Merge changes I7cbc8fda,Ibb7cf4b1
* changes:
liblog: test: security buffer is allowed to be denied
liblog: test: do not LOG in signal handler
diff --git a/bootstat/Android.mk b/bootstat/Android.mk
index c6349c1..3d02752 100644
--- a/bootstat/Android.mk
+++ b/bootstat/Android.mk
@@ -20,32 +20,33 @@
bootstat_lib_src_files := \
boot_event_record_store.cpp \
- event_log_list_builder.cpp
+ event_log_list_builder.cpp \
+ uptime_parser.cpp \
bootstat_src_files := \
- bootstat.cpp
+ bootstat.cpp \
bootstat_test_src_files := \
boot_event_record_store_test.cpp \
event_log_list_builder_test.cpp \
- testrunner.cpp
+ testrunner.cpp \
bootstat_shared_libs := \
libbase \
libcutils \
- liblog
+ liblog \
bootstat_cflags := \
-Wall \
-Wextra \
- -Werror
+ -Werror \
bootstat_cppflags := \
- -Wno-non-virtual-dtor
+ -Wno-non-virtual-dtor \
bootstat_debug_cflags := \
$(bootstat_cflags) \
- -UNDEBUG
+ -UNDEBUG \
# 524291 corresponds to sysui_histogram, from
# frameworks/base/core/java/com/android/internal/logging/EventLogTags.logtags
diff --git a/bootstat/boot_event_record_store.cpp b/bootstat/boot_event_record_store.cpp
index 8282b40..40254f8 100644
--- a/bootstat/boot_event_record_store.cpp
+++ b/bootstat/boot_event_record_store.cpp
@@ -24,6 +24,7 @@
#include <utility>
#include <android-base/file.h>
#include <android-base/logging.h>
+#include "uptime_parser.h"
namespace {
@@ -51,14 +52,7 @@
}
void BootEventRecordStore::AddBootEvent(const std::string& event) {
- std::string uptime_str;
- if (!android::base::ReadFileToString("/proc/uptime", &uptime_str)) {
- LOG(ERROR) << "Failed to read /proc/uptime";
- }
-
- // Cast intentionally rounds down.
- int32_t uptime = static_cast<int32_t>(strtod(uptime_str.c_str(), NULL));
- AddBootEventWithValue(event, uptime);
+ AddBootEventWithValue(event, bootstat::ParseUptime());
}
// The implementation of AddBootEventValue makes use of the mtime file
diff --git a/bootstat/boot_event_record_store_test.cpp b/bootstat/boot_event_record_store_test.cpp
index 0d7bbb0..343f9d0 100644
--- a/bootstat/boot_event_record_store_test.cpp
+++ b/bootstat/boot_event_record_store_test.cpp
@@ -25,6 +25,7 @@
#include <android-base/test_utils.h>
#include <gtest/gtest.h>
#include <gmock/gmock.h>
+#include "uptime_parser.h"
using testing::UnorderedElementsAreArray;
@@ -38,17 +39,6 @@
return (abs(a - b) <= FUZZ_SECONDS);
}
-// Returns the uptime as read from /proc/uptime, rounded down to an integer.
-int32_t ReadUptime() {
- std::string uptime_str;
- if (!android::base::ReadFileToString("/proc/uptime", &uptime_str)) {
- return -1;
- }
-
- // Cast to int to round down.
- return static_cast<int32_t>(strtod(uptime_str.c_str(), NULL));
-}
-
// Recursively deletes the directory at |path|.
void DeleteDirectory(const std::string& path) {
typedef std::unique_ptr<DIR, decltype(&closedir)> ScopedDIR;
@@ -110,7 +100,7 @@
BootEventRecordStore store;
store.SetStorePath(GetStorePathForTesting());
- int32_t uptime = ReadUptime();
+ time_t uptime = bootstat::ParseUptime();
ASSERT_NE(-1, uptime);
store.AddBootEvent("cenozoic");
@@ -125,7 +115,7 @@
BootEventRecordStore store;
store.SetStorePath(GetStorePathForTesting());
- int32_t uptime = ReadUptime();
+ time_t uptime = bootstat::ParseUptime();
ASSERT_NE(-1, uptime);
store.AddBootEvent("cretaceous");
diff --git a/bootstat/bootstat.cpp b/bootstat/bootstat.cpp
index c59a191..9214e6d 100644
--- a/bootstat/bootstat.cpp
+++ b/bootstat/bootstat.cpp
@@ -32,6 +32,7 @@
#include <log/log.h>
#include "boot_event_record_store.h"
#include "event_log_list_builder.h"
+#include "uptime_parser.h"
namespace {
@@ -174,6 +175,37 @@
return kUnknownBootReason;
}
+// Records several metrics related to the time it takes to boot the device,
+// including disambiguating boot time on encrypted or non-encrypted devices.
