK) {
+ printf("Error importing RSA key: %d\n\n", error);
+ return false;
+ }
+ std::unique_ptr<const uint8_t[]> key_deleter(key.key_material);
+
+ printf("=== Signing with imported RSA key ===\n");
+ size_t message_len = 1024 / 8;
+ std::unique_ptr<uint8_t[]> message(new uint8_t[message_len]);
+ memset(message.get(), 'a', message_len);
+ keymaster_blob_t input = {message.get(), message_len}, signature;
+
+ if (!do_operation(device, KM_PURPOSE_SIGN, &key, &input, nullptr, &signature)) {
+ printf("Error signing data with imported RSA key\n\n");
+ return false;
+ }
+ std::unique_ptr<const uint8_t[]> signature_deleter(signature.data);
+
+ printf("=== Verifying with imported RSA key === \n");
+ if (!do_operation(device, KM_PURPOSE_VERIFY, &key, &input, &signature, nullptr)) {
+ printf("Error verifying data with imported RSA key\n\n");
+ return false;
+ }
+
+ printf("\n");
+ return true;
+}
+
+static bool test_rsa(TrustyKeymasterDevice* device) {
+ printf("============\n");
+ printf("= RSA Test =\n");
+ printf("============\n\n");
+
+ printf("=== Generating RSA key pair ===\n");
+ keymaster_key_blob_t key;
+ int error = device->generate_key(&rsa_param_set, &key, nullptr);
+ if (error != KM_ERROR_OK) {
+ printf("Error generating RSA key pair: %d\n\n", error);
+ return false;
+ }
+ std::unique_ptr<const uint8_t[]> key_deleter(key.key_material);
+
+ printf("=== Signing with RSA key === \n");
+ size_t message_len = 1024 / 8;
+ std::unique_ptr<uint8_t[]> message(new uint8_t[message_len]);
+ memset(message.get(), 'a', message_len);
+ keymaster_blob_t input = {message.get(), message_len}, signature;
+
+ if (!do_operation(device, KM_PURPOSE_SIGN, &key, &input, nullptr, &signature)) {
+ printf("Error signing data with RSA key\n\n");
+ return false;
+ }
+ std::unique_ptr<const uint8_t[]> signature_deleter(signature.data);
+
+ printf("=== Verifying with RSA key === \n");
+ if (!do_operation(device, KM_PURPOSE_VERIFY, &key, &input, &signature, nullptr)) {
+ printf("Error verifying data with RSA key\n\n");
+ return false;
+ }
+
+ printf("=== Exporting RSA public key ===\n");
+ keymaster_blob_t exported_key;
+ error = device->export_key(KM_KEY_FORMAT_X509, &key, nullptr, nullptr, &exported_key);
+ if (error != KM_ERROR_OK) {
+ printf("Error exporting RSA public key: %d\n\n", error);
+ return false;
+ }
+
+ printf("=== Verifying with exported key ===\n");
+ const uint8_t* tmp = exported_key.data;
+ std::unique_ptr<EVP_PKEY, EVP_PKEY_Delete> pkey(
+ d2i_PUBKEY(NULL, &tmp, exported_key.data_length));
+ std::unique_ptr<EVP_PKEY_CTX, EVP_PKEY_CTX_Delete> ctx(EVP_PKEY_CTX_new(pkey.get(), NULL));
+ if (EVP_PKEY_verify_init(ctx.get()) != 1) {
+ printf("Error initializing openss EVP context\n\n");
+ return false;
+ }
+ if (EVP_PKEY_type(pkey->type) != EVP_PKEY_RSA) {
+ printf("Exported key was the wrong type?!?\n\n");
+ return false;
+ }
+
+ EVP_PKEY_CTX_set_rsa_padding(ctx.get(), RSA_NO_PADDING);
+ if (EVP_PKEY_verify(ctx.get(), signature.data, signature.data_length, message.get(),
+ message_len) != 1) {
+ printf("Verification with exported pubkey failed.\n\n");
+ return false;
+ } else {
+ printf("Verification succeeded\n");
+ }
+
+ printf("\n");
+ return true;
+}
+
+static bool test_import_ecdsa(TrustyKeymasterDevice* device) {
+ printf("=====================\n");