+void RecordBootComplete() {
+ BootEventRecordStore boot_event_store;
+ time_t uptime = bootstat::ParseUptime();
+
+ BootEventRecordStore::BootEventRecord record;
+
+ // post_decrypt_time_elapsed is only logged on encrypted devices.
+ if (boot_event_store.GetBootEvent("post_decrypt_time_elapsed", &record)) {
+ // Log the amount of time elapsed until the device is decrypted, which
+ // includes the variable amount of time the user takes to enter the
+ // decryption password.
+ boot_event_store.AddBootEventWithValue("boot_decryption_complete", uptime);
+
+ // Subtract the decryption time to normalize the boot cycle timing.
+ time_t boot_complete = uptime - record.second;
+ boot_event_store.AddBootEventWithValue("boot_complete_post_decrypt",
+ boot_complete);
+
+
+ } else {
+ boot_event_store.AddBootEventWithValue("boot_complete_no_encryption",
+ uptime);
+ }
+
+ // Record the total time from device startup to boot complete, regardless of
+ // encryption state.
+ boot_event_store.AddBootEventWithValue("boot_complete", uptime);
+}
+
// Records the boot_reason metric by querying the ro.boot.bootreason system
// property.
void RecordBootReason() {
@@ -229,6 +261,7 @@
LOG(INFO) << "Service started: " << cmd_line;
int option_index = 0;
+ static const char boot_complete_str[] = "record_boot_complete";
static const char boot_reason_str[] = "record_boot_reason";
static const char factory_reset_str[] = "record_time_since_factory_reset";
static const struct option long_options[] = {
@@ -236,6 +269,7 @@
{ "log", no_argument, NULL, 'l' },
{ "print", no_argument, NULL, 'p' },
{ "record", required_argument, NULL, 'r' },
+ { boot_complete_str, no_argument, NULL, 0 },
{ boot_reason_str, no_argument, NULL, 0 },
{ factory_reset_str, no_argument, NULL, 0 },
{ NULL, 0, NULL, 0 }
@@ -247,7 +281,9 @@
// This case handles long options which have no single-character mapping.
case 0: {
const std::string option_name = long_options[option_index].name;
- if (option_name == boot_reason_str) {
+ if (option_name == boot_complete_str) {
+ RecordBootComplete();
+ } else if (option_name == boot_reason_str) {
RecordBootReason();
} else if (option_name == factory_reset_str) {
RecordFactoryReset();
diff --git a/bootstat/bootstat.rc b/bootstat/bootstat.rc
index 3c20fc8..ba8f81c 100644
--- a/bootstat/bootstat.rc
+++ b/bootstat/bootstat.rc
@@ -3,6 +3,14 @@
on post-fs-data
mkdir /data/misc/bootstat 0700 root root
+# Record the time at which the user has successfully entered the pin to decrypt
+# the device, /data is decrypted, and the system is entering the main boot phase.
+#
+# post-fs-data: /data is writable
+# property:init.svc.bootanim=running: The boot animation is running
+on post-fs-data && property:init.svc.bootanim=running
+ exec - root root -- /system/bin/bootstat -r post_decrypt_time_elapsed
+
# The first marker, boot animation stopped, is considered the point at which
# the user may interact with the device, so it is a good proxy for the boot
# complete signal.
@@ -10,8 +18,8 @@
# The second marker ensures an encrypted device is decrypted before logging
# boot time data.
on property:init.svc.bootanim=stopped && property:vold.decrypt=trigger_restart_framework
- # Record boot_complete timing event.
- exec - root root -- /system/bin/bootstat -r boot_complete
+ # Record boot_complete and related stats (decryption, etc).
+ exec - root root -- /system/bin/bootstat --record_boot_complete
# Record the boot reason.
exec - root root -- /system/bin/bootstat --record_boot_reason
diff --git a/bootstat/uptime_parser.cpp b/bootstat/uptime_parser.cpp
new file mode 100644
index 0000000..7c2034c
--- /dev/null
+++ b/bootstat/uptime_parser.cpp
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "uptime_parser.h"
+
+#include <time.h>
+#include <cstdlib>
+#include <string>
+#include <android-base/file.h>
+#include <android-base/logging.h>
+
+namespace bootstat {
+
+time_t ParseUptime() {
+ std::string uptime_str;
+ if (!android::base::ReadFileToString("/proc/uptime", &uptime_str)) {
+ PLOG(ERROR) << "Failed to read /proc/uptime";
+ return -1;
+ }
+
+ // Cast intentionally rounds down.
+ return static_cast<time_t>(strtod(uptime_str.c_str(), NULL));
+}
+
+} // namespace bootstat
\ No newline at end of file
diff --git a/bootstat/uptime_parser.h b/bootstat/uptime_parser.h
new file mode 100644
index 0000000..756ae9b
--- /dev/null
+++ b/bootstat/uptime_parser.h
@@ -0,0 +1,29 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef UPTIME_PARSER_H_
+#define UPTIME_PARSER_H_
+
+#include <time.h>
+
+namespace bootstat {
+
+// Returns the number of seconds the system has been on since reboot.
+time_t ParseUptime();
+
+} // namespace bootstat
+
+#endif // UPTIME_PARSER_H_
\ No newline at end of file
diff --git a/liblog/logprint.c b/liblog/logprint.c
index 19a3e27..02df8dd 100644
--- a/liblog/logprint.c
+++ b/liblog/logprint.c
@@ -1429,8 +1429,16 @@
* possibly causing heap corruption. To avoid this we double check and
* set the length at the maximum (size minus null byte)
*/
- prefixLen += MIN(len, sizeof(prefixBuf) - prefixLen);
- suffixLen = MIN(suffixLen, sizeof(suffixBuf));
+ prefixLen += len;
+ if (prefixLen >= sizeof(prefixBuf)) {
+ prefixLen = sizeof(prefixBuf) - 1;
+ prefixBuf[sizeof(prefixBuf) - 1] = '\0';
+ }
+ if (suffixLen >= sizeof(suffixBuf)) {
+ suffixLen = sizeof(suffixBuf) - 1;
+ suffixBuf[sizeof(suffixBuf) - 2] = '\n';
+ suffixBuf[sizeof(suffixBuf) - 1] = '\0';
+ }
/* the following code is tragically unreadable */
diff --git a/liblog/tests/liblog_test.cpp b/liblog/tests/liblog_test.cpp
index 956b76c..2767f73 100644
--- a/liblog/tests/liblog_test.cpp
+++ b/liblog/tests/liblog_test.cpp
@@ -1019,6 +1019,60 @@
EXPECT_LE(SIZEOF_MAX_PAYLOAD_BUF, static_cast<size_t>(max_len));
}
+TEST(liblog, __android_log_buf_print__maxtag) {
+ struct logger_list *logger_list;
+
+ pid_t pid = getpid();
+
+ ASSERT_TRUE(NULL != (logger_list = android_logger_list_open(
+ LOG_ID_MAIN, ANDROID_LOG_RDONLY | ANDROID_LOG_NONBLOCK, 1000, pid)));
+
+ log_time ts(android_log_clockid());
+
+ EXPECT_LT(0, __android_log_buf_print(LOG_ID_MAIN, ANDROID_LOG_INFO,
+ max_payload_buf, max_payload_buf));
+ usleep(1000000);
+
+ int count = 0;
+
+ for (;;) {
+ log_msg log_msg;
+ if (android_logger_list_read(logger_list, &log_msg) <= 0) {
+ break;
+ }
+
+ ASSERT_EQ(log_msg.entry.pid, pid);
+
+ if ((log_msg.entry.sec < (ts.tv_sec - 1))
+ || ((ts.tv_sec + 1) < log_msg.entry.sec)
+ || ((size_t)log_msg.entry.len < LOGGER_ENTRY_MAX_PAYLOAD)
+ || (log_msg.id() != LOG_ID_MAIN)) {
+ continue;
+ }
+
+ ++count;
+
+ AndroidLogFormat *logformat = android_log_format_new();