+ printf("= ECDSA Import Test =\n");
+ printf("=====================\n\n");
+
+ printf("=== Importing ECDSA keypair === \n");
+ keymaster_key_blob_t key;
+ keymaster_blob_t private_key = {ec_privkey_pk8_der, ec_privkey_pk8_der_len};
+ int error = device->import_key(&ec_param_set, KM_KEY_FORMAT_PKCS8, &private_key, &key, nullptr);
+ if (error != KM_ERROR_OK) {
+ printf("Error importing ECDSA key: %d\n\n", error);
+ return false;
+ }
+ std::unique_ptr<const uint8_t[]> deleter(key.key_material);
+
+ printf("=== Signing with imported ECDSA key ===\n");
+ size_t message_len = 30 /* arbitrary */;
+ std::unique_ptr<uint8_t[]> message(new uint8_t[message_len]);
+ memset(message.get(), 'a', message_len);
+ keymaster_blob_t input = {message.get(), message_len}, signature;
+
+ if (!do_operation(device, KM_PURPOSE_SIGN, &key, &input, nullptr, &signature)) {
+ printf("Error signing data with imported ECDSA key\n\n");
+ return false;
+ }
+ std::unique_ptr<const uint8_t[]> signature_deleter(signature.data);
+
+ printf("=== Verifying with imported ECDSA key === \n");
+ if (!do_operation(device, KM_PURPOSE_VERIFY, &key, &input, &signature, nullptr)) {
+ printf("Error verifying data with imported ECDSA key\n\n");
+ return false;
+ }
+
+ printf("\n");
+ return true;
+}
+
+static bool test_ecdsa(TrustyKeymasterDevice* device) {
+ printf("==============\n");
+ printf("= ECDSA Test =\n");
+ printf("==============\n\n");
+
+ printf("=== Generating ECDSA key pair ===\n");
+ keymaster_key_blob_t key;
+ int error = device->generate_key(&ec_param_set, &key, nullptr);
+ if (error != KM_ERROR_OK) {
+ printf("Error generating ECDSA key pair: %d\n\n", error);
+ return false;
+ }
+ std::unique_ptr<const uint8_t[]> key_deleter(key.key_material);
+
+ printf("=== Signing with ECDSA key === \n");
+ size_t message_len = 30 /* arbitrary */;
+ std::unique_ptr<uint8_t[]> message(new uint8_t[message_len]);
+ memset(message.get(), 'a', message_len);
+ keymaster_blob_t input = {message.get(), message_len}, signature;
+
+ if (!do_operation(device, KM_PURPOSE_SIGN, &key, &input, nullptr, &signature)) {
+ printf("Error signing data with ECDSA key\n\n");
+ return false;
+ }
+ std::unique_ptr<const uint8_t[]> signature_deleter(signature.data);
+
+ printf("=== Verifying with ECDSA key === \n");
+ if (!do_operation(device, KM_PURPOSE_VERIFY, &key, &input, &signature, nullptr)) {
+ printf("Error verifying data with ECDSA key\n\n");
+ return false;
+ }
+
+ printf("=== Exporting ECDSA public key ===\n");
+ keymaster_blob_t exported_key;
+ error = device->export_key(KM_KEY_FORMAT_X509, &key, nullptr, nullptr, &exported_key);
+ if (error != KM_ERROR_OK) {
+ printf("Error exporting ECDSA public key: %d\n\n", error);
+ return false;
+ }
+
+ printf("=== Verifying with exported key ===\n");
+ const uint8_t* tmp = exported_key.data;
+ std::unique_ptr<EVP_PKEY, EVP_PKEY_Delete> pkey(
+ d2i_PUBKEY(NULL, &tmp, exported_key.data_length));
+ std::unique_ptr<EVP_PKEY_CTX, EVP_PKEY_CTX_Delete> ctx(EVP_PKEY_CTX_new(pkey.get(), NULL));
+ if (EVP_PKEY_verify_init(ctx.get()) != 1) {
+ printf("Error initializing openssl EVP context\n\n");
+ return false;
+ }
+ if (EVP_PKEY_type(pkey->type) != EVP_PKEY_EC) {
+ printf("Exported key was the wrong type?!?\n\n");
+ return false;
+ }
+
+ if (EVP_PKEY_verify(ctx.get(), signature.data, signature.data_length, message.get(),