+ EXPECT_TRUE(NULL != logformat);
+ AndroidLogEntry entry;
+ int processLogBuffer = android_log_processLogBuffer(&log_msg.entry_v1,
+ &entry);
+ EXPECT_EQ(0, processLogBuffer);
+ if (processLogBuffer == 0) {
+ fflush(stderr);
+ int printLogLine =
+ android_log_printLogLine(logformat, fileno(stderr), &entry);
+ EXPECT_LE(128, printLogLine);
+ EXPECT_GT(LOGGER_ENTRY_MAX_PAYLOAD, printLogLine);
+ }
+ android_log_format_free(logformat);
+ }
+
+ EXPECT_EQ(1, count);
+
+ android_logger_list_close(logger_list);
+}
+
TEST(liblog, too_big_payload) {
pid_t pid = getpid();
static const char big_payload_tag[] = "TEST_big_payload_XXXX";
diff --git a/mkbootimg/bootimg.h b/mkbootimg/bootimg.h
index 5ab6195..60834fe 100644
--- a/mkbootimg/bootimg.h
+++ b/mkbootimg/bootimg.h
@@ -43,7 +43,14 @@
uint32_t tags_addr; /* physical addr for kernel tags */
uint32_t page_size; /* flash page size we assume */
- uint32_t unused[2]; /* future expansion: should be 0 */
+ uint32_t unused; /* reserved for future expansion: MUST be 0 */
+
+ /* operating system version and security patch level; for
+ * version "A.B.C" and patch level "Y-M-D":
+ * ver = A << 14 | B << 7 | C (7 bits for each of A, B, C)
+ * lvl = ((Y - 2000) & 127) << 4 | M (7 bits for Y, 4 bits for M)
+ * os_version = ver << 11 | lvl */
+ uint32_t os_version;
uint8_t name[BOOT_NAME_SIZE]; /* asciiz product name */
diff --git a/mkbootimg/mkbootimg b/mkbootimg/mkbootimg
index f95d703..7b04bcc 100755
--- a/mkbootimg/mkbootimg
+++ b/mkbootimg/mkbootimg
@@ -20,6 +20,7 @@
from struct import pack
from hashlib import sha1
import sys
+import re
def filesize(f):
if f is None:
@@ -47,7 +48,7 @@
def write_header(args):
BOOT_MAGIC = 'ANDROID!'.encode()
args.output.write(pack('8s', BOOT_MAGIC))
- args.output.write(pack('8I',
+ args.output.write(pack('10I',
filesize(args.kernel), # size in bytes
args.base + args.kernel_offset, # physical load addr
filesize(args.ramdisk), # size in bytes
@@ -55,8 +56,9 @@
filesize(args.second), # size in bytes
args.base + args.second_offset, # physical load addr
args.base + args.tags_offset, # physical addr for kernel tags
- args.pagesize)) # flash page size we assume
- args.output.write(pack('8x')) # future expansion: should be 0
+ args.pagesize, # flash page size we assume
+ 0, # future expansion: MUST be 0
+ (args.os_version << 11) | args.os_patch_level)) # os version and patch level
args.output.write(pack('16s', args.board.encode())) # asciiz product name
args.output.write(pack('512s', args.cmdline[:512].encode()))
@@ -97,6 +99,32 @@
def parse_int(x):
return int(x, 0)
+def parse_os_version(x):
+ match = re.search(r'^(\d{1,3})(?:\.(\d{1,3})(?:\.(\d{1,3}))?)?', x)
+ if match:
+ a = parse_int(match.group(1))
+ b = c = 0
+ if match.lastindex >= 2:
+ b = parse_int(match.group(2))
+ if match.lastindex == 3:
+ c = parse_int(match.group(3))
+ # 7 bits allocated for each field
+ assert a < 128
+ assert b < 128
+ assert c < 128
+ return (a << 14) | (b << 7) | c
+ return 0
+
+def parse_os_patch_level(x):
+ match = re.search(r'^(\d{4})-(\d{2})-(\d{2})', x)
+ if match:
+ y = parse_int(match.group(1)) - 2000
+ m = parse_int(match.group(2))
+ # 7 bits allocated for the year, 4 bits for the month
+ assert y >= 0 and y < 128
+ assert m > 0 and m <= 12
+ return (y << 4) | m
+ return 0
def parse_cmdline():
parser = ArgumentParser()
@@ -111,6 +139,10 @@
parser.add_argument('--ramdisk_offset', help='ramdisk offset', type=parse_int, default=0x01000000)
parser.add_argument('--second_offset', help='2nd bootloader offset', type=parse_int,
default=0x00f00000)
+ parser.add_argument('--os_version', help='operating system version', type=parse_os_version,
+ default=0)
+ parser.add_argument('--os_patch_level', help='operating system patch level',
+ type=parse_os_patch_level, default=0)
parser.add_argument('--tags_offset', help='tags offset', type=parse_int, default=0x00000100)
parser.add_argument('--board', help='board name', default='', action=ValidateStrLenAction,
maxlen=16)
diff --git a/rootdir/init-debug.rc b/rootdir/init-debug.rc
index 435d4cb..44d34d8 100644
--- a/rootdir/init-debug.rc
+++ b/rootdir/init-debug.rc
@@ -6,3 +6,6 @@
on property:persist.mmc.cache_size=*
write /sys/block/mmcblk0/cache_size ${persist.mmc.cache_size}
+
+on early-init
+ mount debugfs debugfs /sys/kernel/debug
diff --git a/trusty/nvram/Android.mk b/trusty/nvram/Android.mk
new file mode 100644
index 0000000..18c54d5
--- /dev/null
+++ b/trusty/nvram/Android.mk
@@ -0,0 +1,30 @@
+#
+# Copyright (C) 2016 The Android Open-Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+LOCAL_PATH := $(call my-dir)
+
+# nvram.trusty is the Trusty NVRAM HAL module.
+include $(CLEAR_VARS)
+LOCAL_MODULE := nvram.trusty
+LOCAL_MODULE_RELATIVE_PATH := hw
+LOCAL_SRC_FILES := \
+ module.c \
+ trusty_nvram_implementation.cpp
+LOCAL_MODULE_TAGS := optional
+LOCAL_CFLAGS := -Wall -Werror -Wextra -fvisibility=hidden
+LOCAL_STATIC_LIBRARIES := libnvram-hal
+LOCAL_SHARED_LIBRARIES := libtrusty libnvram-messages liblog
+include $(BUILD_SHARED_LIBRARY)
diff --git a/trusty/nvram/module.c b/trusty/nvram/module.c
new file mode 100644
index 0000000..06819c0
--- /dev/null
+++ b/trusty/nvram/module.c
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <hardware/nvram.h>
+
+// This function is defined in trusty_nvram_implementation.cpp.
+int trusty_nvram_open(const hw_module_t* module,
+ const char* device_id,
+ hw_device_t** device_ptr);
+
+static struct hw_module_methods_t nvram_module_methods = {
+ .open = trusty_nvram_open,
+};
+
+struct nvram_module HAL_MODULE_INFO_SYM
+ __attribute__((visibility("default"))) = {
+ .common = {.tag = HARDWARE_MODULE_TAG,
+ .module_api_version = NVRAM_MODULE_API_VERSION_0_1,
+ .hal_api_version = HARDWARE_HAL_API_VERSION,
+ .id = NVRAM_HARDWARE_MODULE_ID,
+ .name = "Trusty NVRAM HAL",
+ .author = "The Android Open Source Project",
+ .methods = &nvram_module_methods,
+ .dso = 0,
+ .reserved = {}},
+};
diff --git a/trusty/nvram/trusty_nvram_implementation.cpp b/trusty/nvram/trusty_nvram_implementation.cpp
new file mode 100644
index 0000000..39496b4
--- /dev/null
+++ b/trusty/nvram/trusty_nvram_implementation.cpp
@@ -0,0 +1,152 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <errno.h>
+#include <string.h>
+
+#include <hardware/nvram.h>
+#include <trusty/tipc.h>
+
+#define LOG_TAG "TrustyNVRAM"
+#include <log/log.h>
+
+#include <nvram/hal/nvram_device_adapter.h>
+#include <nvram/messages/blob.h>
+#include <nvram/messages/nvram_messages.h>
+
+namespace {
+
+// Character device to open for Trusty IPC connections.