+ message_len) != 1) {
+ printf("Verification with exported pubkey failed.\n\n");
+ return false;
+ } else {
+ printf("Verification succeeded\n");
+ }
+
+ printf("\n");
+ return true;
+}
+
+int main(void) {
+ TrustyKeymasterDevice device(NULL);
+ keymaster::ConfigureDevice(reinterpret_cast<keymaster2_device_t*>(&device));
+ if (device.session_error() != KM_ERROR_OK) {
+ printf("Failed to initialize Trusty session: %d\n", device.session_error());
+ return 1;
+ }
+ printf("Trusty session initialized\n");
+
+ bool success = true;
+ success &= test_rsa(&device);
+ success &= test_import_rsa(&device);
+ success &= test_ecdsa(&device);
+ success &= test_import_ecdsa(&device);
+
+ if (success) {
+ printf("\nTESTS PASSED!\n");
+ } else {
+ printf("\n!!!!TESTS FAILED!!!\n");
+ }
+
+ return success ? 0 : 1;
+}
diff --git a/trusty/keymaster/trusty_keymaster_ipc.cpp b/trusty/keymaster/trusty_keymaster_ipc.cpp
deleted file mode 100644
index 686e7ae..0000000
--- a/trusty/keymaster/trusty_keymaster_ipc.cpp
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- * Copyright (C) 2015 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#define LOG_TAG "TrustyKeymaster"
-
-// TODO: make this generic in libtrusty
-
-#include <errno.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/uio.h>
-#include <unistd.h>
-
-#include <algorithm>
-
-#include <log/log.h>
-#include <trusty/tipc.h>
-
-#include "keymaster_ipc.h"
-#include "trusty_keymaster_ipc.h"
-
-#define TRUSTY_DEVICE_NAME "/dev/trusty-ipc-dev0"
-
-static int handle_ = -1;
-
-int trusty_keymaster_connect() {
- int rc = tipc_connect(TRUSTY_DEVICE_NAME, KEYMASTER_PORT);
- if (rc < 0) {
- return rc;
- }
-
- handle_ = rc;
- return 0;
-}
-
-int trusty_keymaster_call(uint32_t cmd, void* in, uint32_t in_size, uint8_t* out,
- uint32_t* out_size) {
- if (handle_ < 0) {
- ALOGE("not connected\n");
- return -EINVAL;
- }
-
- size_t msg_size = in_size + sizeof(struct keymaster_message);
- struct keymaster_message* msg = reinterpret_cast<struct keymaster_message*>(malloc(msg_size));
- if (!msg) {
- ALOGE("failed to allocate msg buffer\n");
- return -EINVAL;
- }
-
- msg->cmd = cmd;
- memcpy(msg->payload, in, in_size);
-
- ssize_t rc = write(handle_, msg, msg_size);
- free(msg);
-
- if (rc < 0) {
- ALOGE("failed to send cmd (%d) to %s: %s\n", cmd, KEYMASTER_PORT, strerror(errno));
- return -errno;
- }
- size_t out_max_size = *out_size;
- *out_size = 0;
- struct iovec iov[2];
- struct keymaster_message header;
- iov[0] = {.iov_base = &header, .iov_len = sizeof(struct keymaster_message)};
- while (true) {
- iov[1] = {
- .iov_base = out + *out_size,
- .iov_len = std::min<uint32_t>(KEYMASTER_MAX_BUFFER_LENGTH, out_max_size - *out_size)};
- rc = readv(handle_, iov, 2);
- if (rc < 0) {
- ALOGE("failed to retrieve response for cmd (%d) to %s: %s\n", cmd, KEYMASTER_PORT,
- strerror(errno));
- return -errno;
- }
-
- if ((size_t)rc < sizeof(struct keymaster_message)) {
- ALOGE("invalid response size (%d)\n", (int)rc);
- return -EINVAL;
- }
-
- if ((cmd | KEYMASTER_RESP_BIT) != (header.cmd & ~(KEYMASTER_STOP_BIT))) {
- ALOGE("invalid command (%d)", header.cmd);
- return -EINVAL;
- }
- *out_size += ((size_t)rc - sizeof(struct keymaster_message));
- if (header.cmd & KEYMASTER_STOP_BIT) {
- break;
- }
- }
-
- return rc;
-}
-
-void trusty_keymaster_disconnect() {
- if (handle_ >= 0) {
- tipc_close(handle_);
- }
- handle_ = -1;
-}
diff --git a/trusty/keymaster/trusty_keymaster_main.cpp b/trusty/keymaster/trusty_keymaster_main.cpp
deleted file mode 100644
index ed78b7f..0000000
--- a/trusty/keymaster/trusty_keymaster_main.cpp
+++ /dev/null
@@ -1,401 +0,0 @@
-/*
- * Copyright 2014 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <keymaster/keymaster_configuration.h>
-
-#include <stdio.h>
-#include <memory>
-
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-#include "trusty_keymaster_device.h"
-
-using keymaster::TrustyKeymasterDevice;
-
-unsigned char rsa_privkey_pk8_der[] = {
- 0x30, 0x82, 0x02, 0x75, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
- 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x5f, 0x30, 0x82, 0x02, 0x5b, 0x02, 0x01,
- 0x00, 0x02, 0x81, 0x81, 0x00, 0xc6, 0x09, 0x54, 0x09, 0x04, 0x7d, 0x86, 0x34, 0x81, 0x2d, 0x5a,
- 0x21, 0x81, 0x76, 0xe4, 0x5c, 0x41, 0xd6, 0x0a, 0x75, 0xb1, 0x39, 0x01, 0xf2, 0x34, 0x22, 0x6c,
- 0xff, 0xe7, 0x76, 0x52, 0x1c, 0x5a, 0x77, 0xb9, 0xe3, 0x89, 0x41, 0x7b, 0x71, 0xc0, 0xb6, 0xa4,
- 0x4d, 0x13, 0xaf, 0xe4, 0xe4, 0xa2, 0x80, 0x5d, 0x46, 0xc9, 0xda, 0x29, 0x35, 0xad, 0xb1, 0xff,
- 0x0c, 0x1f, 0x24, 0xea, 0x06, 0xe6, 0x2b, 0x20, 0xd7, 0x76, 0x43, 0x0a, 0x4d, 0x43, 0x51, 0x57,
- 0x23, 0x3c, 0x6f, 0x91, 0x67, 0x83, 0xc3, 0x0e, 0x31, 0x0f, 0xcb, 0xd8, 0x9b, 0x85, 0xc2, 0xd5,
- 0x67, 0x71, 0x16, 0x97, 0x85, 0xac, 0x12, 0xbc, 0xa2, 0x44, 0xab, 0xda, 0x72, 0xbf, 0xb1, 0x9f,
- 0xc4, 0x4d, 0x27, 0xc8, 0x1e, 0x1d, 0x92, 0xde, 0x28, 0x4f, 0x40, 0x61, 0xed, 0xfd, 0x99, 0x28,
- 0x07, 0x45, 0xea, 0x6d, 0x25, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x1b, 0xe0, 0xf0,
- 0x4d, 0x9c, 0xae, 0x37, 0x18, 0x69, 0x1f, 0x03, 0x53, 0x38, 0x30, 0x8e, 0x91, 0x56, 0x4b, 0x55,
- 0x89, 0x9f, 0xfb, 0x50, 0x84, 0xd2, 0x46, 0x0e, 0x66, 0x30, 0x25, 0x7e, 0x05, 0xb3, 0xce, 0xab,
- 0x02, 0x97, 0x2d, 0xfa, 0xbc, 0xd6, 0xce, 0x5f, 0x6e, 0xe2, 0x58, 0x9e, 0xb6, 0x79, 0x11, 0xed,
- 0x0f, 0xac, 0x16, 0xe4, 0x3a, 0x44, 0x4b, 0x8c, 0x86, 0x1e, 0x54, 0x4a, 0x05, 0x93, 0x36, 0x57,
- 0x72, 0xf8, 0xba, 0xf6, 0xb2, 0x2f, 0xc9, 0xe3, 0xc5, 0xf1, 0x02, 0x4b, 0x06, 0x3a, 0xc0, 0x80,
- 0xa7, 0xb2, 0x23, 0x4c, 0xf8, 0xae, 0xe8, 0xf6, 0xc4, 0x7b, 0xbf, 0x4f, 0xd3, 0xac, 0xe7, 0x24,
- 0x02, 0x90, 0xbe, 0xf1, 0x6c, 0x0b, 0x3f, 0x7f, 0x3c, 0xdd, 0x64, 0xce, 0x3a, 0xb5, 0x91, 0x2c,
- 0xf6, 0xe3, 0x2f, 0x39, 0xab, 0x18, 0x83, 0x58, 0xaf, 0xcc, 0xcd, 0x80, 0x81, 0x02, 0x41, 0x00,
- 0xe4, 0xb4, 0x9e, 0xf5, 0x0f, 0x76, 0x5d, 0x3b, 0x24, 0xdd, 0xe0, 0x1a, 0xce, 0xaa, 0xf1, 0x30,
- 0xf2, 0xc7, 0x66, 0x70, 0xa9, 0x1a, 0x61, 0xae, 0x08, 0xaf, 0x49, 0x7b, 0x4a, 0x82, 0xbe, 0x6d,
- 0xee, 0x8f, 0xcd, 0xd5, 0xe3, 0xf7, 0xba, 0x1c, 0xfb, 0x1f, 0x0c, 0x92, 0x6b, 0x88, 0xf8, 0x8c,
- 0x92, 0xbf, 0xab, 0x13, 0x7f, 0xba, 0x22, 0x85, 0x22, 0x7b, 0x83, 0xc3, 0x42, 0xff, 0x7c, 0x55,
- 0x02, 0x41, 0x00, 0xdd, 0xab, 0xb5, 0x83, 0x9c, 0x4c, 0x7f, 0x6b, 0xf3, 0xd4, 0x18, 0x32, 0x31,
- 0xf0, 0x05, 0xb3, 0x1a, 0xa5, 0x8a, 0xff, 0xdd, 0xa5, 0xc7, 0x9e, 0x4c, 0xce, 0x21, 0x7f, 0x6b,
- 0xc9, 0x30, 0xdb, 0xe5, 0x63, 0xd4, 0x80, 0x70, 0x6c, 0x24, 0xe9, 0xeb, 0xfc, 0xab, 0x28, 0xa6,
- 0xcd, 0xef, 0xd3, 0x24, 0xb7, 0x7e, 0x1b, 0xf7, 0x25, 0x1b, 0x70, 0x90, 0x92, 0xc2, 0x4f, 0xf5,