+const char kTrustyDeviceName[] = "/dev/trusty-ipc-dev0";
+
+// App identifier of the NVRAM app.
+const char kTrustyNvramAppId[] = "com.android.trusty.nvram";
+
+// |TrustyNvramImplementation| proxies requests to the Trusty NVRAM app. It
+// serializes the request objects, sends it to the Trusty app and finally reads
+// back the result and decodes it.
+class TrustyNvramImplementation : public nvram::NvramImplementation {
+ public:
+ ~TrustyNvramImplementation() override;
+
+ void Execute(const nvram::Request& request,
+ nvram::Response* response) override;
+
+ private:
+ // Connects the IPC channel to the Trusty app if it is not already open.
+ // Returns true if the channel is open, false on errors.
+ bool Connect();
+
+ // Dispatches a command to the trust app. Returns true if successful (note
+ // that the response may still indicate an error on the Trusty side), false if
+ // there are any I/O or encoding/decoding errors.
+ bool SendRequest(const nvram::Request& request,
+ nvram::Response* response);
+
+ // The file descriptor for the IPC connection to the Trusty app.
+ int tipc_nvram_fd_ = -1;
+
+ // Response buffer. This puts a hard size limit on the responses from the
+ // Trusty app. 4096 matches the maximum IPC message size currently supported
+ // by Trusty.
+ uint8_t response_buffer_[4096];
+};
+
+TrustyNvramImplementation::~TrustyNvramImplementation() {
+ if (tipc_nvram_fd_ != -1) {
+ tipc_close(tipc_nvram_fd_);
+ tipc_nvram_fd_ = -1;
+ }
+}
+
+void TrustyNvramImplementation::Execute(const nvram::Request& request,
+ nvram::Response* response) {
+ if (!SendRequest(request, response)) {
+ response->result = NV_RESULT_INTERNAL_ERROR;
+ }
+}
+
+bool TrustyNvramImplementation::Connect() {
+ if (tipc_nvram_fd_ != -1) {
+ return true;
+ }
+
+ int rc = tipc_connect(kTrustyDeviceName, kTrustyNvramAppId);
+ if (rc < 0) {
+ ALOGE("Failed to connect to Trusty NVRAM app: %s\n", strerror(-rc));
+ return false;
+ }
+
+ tipc_nvram_fd_ = rc;
+ return true;
+}
+
+bool TrustyNvramImplementation::SendRequest(const nvram::Request& request,
+ nvram::Response* response) {
+ if (!Connect()) {
+ return false;
+ }
+
+ nvram::Blob request_buffer;
+ if (!nvram::Encode(request, &request_buffer)) {
+ ALOGE("Failed to encode NVRAM request.\n");
+ return false;
+ }
+
+ ssize_t rc =
+ write(tipc_nvram_fd_, request_buffer.data(), request_buffer.size());
+ if (rc < 0) {
+ ALOGE("Failed to send NVRAM request: %s\n", strerror(-rc));
+ return false;
+ }
+ if (static_cast<size_t>(rc) != request_buffer.size()) {
+ ALOGE("Failed to send full request buffer: %zd\n", rc);
+ return false;
+ }
+
+ rc = read(tipc_nvram_fd_, response_buffer_, sizeof(response_buffer_));
+ if (rc < 0) {
+ ALOGE("Failed to read NVRAM response: %s\n", strerror(-rc));
+ return false;
+ }
+
+ if (static_cast<size_t>(rc) >= sizeof(response_buffer_)) {
+ ALOGE("NVRAM response exceeds response buffer size.\n");
+ return false;
+ }
+
+ if (!nvram::Decode(response_buffer_, static_cast<size_t>(rc), response)) {
+ ALOGE("Failed to decode NVRAM response.\n");
+ return false;
+ }
+
+ return true;
+}
+
+} // namespace
+
+extern "C" int trusty_nvram_open(const hw_module_t* module,
+ const char* device_id,
+ hw_device_t** device_ptr) {
+ if (strcmp(NVRAM_HARDWARE_DEVICE_ID, device_id) != 0) {
+ return -EINVAL;
+ }
+
+ nvram::NvramDeviceAdapter* adapter =
+ new nvram::NvramDeviceAdapter(module, new TrustyNvramImplementation);
+ *device_ptr = adapter->as_device();
+ return 0;
+}