- 0x01, 0xfd, 0x91, 0x02, 0x40, 0x23, 0xd4, 0x34, 0x0e, 0xda, 0x34, 0x45, 0xd8, 0xcd, 0x26, 0xc1,
- 0x44, 0x11, 0xda, 0x6f, 0xdc, 0xa6, 0x3c, 0x1c, 0xcd, 0x4b, 0x80, 0xa9, 0x8a, 0xd5, 0x2b, 0x78,
- 0xcc, 0x8a, 0xd8, 0xbe, 0xb2, 0x84, 0x2c, 0x1d, 0x28, 0x04, 0x05, 0xbc, 0x2f, 0x6c, 0x1b, 0xea,
- 0x21, 0x4a, 0x1d, 0x74, 0x2a, 0xb9, 0x96, 0xb3, 0x5b, 0x63, 0xa8, 0x2a, 0x5e, 0x47, 0x0f, 0xa8,
- 0x8d, 0xbf, 0x82, 0x3c, 0xdd, 0x02, 0x40, 0x1b, 0x7b, 0x57, 0x44, 0x9a, 0xd3, 0x0d, 0x15, 0x18,
- 0x24, 0x9a, 0x5f, 0x56, 0xbb, 0x98, 0x29, 0x4d, 0x4b, 0x6a, 0xc1, 0x2f, 0xfc, 0x86, 0x94, 0x04,
- 0x97, 0xa5, 0xa5, 0x83, 0x7a, 0x6c, 0xf9, 0x46, 0x26, 0x2b, 0x49, 0x45, 0x26, 0xd3, 0x28, 0xc1,
- 0x1e, 0x11, 0x26, 0x38, 0x0f, 0xde, 0x04, 0xc2, 0x4f, 0x91, 0x6d, 0xec, 0x25, 0x08, 0x92, 0xdb,
- 0x09, 0xa6, 0xd7, 0x7c, 0xdb, 0xa3, 0x51, 0x02, 0x40, 0x77, 0x62, 0xcd, 0x8f, 0x4d, 0x05, 0x0d,
- 0xa5, 0x6b, 0xd5, 0x91, 0xad, 0xb5, 0x15, 0xd2, 0x4d, 0x7c, 0xcd, 0x32, 0xcc, 0xa0, 0xd0, 0x5f,
- 0x86, 0x6d, 0x58, 0x35, 0x14, 0xbd, 0x73, 0x24, 0xd5, 0xf3, 0x36, 0x45, 0xe8, 0xed, 0x8b, 0x4a,
- 0x1c, 0xb3, 0xcc, 0x4a, 0x1d, 0x67, 0x98, 0x73, 0x99, 0xf2, 0xa0, 0x9f, 0x5b, 0x3f, 0xb6, 0x8c,
- 0x88, 0xd5, 0xe5, 0xd9, 0x0a, 0xc3, 0x34, 0x92, 0xd6};
-unsigned int rsa_privkey_pk8_der_len = 633;
-
-unsigned char dsa_privkey_pk8_der[] = {
- 0x30, 0x82, 0x01, 0x4b, 0x02, 0x01, 0x00, 0x30, 0x82, 0x01, 0x2b, 0x06, 0x07, 0x2a, 0x86, 0x48,
- 0xce, 0x38, 0x04, 0x01, 0x30, 0x82, 0x01, 0x1e, 0x02, 0x81, 0x81, 0x00, 0xa3, 0xf3, 0xe9, 0xb6,
- 0x7e, 0x7d, 0x88, 0xf6, 0xb7, 0xe5, 0xf5, 0x1f, 0x3b, 0xee, 0xac, 0xd7, 0xad, 0xbc, 0xc9, 0xd1,
- 0x5a, 0xf8, 0x88, 0xc4, 0xef, 0x6e, 0x3d, 0x74, 0x19, 0x74, 0xe7, 0xd8, 0xe0, 0x26, 0x44, 0x19,
- 0x86, 0xaf, 0x19, 0xdb, 0x05, 0xe9, 0x3b, 0x8b, 0x58, 0x58, 0xde, 0xe5, 0x4f, 0x48, 0x15, 0x01,
- 0xea, 0xe6, 0x83, 0x52, 0xd7, 0xc1, 0x21, 0xdf, 0xb9, 0xb8, 0x07, 0x66, 0x50, 0xfb, 0x3a, 0x0c,
- 0xb3, 0x85, 0xee, 0xbb, 0x04, 0x5f, 0xc2, 0x6d, 0x6d, 0x95, 0xfa, 0x11, 0x93, 0x1e, 0x59, 0x5b,
- 0xb1, 0x45, 0x8d, 0xe0, 0x3d, 0x73, 0xaa, 0xf2, 0x41, 0x14, 0x51, 0x07, 0x72, 0x3d, 0xa2, 0xf7,
- 0x58, 0xcd, 0x11, 0xa1, 0x32, 0xcf, 0xda, 0x42, 0xb7, 0xcc, 0x32, 0x80, 0xdb, 0x87, 0x82, 0xec,
- 0x42, 0xdb, 0x5a, 0x55, 0x24, 0x24, 0xa2, 0xd1, 0x55, 0x29, 0xad, 0xeb, 0x02, 0x15, 0x00, 0xeb,
- 0xea, 0x17, 0xd2, 0x09, 0xb3, 0xd7, 0x21, 0x9a, 0x21, 0x07, 0x82, 0x8f, 0xab, 0xfe, 0x88, 0x71,
- 0x68, 0xf7, 0xe3, 0x02, 0x81, 0x80, 0x19, 0x1c, 0x71, 0xfd, 0xe0, 0x03, 0x0c, 0x43, 0xd9, 0x0b,
- 0xf6, 0xcd, 0xd6, 0xa9, 0x70, 0xe7, 0x37, 0x86, 0x3a, 0x78, 0xe9, 0xa7, 0x47, 0xa7, 0x47, 0x06,
- 0x88, 0xb1, 0xaf, 0xd7, 0xf3, 0xf1, 0xa1, 0xd7, 0x00, 0x61, 0x28, 0x88, 0x31, 0x48, 0x60, 0xd8,
- 0x11, 0xef, 0xa5, 0x24, 0x1a, 0x81, 0xc4, 0x2a, 0xe2, 0xea, 0x0e, 0x36, 0xd2, 0xd2, 0x05, 0x84,
- 0x37, 0xcf, 0x32, 0x7d, 0x09, 0xe6, 0x0f, 0x8b, 0x0c, 0xc8, 0xc2, 0xa4, 0xb1, 0xdc, 0x80, 0xca,
- 0x68, 0xdf, 0xaf, 0xd2, 0x90, 0xc0, 0x37, 0x58, 0x54, 0x36, 0x8f, 0x49, 0xb8, 0x62, 0x75, 0x8b,
- 0x48, 0x47, 0xc0, 0xbe, 0xf7, 0x9a, 0x92, 0xa6, 0x68, 0x05, 0xda, 0x9d, 0xaf, 0x72, 0x9a, 0x67,
- 0xb3, 0xb4, 0x14, 0x03, 0xae, 0x4f, 0x4c, 0x76, 0xb9, 0xd8, 0x64, 0x0a, 0xba, 0x3b, 0xa8, 0x00,
- 0x60, 0x4d, 0xae, 0x81, 0xc3, 0xc5, 0x04, 0x17, 0x02, 0x15, 0x00, 0x81, 0x9d, 0xfd, 0x53, 0x0c,
- 0xc1, 0x8f, 0xbe, 0x8b, 0xea, 0x00, 0x26, 0x19, 0x29, 0x33, 0x91, 0x84, 0xbe, 0xad, 0x81};
-unsigned int dsa_privkey_pk8_der_len = 335;
-
-unsigned char ec_privkey_pk8_der[] = {
- 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
- 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02,
- 0x01, 0x01, 0x04, 0x20, 0x73, 0x7c, 0x2e, 0xcd, 0x7b, 0x8d, 0x19, 0x40, 0xbf, 0x29, 0x30, 0xaa,
- 0x9b, 0x4e, 0xd3, 0xff, 0x94, 0x1e, 0xed, 0x09, 0x36, 0x6b, 0xc0, 0x32, 0x99, 0x98, 0x64, 0x81,
- 0xf3, 0xa4, 0xd8, 0x59, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xbf, 0x85, 0xd7, 0x72, 0x0d, 0x07,
- 0xc2, 0x54, 0x61, 0x68, 0x3b, 0xc6, 0x48, 0xb4, 0x77, 0x8a, 0x9a, 0x14, 0xdd, 0x8a, 0x02, 0x4e,
- 0x3b, 0xdd, 0x8c, 0x7d, 0xdd, 0x9a, 0xb2, 0xb5, 0x28, 0xbb, 0xc7, 0xaa, 0x1b, 0x51, 0xf1, 0x4e,
- 0xbb, 0xbb, 0x0b, 0xd0, 0xce, 0x21, 0xbc, 0xc4, 0x1c, 0x6e, 0xb0, 0x00, 0x83, 0xcf, 0x33, 0x76,
- 0xd1, 0x1f, 0xd4, 0x49, 0x49, 0xe0, 0xb2, 0x18, 0x3b, 0xfe};
-unsigned int ec_privkey_pk8_der_len = 138;
-
-keymaster_key_param_t ec_params[] = {
- keymaster_param_enum(KM_TAG_ALGORITHM, KM_ALGORITHM_EC),
- keymaster_param_long(KM_TAG_EC_CURVE, KM_EC_CURVE_P_521),
- keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_SIGN),
- keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_VERIFY),
- keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
- keymaster_param_bool(KM_TAG_NO_AUTH_REQUIRED),
-};
-keymaster_key_param_set_t ec_param_set = {ec_params, sizeof(ec_params) / sizeof(*ec_params)};
-
-keymaster_key_param_t rsa_params[] = {
- keymaster_param_enum(KM_TAG_ALGORITHM, KM_ALGORITHM_RSA),
- keymaster_param_int(KM_TAG_KEY_SIZE, 1024),
- keymaster_param_long(KM_TAG_RSA_PUBLIC_EXPONENT, 65537),
- keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_SIGN),
- keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_VERIFY),
- keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
- keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
- keymaster_param_bool(KM_TAG_NO_AUTH_REQUIRED),
-};
-keymaster_key_param_set_t rsa_param_set = {rsa_params, sizeof(rsa_params) / sizeof(*rsa_params)};
-
-struct EVP_PKEY_Delete {
- void operator()(EVP_PKEY* p) const { EVP_PKEY_free(p); }
-};
-
-struct EVP_PKEY_CTX_Delete {
- void operator()(EVP_PKEY_CTX* p) { EVP_PKEY_CTX_free(p); }
-};
-
-static bool do_operation(TrustyKeymasterDevice* device, keymaster_purpose_t purpose,
- keymaster_key_blob_t* key, keymaster_blob_t* input,
- keymaster_blob_t* signature, keymaster_blob_t* output) {
- keymaster_key_param_t params[] = {
- keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
- keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
- };
- keymaster_key_param_set_t param_set = {params, sizeof(params) / sizeof(*params)};
- keymaster_operation_handle_t op_handle;
- keymaster_error_t error = device->begin(purpose, key, ¶m_set, nullptr, &op_handle);
- if (error != KM_ERROR_OK) {
- printf("Keymaster begin() failed: %d\n", error);
- return false;
- }
- size_t input_consumed;
- error = device->update(op_handle, nullptr, input, &input_consumed, nullptr, nullptr);
- if (error != KM_ERROR_OK) {
- printf("Keymaster update() failed: %d\n", error);
- return false;
- }
- if (input_consumed != input->data_length) {
- // This should never happen. If it does, it's a bug in the keymaster implementation.
- printf("Keymaster update() did not consume all data.\n");
- device->abort(op_handle);
- return false;
- }
- error = device->finish(op_handle, nullptr, nullptr, signature, nullptr, output);
- if (error != KM_ERROR_OK) {
- printf("Keymaster finish() failed: %d\n", error);
- return false;
- }
- return true;
-}
-
-static bool test_import_rsa(TrustyKeymasterDevice* device) {
- printf("===================\n");
- printf("= RSA Import Test =\n");
- printf("===================\n\n");
-
- printf("=== Importing RSA keypair === \n");
- keymaster_key_blob_t key;
- keymaster_blob_t private_key = {rsa_privkey_pk8_der, rsa_privkey_pk8_der_len};
- int error = device->import_key(&rsa_param_set, KM_KEY_FORMAT_PKCS8, &private_key, &key, nullptr);
- if (error != KM_ERROR_OK) {
- printf("Error importing RSA key: %d\n\n", error);
- return false;
- }
- std::unique_ptr<const uint8_t[]> key_deleter(key.key_material);
-
- printf("=== Signing with imported RSA key ===\n");
- size_t message_len = 1024 / 8;
- std::unique_ptr<uint8_t[]> message(new uint8_t[message_len]);
- memset(message.get(), 'a', message_len);
- keymaster_blob_t input = {message.get(), message_len}, signature;
-
- if (!do_operation(device, KM_PURPOSE_SIGN, &key, &input, nullptr, &signature)) {
- printf("Error signing data with imported RSA key\n\n");
- return false;
- }
- std::unique_ptr<const uint8_t[]> signature_deleter(signature.data);
-
- printf("=== Verifying with imported RSA key === \n");
- if (!do_operation(device, KM_PURPOSE_VERIFY, &key, &input, &signature, nullptr)) {
- printf("Error verifying data with imported RSA key\n\n");
- return false;
- }
-
- printf("\n");
- return true;
-}
-
-static bool test_rsa(TrustyKeymasterDevice* device) {
- printf("============\n");
- printf("= RSA Test =\n");
- printf("============\n\n");
-
- printf("=== Generating RSA key pair ===\n");
- keymaster_key_blob_t key;
- int error = device->generate_key(&rsa_param_set, &key, nullptr);
- if (error != KM_ERROR_OK) {
- printf("Error generating RSA key pair: %d\n\n", error);
- return false;
- }
- std::unique_ptr<const uint8_t[]> key_deleter(key.key_material);
-
- printf("=== Signing with RSA key === \n");
- size_t message_len = 1024 / 8;
- std::unique_ptr<uint8_t[]> message(new uint8_t[message_len]);
- memset(message.get(), 'a', message_len);
- keymaster_blob_t input = {message.get(), message_len}, signature;
-
- if (!do_operation(device, KM_PURPOSE_SIGN, &key, &input, nullptr, &signature)) {
- printf("Error signing data with RSA key\n\n");
- return false;
- }
- std::unique_ptr<const uint8_t[]> signature_deleter(signature.data);
-
- printf("=== Verifying with RSA key === \n");
- if (!do_operation(device, KM_PURPOSE_VERIFY, &key, &input, &signature, nullptr)) {
- printf("Error verifying data with RSA key\n\n");
- return false;
- }
-
- printf("=== Exporting RSA public key ===\n");
- keymaster_blob_t exported_key;
- error = device->export_key(KM_KEY_FORMAT_X509, &key, nullptr, nullptr, &exported_key);
- if (error != KM_ERROR_OK) {
- printf("Error exporting RSA public key: %d\n\n", error);
- return false;
- }
-
- printf("=== Verifying with exported key ===\n");
- const uint8_t* tmp = exported_key.data;
- std::unique_ptr<EVP_PKEY, EVP_PKEY_Delete> pkey(
- d2i_PUBKEY(NULL, &tmp, exported_key.data_length));
- std::unique_ptr<EVP_PKEY_CTX, EVP_PKEY_CTX_Delete> ctx(EVP_PKEY_CTX_new(pkey.get(), NULL));
- if (EVP_PKEY_verify_init(ctx.get()) != 1) {
- printf("Error initializing openss EVP context\n\n");
- return false;
- }
- if (EVP_PKEY_type(pkey->type) != EVP_PKEY_RSA) {
- printf("Exported key was the wrong type?!?\n\n");
- return false;
- }
-
- EVP_PKEY_CTX_set_rsa_padding(ctx.get(), RSA_NO_PADDING);
- if (EVP_PKEY_verify(ctx.get(), signature.data, signature.data_length, message.get(),
- message_len) != 1) {
- printf("Verification with exported pubkey failed.\n\n");
- return false;
- } else {
- printf("Verification succeeded\n");
- }
-
- printf("\n");
- return true;
-}
-
-static bool test_import_ecdsa(TrustyKeymasterDevice* device) {
- printf("=====================\n");
- printf("= ECDSA Import Test =\n");
- printf("=====================\n\n");
-
- printf("=== Importing ECDSA keypair === \n");
- keymaster_key_blob_t key;
- keymaster_blob_t private_key = {ec_privkey_pk8_der, ec_privkey_pk8_der_len};
- int error = device->import_key(&ec_param_set, KM_KEY_FORMAT_PKCS8, &private_key, &key, nullptr);
- if (error != KM_ERROR_OK) {
- printf("Error importing ECDSA key: %d\n\n", error);
- return false;
- }
- std::unique_ptr<const uint8_t[]> deleter(key.key_material);
-
- printf("=== Signing with imported ECDSA key ===\n");
- size_t message_len = 30 /* arbitrary */;
- std::unique_ptr<uint8_t[]> message(new uint8_t[message_len]);
- memset(message.get(), 'a', message_len);
- keymaster_blob_t input = {message.get(), message_len}, signature;
-
- if (!do_operation(device, KM_PURPOSE_SIGN, &key, &input, nullptr, &signature)) {
- printf("Error signing data with imported ECDSA key\n\n");
- return false;
- }
- std::unique_ptr<const uint8_t[]> signature_deleter(signature.data);
-
- printf("=== Verifying with imported ECDSA key === \n");
- if (!do_operation(device, KM_PURPOSE_VERIFY, &key, &input, &signature, nullptr)) {
- printf("Error verifying data with imported ECDSA key\n\n");
- return false;
- }
-
- printf("\n");
- return true;
-}
-
-static bool test_ecdsa(TrustyKeymasterDevice* device) {
- printf("==============\n");
- printf("= ECDSA Test =\n");
- printf("==============\n\n");
-
- printf("=== Generating ECDSA key pair ===\n");
- keymaster_key_blob_t key;
- int error = device->generate_key(&ec_param_set, &key, nullptr);
- if (error != KM_ERROR_OK) {
- printf("Error generating ECDSA key pair: %d\n\n", error);
- return false;
- }
- std::unique_ptr<const uint8_t[]> key_deleter(key.key_material);
-
- printf("=== Signing with ECDSA key === \n");
- size_t message_len = 30 /* arbitrary */;
- std::unique_ptr<uint8_t[]> message(new uint8_t[message_len]);
- memset(message.get(), 'a', message_len);
- keymaster_blob_t input = {message.get(), message_len}, signature;
-
- if (!do_operation(device, KM_PURPOSE_SIGN, &key, &input, nullptr, &signature)) {
- printf("Error signing data with ECDSA key\n\n");
- return false;
- }
- std::unique_ptr<const uint8_t[]> signature_deleter(signature.data);
-
- printf("=== Verifying with ECDSA key === \n");
- if (!do_operation(device, KM_PURPOSE_VERIFY, &key, &input, &signature, nullptr)) {
- printf("Error verifying data with ECDSA key\n\n");
- return false;
- }
-
- printf("=== Exporting ECDSA public key ===\n");
- keymaster_blob_t exported_key;
- error = device->export_key(KM_KEY_FORMAT_X509, &key, nullptr, nullptr, &exported_key);
- if (error != KM_ERROR_OK) {
- printf("Error exporting ECDSA public key: %d\n\n", error);
- return false;
- }
-
- printf("=== Verifying with exported key ===\n");
- const uint8_t* tmp = exported_key.data;
- std::unique_ptr<EVP_PKEY, EVP_PKEY_Delete> pkey(
- d2i_PUBKEY(NULL, &tmp, exported_key.data_length));
- std::unique_ptr<EVP_PKEY_CTX, EVP_PKEY_CTX_Delete> ctx(EVP_PKEY_CTX_new(pkey.get(), NULL));
- if (EVP_PKEY_verify_init(ctx.get()) != 1) {
- printf("Error initializing openssl EVP context\n\n");
- return false;
- }
- if (EVP_PKEY_type(pkey->type) != EVP_PKEY_EC) {
- printf("Exported key was the wrong type?!?\n\n");
- return false;
- }
-
- if (EVP_PKEY_verify(ctx.get(), signature.data, signature.data_length, message.get(),
- message_len) != 1) {
- printf("Verification with exported pubkey failed.\n\n");
- return false;
- } else {
- printf("Verification succeeded\n");
- }
-
- printf("\n");
- return true;
-}
-
-int main(void) {
- TrustyKeymasterDevice device(NULL);
- keymaster::ConfigureDevice(reinterpret_cast<keymaster2_device_t*>(&device));
- if (device.session_error() != KM_ERROR_OK) {
- printf("Failed to initialize Trusty session: %d\n", device.session_error());
- return 1;
- }
- printf("Trusty session initialized\n");
-
- bool success = true;
- success &= test_rsa(&device);
- success &= test_import_rsa(&device);
- success &= test_ecdsa(&device);
- success &= test_import_ecdsa(&device);
-
- if (success) {
- printf("\nTESTS PASSED!\n");
- } else {
- printf("\n!!!!TESTS FAILED!!!\n");
- }
-
- return success ? 0 : 1;
-}
diff --git a/trusty/trusty-base.mk b/trusty/trusty-base.mk
index 9c3a7df..0a0ecec 100644
--- a/trusty/trusty-base.mk
+++ b/trusty/trusty-base.mk
@@ -20,7 +20,7 @@
#
PRODUCT_PACKAGES += \
- keystore.trusty \
+ android.hardware.keymaster@3.0-service.trusty \
gatekeeper.trusty
PRODUCT_PROPERTY_OVERRIDES += \